Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanDownloader:Win32/Adload.DA in Action Center


  • This topic is locked This topic is locked
36 replies to this topic

#1 Bill 0

Bill 0

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 28 June 2012 - 07:15 PM

Brief summary of events so far: (full details can be found at http://www.bleepingcomputer.com/forums/topic458055.html)

Got message in Window's Action center about the Trojan mentioned in the title. Worked with staff in A.I.I. including
Initial MBAM run that picked up a probably unrelated piece of malware.
Ran MiniToolBox scan
Had rkill repeatedly report various processes including:
C:\Users\root\AppData\Local\Temp\nsq68FC.tmp\PEV.DAT
C:\Users\root\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\SysWOW64\grpconv.exe

Was recommended to run DDS and GMER and post the logs here. As requested:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by root at 17:44:02 on 2012-06-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8181.5388 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} /* THIS WAS TURNED OFF ONLY FOR THE SCAN */
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} /* IT'S BACK ON NOW */
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dleecoms.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Palm\PDK\tcprelay.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IDXHlprObj Class: {31816979-f864-4acf-919f-d0b3b56432e6} - C:\Program Files (x86)\IDX Systems Corporation\Web Framework\IDXIEController.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628074507.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: DictateBHO: {e12a882b-f14f-4440-9bc0-84a5eb766605} - C:\Windows\Downloaded Program Files\DictateBar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: TouchWorks Dictate: {6f60c5c5-61b3-4378-8902-ed9497663ac9} - C:\Windows\Downloaded Program Files\DictateBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [UCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam\1.1"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [UpdateYouPaintShortCut] "C:\Program Files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouPaint" UpdateWithCreateOnce "Software\CyberLink

\YouPaint\1.2"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLTO~1.LNK - C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{2421B2BB-C09A-4594-842D-CA3ED17E946A}\Icon6560581611.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - /TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxps://emrwb.evms.edu/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} - hxxps://hrpacs.bshsi.org/ami/install/amiviewer.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxps://emrwb.evms.edu/Touchworks/DictationController.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXTools.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://emrwb.evms.edu/ahsweb/Touchworks/DictateBar.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxps://emrwb.evms.edu/ahsweb/TouchWorks/docworks/chworks/note/aic_viewer2.cab
DPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXWFCB.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EECF9899-FC3A-4841-986F-30B874921B36} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXBrowser.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}\1696E6C6F6F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}\3545D4E65647 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
AppInit_DLLs: PGPmapih.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli PGPpwflt
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: IDXHlprObj Class: {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files (x86)\IDX Systems Corporation\Web Framework\IDXIEController.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628074507.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: DictateBHO: {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\Windows\Downloaded Program Files\DictateBar.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: TouchWorks Dictate: {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\Windows\Downloaded Program Files\DictateBar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam

\1.1"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [UpdateYouPaintShortCut] "C:\Program Files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouPaint" UpdateWithCreateOnce "Software\CyberLink

\YouPaint\1.2"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: PGPmapih.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\c4rrb592.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Mozilla Plugins\npitunes.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/06/13 22:12:01];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-4-25 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-3-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-4 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-4 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NovacomD;Palm Novacom;C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe [2010-3-22 47616]
R2 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\Palm\PDK\tcprelay.exe [2010-6-16 11776]
R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-11-22 1588456]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-25 1692480]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 PsxDrv;PsxDrv;C:\Windows\system32\drivers\psxdrv.sys --> C:\Windows\system32\drivers\psxdrv.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_1628BCEA;CyberLink Product - 2012/06/13 22:11:55;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2012-6-13 240360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2011-1-6 45224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 136176]
S3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\system32\DRIVERS\bthprint.sys --> C:\Windows\system32\DRIVERS\bthprint.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-27 23:08:02 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-27 23:02:05 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-27 22:59:46 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-26 22:00:11 -------- d-----w- C:\Users\root\AppData\Roaming\Malwarebytes
2012-06-26 21:59:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-26 21:59:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-26 21:59:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 00:56:31 -------- d-----w- C:\Users\root\AppData\Roaming\Mael
2012-06-22 11:30:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 11:29:17 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 11:28:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 11:28:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-13 00:34:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-13 00:34:52 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-13 00:34:51 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 00:34:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 00:34:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 00:34:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 00:33:00 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-07 21:59:07 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 21:59:07 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-28 02:14:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 02:14:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-27 23:07:39 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-27 09:09:30 293736 ----a-w- C:\Program Files\iTunesOutlookAddIn.dll
2012-03-27 09:09:24 421736 ----a-w- C:\Program Files\iTunesHelper.exe
2012-03-27 09:09:22 156520 ----a-w- C:\Program Files\iTunesHelper.dll
2012-03-27 09:09:20 402792 ----a-w- C:\Program Files\iTunesAdmin.dll
2012-03-27 09:09:16 9777000 ----a-w- C:\Program Files\iTunes.exe
2012-03-27 09:09:06 21006696 ----a-w- C:\Program Files\iTunes.dll
2012-03-27 09:09:02 797208 ----a-w- C:\Program Files\gnsdk_sdkmanager.dll
2012-03-27 09:09:02 3029528 ----a-w- C:\Program Files\gnsdk_dsp.dll
2012-03-27 09:09:02 281112 ----a-w- C:\Program Files\gnsdk_submit.dll
2012-03-27 09:09:02 240152 ----a-w- C:\Program Files\gnsdk_musicid.dll
2012-03-07 00:44:32 112488 ----a-w- C:\Program Files\ITDetector.ocx
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 17:44:37.78 ===============

Attached File  Attach2.txt   16.01KB   0 downloads

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-28 18:14:08
Windows 6.1.7601 Service Pack 1
Running: qsv6l6ur.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a@001f7ea56b15 0xA9 0x02 0x6D 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a@001a8ad26f23 0xE4 0x0C 0x9B 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a@0800372bb913 0x32 0x56 0x42 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a@001dfe45c50f 0xA2 0xC5 0x77 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50631397329a@700514f89775 0x6F 0x14 0x2C 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a@001f7ea56b15 0xA9 0x02 0x6D 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a@001a8ad26f23 0xE4 0x0C 0x9B 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a@0800372bb913 0x32 0x56 0x42 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a@001dfe45c50f 0xA2 0xC5 0x77 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50631397329a@700514f89775 0x6F 0x14 0x2C 0xE3 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETY0CZKH\clock[1] 2087 bytes
File C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXXY2V1M\gap[2] 44 bytes

---- EOF - GMER 1.0.15 ----


Thanks in advance for your help

Bill

Edited by Bill 0, 28 June 2012 - 07:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 03 July 2012 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 03 July 2012 - 07:11 PM

OK, I ran combofix and the security scan as directed after disabling on access scanning and the firewall.

One odd thing -- combofix automatically rebooted the machine. When I logged back into my usual account (from which I ran combofix) it went into an endless loop of shell windows rapidly opening and closing. After a few minutes, I logged off and back on -- same thing. I rebooted the machine and logged back in -- same thing. I switched from my usual account to my administrator account, and after a few flickers, the combofix window opened and (presumably) completed running normally. I don't know if that changes the accuracy of the log file or not. Anyway here is the log file as requested:

ComboFix 12-07-02.01 - root 07/03/2012 19:18:17.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8181.6371 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL850A.tmp
c:\programdata\SPLC0E7.tmp
c:\programdata\SPLF03E.tmp
c:\users\Bill\AppData\Local\assembly\tmp
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{00DFAD9C-718D-48BC-81AF-2E73FD13D29C}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0668FBC8-AD7A-4CAA-8161-38180C659830}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0B4C0943-16E4-4315-867A-E5B7C32759E6}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{13629054-DD3D-46FB-B66A-C8588B0FBD95}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2761759C-38F8-415D-8641-D4EAD7DAAEC1}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{33548474-FC82-4F61-B073-98FCD70ADB7D}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3613A42A-85E6-4946-8580-1E6F842054EA}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3711CFFC-9DC5-4C40-9F7B-996D66010F62}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{37F8A610-CEF9-426C-93B2-BCB690E00747}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A990B85-36C4-4519-A6CD-A94612099456}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{503963EE-EF72-477E-8384-F7C2C7165A57}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50DE31E6-1233-416D-AE8C-7A0583BAFF51}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5A46249E-8DB0-489D-A904-1CFCE869665A}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5B981A46-9D9C-4879-96E7-F3693C75B15C}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{616168A0-40AA-4863-89F4-9C4D6A32B951}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62EFDF43-DECC-478D-84E5-0A160CA3276D}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{668237F1-B1FB-4706-91CF-2DD587C929F8}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C6D3EF5-18B0-4EAD-B739-E14F4A059161}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7415AC10-897A-45C5-A3C5-58A2448D4AC7}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81838EFF-99E7-4E73-A3A5-1A475ED250FF}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{819870A6-5157-4754-BA62-86E0EF58E591}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97B3328B-644B-4A19-9DCB-36886614ACD6}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A05C5126-CAF2-4F85-A6A8-2158FA42990B}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A698081C-A2CC-4B47-A6C1-1D29417B6141}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7437916-DA8B-4C83-B298-9C360F707BB7}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A78DCD24-832B-41CF-ADDD-18C2F4D0E77C}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AFF19753-D1FC-4C98-8C60-6D53EE98D8F5}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB20EC68-F855-45C2-9CD0-77FC463C3F30}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C108A84C-1685-4DC0-AD02-00E8858C05A1}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9A5451D-9616-4AC0-AC51-1AF271662D82}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0ED69EC-9332-43D5-99D6-522AE2A87FC6}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6D552F8-7840-428B-BF98-A5452242F92B}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8D7C761-66C2-49CF-947E-F750F46DA9B2}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E941D752-280D-4724-A022-61071C2EE122}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB807094-D0DC-45FF-834D-F2FA17620118}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF7384E5-5358-4847-809D-792CE77AA16A}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F6B375F6-7A5C-4FA4-9F78-71FB4ABD346D}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB2FB681-A453-4A72-92A7-08546D16776C}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FFAFD953-346A-48A9-9436-1E2AEB40B31F}.TIF
c:\users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\TempAnn.tmp
c:\users\Bill\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 23:26 . 2012-07-03 23:26 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-03 23:26 . 2012-07-03 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 23:26 . 2012-07-03 23:44 -------- d-----w- c:\users\root\AppData\Local\temp
2012-07-03 23:26 . 2012-07-03 23:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-03 23:26 . 2012-07-03 23:26 -------- d-----w- c:\users\Farnoosh\AppData\Local\temp
2012-06-27 23:08 . 2012-06-27 23:07 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-27 23:02 . 2012-06-27 23:02 -------- d-----w- c:\program files (x86)\Oracle
2012-06-27 22:59 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-26 22:00 . 2012-06-26 22:00 -------- d-----w- c:\users\root\AppData\Roaming\Malwarebytes
2012-06-26 21:59 . 2012-06-26 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 21:59 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 21:59 . 2012-06-26 21:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 00:25 . 2012-06-26 00:25 -------- d-----w- c:\users\Farnoosh\AppData\Local\Macromedia
2012-06-23 18:36 . 2012-06-23 18:36 -------- d-----w- c:\users\Bill\AppData\Local\Macromedia
2012-06-23 00:56 . 2012-06-23 00:56 -------- d-----w- c:\users\root\AppData\Roaming\Mael
2012-06-22 11:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:28 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:28 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:13 . 2012-06-14 02:13 -------- d-----w- c:\users\Bill\AppData\Roaming\dvdcss
2012-06-13 00:34 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 00:34 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 00:34 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 00:34 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 00:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 00:34 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 00:33 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-09 02:29 . 2012-06-09 02:29 -------- d-----w- c:\users\root\AppData\Roaming\vlc
2012-06-07 21:59 . 2012-06-07 21:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 21:59 . 2012-06-07 21:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 02:14 . 2012-04-07 20:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-28 02:14 . 2011-05-21 05:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-27 23:07 . 2011-06-01 04:09 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 23:29 . 2010-05-02 04:39 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-27 09:09 . 2012-03-27 09:09 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2012-03-27 09:09 . 2012-03-27 09:09 421736 ----a-w- c:\program files\iTunesHelper.exe
2012-03-27 09:09 . 2012-03-27 09:09 156520 ----a-w- c:\program files\iTunesHelper.dll
2012-03-27 09:09 . 2012-03-27 09:09 402792 ----a-w- c:\program files\iTunesAdmin.dll
2012-03-27 09:09 . 2012-03-27 09:09 9777000 ----a-w- c:\program files\iTunes.exe
2012-03-27 09:09 . 2012-03-27 09:09 21006696 ----a-w- c:\program files\iTunes.dll
2012-03-27 09:09 . 2012-03-27 09:09 797208 ----a-w- c:\program files\gnsdk_sdkmanager.dll
2012-03-27 09:09 . 2012-03-27 09:09 3029528 ----a-w- c:\program files\gnsdk_dsp.dll
2012-03-27 09:09 . 2012-03-27 09:09 281112 ----a-w- c:\program files\gnsdk_submit.dll
2012-03-27 09:09 . 2012-03-27 09:09 240152 ----a-w- c:\program files\gnsdk_musicid.dll
2012-03-07 00:44 . 2012-03-07 00:44 112488 ----a-w- c:\program files\ITDetector.ocx
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-11-22 05:38 1194008 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-04-25 195072]
"UpdateYouPaintShortCut"="c:\program files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2010-08-18 316072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-03-15 296056]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-20 560128]
.
c:\users\Farnoosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [2011-4-21 175104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2010-4-25 53248]
Dell Touch Zone.lnk - c:\program files (x86)\Dell Touch Zone\fingertapps.exe [2010-2-11 3854544]
PGP Tray.lnk - c:\windows\Installer\{2421B2BB-C09A-4594-842D-CA3ED17E946A}\Icon6560581611.exe [2012-2-11 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_1628BCEA;CyberLink Product - 2012/06/13 22:11;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2011-11-22 175880]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2011-11-22 15752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 202704]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 53968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/06/13 22:12];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 202752]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NovacomD;Palm Novacom;c:\program files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe [2010-03-23 47616]
S2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\Palm\PDK\tcprelay.exe [2010-06-16 11776]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-11-22 1588456]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 10240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 164176]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_1628BCEA
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 01:35]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 01:35]
.
2012-06-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-11-22 05:38 1985584 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-07-19 41984]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
"combofix"="c:\combofix\CF13172.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxps://emrwb.evms.edu/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab
DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} - hxxps://hrpacs.bshsi.org/ami/install/amiviewer.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxps://emrwb.evms.edu/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXTools.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://emrwb.evms.edu/ahsweb/Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxps://emrwb.evms.edu/ahsweb/TouchWorks/docworks/chworks/note/aic_viewer2.cab
DPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXWFCB.cab
DPF: {EECF9899-FC3A-4841-986F-30B874921B36} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXBrowser.cab
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\c4rrb592.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-QuickSet - c:\program files\Dell\QuickSet\QuickSet.exe
HKLM-Run-Broadcom Wireless Manager UI - c:\program files\Dell\DW WLAN Card\WLTRAY.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-07-03 19:48:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 23:48
.
Pre-Run: 350,045,532,160 bytes free
Post-Run: 383,798,382,592 bytes free
.
- - End Of File - - 5BBF7213A12CB4EB8B29AA04D33EAD17


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java Web Start
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Thanks for everything so far.
Bill

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 04 July 2012 - 08:01 AM

One odd thing -- combofix automatically rebooted the machine. When I logged back into my usual account (from which I ran combofix) it went into an endless loop of shell windows rapidly opening and closing. After a few minutes, I logged off and back on -- same thing. I rebooted the machine and logged back in -- same thing. I switched from my usual account to my administrator account, and after a few flickers, the combofix window opened and (presumably) completed running normally. I don't know if that changes the accuracy of the log file or not. Anyway here is the log file as requested:


You had a very bad ZeroAccess infection. The restart of the computer is normal under this condition.

===

Only need to take care of this.

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know of any remaining problems.

#5 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 04 July 2012 - 01:22 PM

I created the script and dragged in onto combofix, but I don't see a new log having been produced.

However, there was a snag. I forgot to re-disable my AV, and it immediately quarantined combofix. I had the AV restore it from quarantine, disabled the on access scanning, and redragged the script onto it, at which point it seemed to run properly. I don't know if having been quarantined and restored would affect combofix or not.

Also after running combofix, I got another message from Action Center similar to what started the whole process:

Windows has detected TrojanDownloader:Win32/Adload.DA, a known computer virus, on your computer. TrojanDownloader:W32/Adload.DA has caused your computer to stop working properly 3 times, last occurring on 7/3/2012 7:14PM.


That time correlates with the original running of combofix.

Bill

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 05 July 2012 - 06:45 AM

Delete your present version of ComboFix.

Make sure that only Windows Defender is active then download and run the latest version.

Post the log for my review.

Include the result of this scan.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#7 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 05 July 2012 - 08:12 AM

Old version combofix sent to recycle bin.
New version combofix downloaded and installed.
McAfee on access scanning off.
Windows Defender on.

ComboFix 12-07-05.02 - root 07/05/2012 8:54.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8181.6188 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\SYSTEM\AppData\Local\temp
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\root\AppData\Local\temp
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\Farnoosh\AppData\Local\temp
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-05 13:02 . 2012-07-05 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 12:54 . 2012-07-05 12:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0131C74A-16B0-44FF-A3B5-1782B21FEC1C}\offreg.dll
2012-07-05 12:29 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0131C74A-16B0-44FF-A3B5-1782B21FEC1C}\mpengine.dll
2012-06-27 23:08 . 2012-06-27 23:07 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-27 23:02 . 2012-06-27 23:02 -------- d-----w- c:\program files (x86)\Oracle
2012-06-27 22:59 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-26 22:00 . 2012-06-26 22:00 -------- d-----w- c:\users\root\AppData\Roaming\Malwarebytes
2012-06-26 21:59 . 2012-06-26 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 21:59 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 21:59 . 2012-06-26 21:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 00:25 . 2012-06-26 00:25 -------- d-----w- c:\users\Farnoosh\AppData\Local\Macromedia
2012-06-23 18:36 . 2012-06-23 18:36 -------- d-----w- c:\users\Bill\AppData\Local\Macromedia
2012-06-23 00:56 . 2012-06-23 00:56 -------- d-----w- c:\users\root\AppData\Roaming\Mael
2012-06-22 11:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:28 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:28 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:13 . 2012-06-14 02:13 -------- d-----w- c:\users\Bill\AppData\Roaming\dvdcss
2012-06-13 00:34 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 00:34 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 00:34 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 00:34 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 00:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 00:34 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 00:33 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-09 02:29 . 2012-06-09 02:29 -------- d-----w- c:\users\root\AppData\Roaming\vlc
2012-06-07 21:59 . 2012-06-07 21:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 21:59 . 2012-06-07 21:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 02:14 . 2012-04-07 20:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-28 02:14 . 2011-05-21 05:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-27 23:07 . 2011-06-01 04:09 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 23:29 . 2010-05-02 04:39 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-27 09:09 . 2012-03-27 09:09 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2012-03-27 09:09 . 2012-03-27 09:09 421736 ----a-w- c:\program files\iTunesHelper.exe
2012-03-27 09:09 . 2012-03-27 09:09 156520 ----a-w- c:\program files\iTunesHelper.dll
2012-03-27 09:09 . 2012-03-27 09:09 402792 ----a-w- c:\program files\iTunesAdmin.dll
2012-03-27 09:09 . 2012-03-27 09:09 9777000 ----a-w- c:\program files\iTunes.exe
2012-03-27 09:09 . 2012-03-27 09:09 21006696 ----a-w- c:\program files\iTunes.dll
2012-03-27 09:09 . 2012-03-27 09:09 797208 ----a-w- c:\program files\gnsdk_sdkmanager.dll
2012-03-27 09:09 . 2012-03-27 09:09 3029528 ----a-w- c:\program files\gnsdk_dsp.dll
2012-03-27 09:09 . 2012-03-27 09:09 281112 ----a-w- c:\program files\gnsdk_submit.dll
2012-03-27 09:09 . 2012-03-27 09:09 240152 ----a-w- c:\program files\gnsdk_musicid.dll
2012-03-07 00:44 . 2012-03-07 00:44 112488 ----a-w- c:\program files\ITDetector.ocx
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_23.44.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-01 17:38 . 2012-07-03 23:30 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 17:38 . 2012-07-05 12:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 17:38 . 2012-07-03 23:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-01 17:38 . 2012-07-05 12:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 23:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-05 12:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 19:40 . 2012-07-05 12:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 19:40 . 2012-07-03 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 19:40 . 2012-07-05 12:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-01 19:40 . 2012-07-03 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 17:59 . 2012-07-04 06:06 544728 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-05-23 05:17 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-11-22 05:38 1194008 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-04-25 195072]
"UpdateYouPaintShortCut"="c:\program files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2010-08-18 316072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-03-15 296056]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-20 560128]
.
c:\users\Farnoosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [2011-4-21 175104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2010-4-25 53248]
Dell Touch Zone.lnk - c:\program files (x86)\Dell Touch Zone\fingertapps.exe [2010-2-11 3854544]
PGP Tray.lnk - c:\windows\Installer\{2421B2BB-C09A-4594-842D-CA3ED17E946A}\Icon6560581611.exe [2012-2-11 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_1628BCEA;CyberLink Product - 2012/06/13 22:11;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
R2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\Palm\PDK\tcprelay.exe [2010-06-16 11776]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2011-11-22 175880]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2011-11-22 15752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 202704]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 53968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/06/13 22:12];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 202752]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NovacomD;Palm Novacom;c:\program files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe [2010-03-23 47616]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-11-22 1588456]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 10240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 164176]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_1628BCEA
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 01:35]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 01:35]
.
2012-06-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-11-22 05:38 1985584 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-07-19 41984]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxps://emrwb.evms.edu/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab
DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} - hxxps://hrpacs.bshsi.org/ami/install/amiviewer.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxps://emrwb.evms.edu/Touchworks/DictationController.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXTools.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://emrwb.evms.edu/ahsweb/Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxps://emrwb.evms.edu/ahsweb/TouchWorks/docworks/chworks/note/aic_viewer2.cab
DPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXWFCB.cab
DPF: {EECF9899-FC3A-4841-986F-30B874921B36} - hxxps://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXBrowser.cab
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\c4rrb592.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-05 09:05:00
ComboFix-quarantined-files.txt 2012-07-05 13:04
ComboFix2.txt 2012-07-03 23:48
.
Pre-Run: 382,322,642,944 bytes free
Post-Run: 382,578,536,448 bytes free
.
- - End Of File - - B4976AEA7FE71CE3BA00012CAC9A4ED6

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java Web Start
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 05 July 2012 - 08:29 AM

Remove these items from the Trusted Internet sites.

Trusted Zone: internet
Trusted Zone: mcafee.com


Anything downloaded bad or good will be installed.
The internet is no longer secure.
===

Your logs are clean any remaining issues?

If not Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#9 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 05 July 2012 - 09:56 PM

Those have been removed from the trusted sites. Actually I don't remember adding those to ie's trusted sites in the first place.

There were very few signs of a malware exploit in the first place, so it's hard to tell if everything is better. I'm not seeing my firewall flag outgoing attempts from flash or real player, so that's a good sign.

A few minor things that I'm still wondering about. Rkill kept flagging C:\Windows\SysWOW64\grpconv.exe, and I noticed that this file is still there. Legitimate file or malware?; boopme seemed concerned about it on A.I.I. Also I noticed the flash player app in the same directory. The date on the file was 6/27, but hovering over it gave an April creation date. From what I read, ZeroAccess likes to mimic Flash, and that modification date is in the middle of this malware exploit. Again, is this something to worry about or normal behavior?

Bill

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 06 July 2012 - 09:29 AM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#11 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 06 July 2012 - 09:15 PM

OTL logfile created on: 7/6/2012 8:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bill\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 62.34% Memory free
15.98 Gb Paging File | 12.85 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 356.01 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 416.14 Gb Free Space | 89.35% Space Free | Partition Type: NTFS

Computer Name: HUTCHENS | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Dell V715w\dleemon.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleemon.exe ()
MOD - C:\Program Files (x86)\Dell V715w\dleedrs.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleescw.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell V715w\DLEEcfg.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Windows\SysWOW64\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleedatr.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleecaps.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleecnv4.dll ()
MOD - C:\Windows\SysWOW64\DLEEsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEEsm.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe File not found
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (dlee_device) -- C:\Windows\SysNative\dleecoms.exe ( )
SRV:64bit: - (dleeCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleeserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PGP RDD Service) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe (Symantec Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (CLKMSVC10_1628BCEA) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe (CyberLink)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Palm_TCP_Relay) -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe ()
SRV - (dleeCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe ()
SRV - (dlee_device) -- C:\Windows\SysWOW64\dleecoms.exe ( )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NovacomD) -- C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe (Palm)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PGPwded) -- C:\Windows\SysNative\drivers\PGPwded.sys (Symantec Corporation)
DRV:64bit: - (Pgpwdefs) -- C:\Windows\SysNative\drivers\PGPwdefs.sys (Symantec Corporation)
DRV:64bit: - (PGPsdkDriver) -- C:\Windows\SysNative\drivers\PGPsdk.sys (Symantec Corporation)
DRV:64bit: - (PGPdisk) -- C:\Windows\SysNative\drivers\PGPdisk.sys (Symantec Corporation)
DRV:64bit: - (pgpfs) -- C:\Windows\SysNative\drivers\PGPfsfd.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BTHprint) -- C:\Windows\SysNative\drivers\BTHPRINT.SYS (Microsoft Corporation)
DRV:64bit: - (PsxDrv) -- C:\Windows\SysNative\drivers\psxdrv.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\drivers\packet.sys (SingleClick Systems)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C606CB2D-B4FC-4DE8-8DB5-BF9C8BA8B0CE}
IE:64bit: - HKLM\..\SearchScopes\{C606CB2D-B4FC-4DE8-8DB5-BF9C8BA8B0CE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8AE7C775-8F9A-4556-BA04-2017E8771D60}
IE - HKLM\..\SearchScopes\{8AE7C775-8F9A-4556-BA04-2017E8771D60}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {8AE7C775-8F9A-4556-BA04-2017E8771D60}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/04/25 05:51:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/04/25 05:51:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 21:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/26 19:53:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/15 00:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/28 07:56:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 19:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/18 12:38:01 | 000,000,000 | ---D | M]

[2010/05/01 16:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\Mozilla\Extensions
[2012/06/27 22:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\c4rrb592.default\extensions
[2012/06/27 18:52:46 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\c4rrb592.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/03/15 00:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/28 07:56:55 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/26 19:53:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/04/28 09:52:50 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C4RRB592.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/29 13:45:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C4RRB592.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/09 23:07:05 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C4RRB592.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/06/27 22:13:42 | 000,094,344 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C4RRB592.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012/06/22 19:52:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/02/18 01:07:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/07 17:59:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/02 08:22:26 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/07 17:59:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/03 19:44:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628074507.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IDXHlprObj Class) - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Windows\Downloaded Program Files\IDXIEController.DLL ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628074507.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DictateBHO) - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\Windows\Downloaded Program Files\DictateBar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (TouchWorks Dictate) - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\Windows\Downloaded Program Files\DictateBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe File not found
O4:64bit: - HKLM..\Run: [dleemon.exe] C:\Program Files (x86)\Dell V715w\dleemon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V715w\ezprint.exe ()
O4:64bit: - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysNative\jureg.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell V715w] C:\Program Files (x86)\Dell V715w\fm3032.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} /Touchworks/AHSCompressionEngine.cab (Engine Class)
O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab (WAVSCtl.WAVitalSignsCtl)
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} /TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab (ImgXDialog6.ImgXDialog)
O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} https://emrwb.evms.edu/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab (AICViewer.Viewer)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} https://hrpacs.bshsi.org/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa09)
O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} https://emrwb.evms.edu/Touchworks/DictationController.cab (DictationController Class)
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab (Atalasoft ImgXCtrl6.ImgXCtrl (CAB))
O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab (Pesgoa Control)
O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} /Touchworks/DictionaryManager.CAB (DictionaryManager.Dictionary)
O16 - DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} https://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXTools.cab (TerminalID Class)
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} /TouchWorks/DocWorks/CHWorks/Note/wspell.cab (WSpell Spelling Checker Control)
O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab (TWRTFControl)
O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} https://emrwb.evms.edu/ahsweb/Touchworks/DictateBar.cab (DictateBandInstaller)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} https://emrwb.evms.edu/ahsweb/TouchWorks/docworks/chworks/note/aic_viewer2.cab (AIC_ViewerAS2.Viewer)
O16 - DPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} https://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXWFCB.cab (Clipboard Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EECF9899-FC3A-4841-986F-30B874921B36} https://emrwb.evms.edu/ahsweb/IDXWF/Context/IDXBrowser.cab (BrowserObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E928124-8A4E-4CC8-9C49-29B5970CFC1C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\SysNative\PGPmapih.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\SysWOW64\PGPmapih.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 17:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/05 21:59:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/05 09:05:01 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2012/07/05 08:53:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/03 19:48:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/03 19:14:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/03 19:14:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/03 19:14:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/03 19:13:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/03 19:13:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/06/27 19:08:02 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/27 19:08:02 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/27 19:07:54 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/27 19:07:54 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/27 19:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/27 18:59:46 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/27 18:59:46 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/27 18:59:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/27 18:59:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/26 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2012/06/26 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 17:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 17:59:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/26 17:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/22 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Mael
[2012/06/22 07:30:03 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 07:30:03 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 07:30:03 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 07:29:18 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 07:29:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 07:29:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 07:28:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 07:28:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/12 20:35:36 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/12 20:35:33 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 20:35:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 20:35:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 20:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 20:35:20 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 20:35:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 20:34:56 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 20:34:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 20:34:52 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/12 20:34:52 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/12 20:34:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 20:34:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 20:34:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 20:33:00 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 20:32:59 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 20:32:58 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 20:32:41 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 20:32:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 20:32:16 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 20:32:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/08 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\vlc
[2012/06/08 21:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/27 05:09:30 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/03/27 05:09:24 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/03/27 05:09:22 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/03/27 05:09:20 | 000,402,792 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/03/27 05:09:16 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/03/27 05:09:06 | 021,006,696 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/03/27 05:09:02 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/03/27 05:09:02 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/03/27 05:09:02 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/03/27 05:09:02 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012/03/06 20:44:32 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2012/07/06 20:55:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/06 20:39:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 19:38:27 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 19:38:27 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 17:15:50 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/07/06 17:13:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 17:10:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 19:44:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/03 19:40:02 | 2138,443,775 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 22:21:51 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2012/06/27 22:14:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/27 22:14:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/27 19:07:39 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/27 19:07:39 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/27 19:07:39 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/27 19:07:39 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/27 19:07:39 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/27 18:59:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/27 18:59:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/26 17:59:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 17:47:26 | 001,012,656 | ---- | M] () -- C:\Users\root\Desktop\rkill.exe
[2012/06/23 09:05:46 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/22 21:16:36 | 003,106,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/22 21:16:36 | 000,983,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/22 21:16:36 | 000,006,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/22 19:57:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/06/12 20:54:31 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 07:27:09 | 638,346,313 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 21:35:09 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/07/03 19:14:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/03 19:14:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/03 19:14:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/03 19:14:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/03 19:14:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/27 22:21:51 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2012/06/26 17:59:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 17:47:23 | 001,012,656 | ---- | C] () -- C:\Users\root\Desktop\rkill.exe
[2012/06/22 18:27:02 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/06/08 21:35:09 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/06 20:43:04 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/11/22 01:40:28 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig
[2011/06/23 11:09:41 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/04/25 21:43:42 | 000,006,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/19 22:32:34 | 000,000,064 | ---- | C] () -- C:\Windows\qwimp.ini
[2011/01/19 20:36:05 | 000,000,372 | ---- | C] () -- C:\Windows\intuprof.ini
[2011/01/16 16:45:23 | 000,001,747 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/06 22:14:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleeserv.dll
[2011/01/06 22:14:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleeusb1.dll
[2011/01/06 22:14:22 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleecomc.dll
[2011/01/06 22:14:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleehbn3.dll
[2011/01/06 22:14:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleepmui.dll
[2011/01/06 22:14:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleecoms.exe
[2011/01/06 22:14:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dleelmpm.dll
[2011/01/06 22:14:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleecfg.exe
[2011/01/06 22:14:22 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleecomm.dll
[2011/01/06 22:14:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleeinpa.dll
[2011/01/06 22:14:22 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleecomx.dll
[2011/01/06 22:14:22 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleeiesc.dll
[2011/01/06 22:14:22 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleeih.exe
[2011/01/06 22:14:22 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleeins.dll
[2011/01/06 22:14:22 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleeinsb.dll
[2011/01/06 22:14:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleecu.dll
[2011/01/06 22:14:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleeinsr.dll
[2011/01/06 22:14:22 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleecub.dll
[2011/01/06 22:14:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleejswr.dll
[2011/01/06 22:14:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleecur.dll
[2011/01/06 22:14:21 | 000,086,183 | ---- | C] () -- C:\Windows\SysWow64\DLEEcfg.dll
[2011/01/06 18:58:44 | 000,000,179 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/08/09 03:03:26 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/05/02 00:36:09 | 008,658,794 | ---- | C] () -- C:\Users\root\AppData\Roaming\DataSafeDotNet.exe
[2010/05/01 18:06:00 | 000,007,613 | ---- | C] () -- C:\Users\root\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2010/05/05 20:58:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ICAClient
[2012/06/22 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Mael
[2011/12/28 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MP3Rocket
[2011/05/04 21:12:59 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PCDr
[2012/02/17 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PGP Corporation
[2010/05/02 00:21:56 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\V715w
[2012/06/22 19:57:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/06/23 09:05:46 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/12 19:57:03 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/06 20:55:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/07/05 22:15:11 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2862145238-893531248-1780857412-1000\desktop.ini
[2012/07/05 21:59:29 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2862145238-893531248-1780857412-1001\desktop.ini
[2012/07/05 22:12:19 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2862145238-893531248-1780857412-1002\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/13 21:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/13 21:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2010/04/25 08:23:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/04/25 08:23:47 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\root\AppData\Local\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\root\AppData\Local\temp\RarSFX1\procs\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/25 08:23:39 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/25 08:23:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/04/25 08:23:47 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/25 08:23:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\root\AppData\Local\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\root\AppData\Local\temp\RarSFX1\h\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/04/25 08:23:47 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/25 08:23:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/04/25 08:23:47 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/25 08:23:39 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/25 08:23:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/25 08:23:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/07/16 01:21:15 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=06835B46D9676BEDD80AF25ACF6845FD -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011/05/14 03:20:00 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=0E1B2E16235AA7F89F064EE75DFC905E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011/05/14 02:22:22 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=166116134C58DC36400DE59ACD64FB39 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011/07/16 00:21:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=2113248DB2D1AF9CA790B09F3E6C6E85 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011/07/16 01:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011/05/14 02:32:33 | 000,837,120 | ---- | M] (Microsoft Corporation) MD5=40EACEE0B6432CBE2459A11B298E9D88 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011/07/16 00:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) MD5=4EA99F1644627B1EBAD99D0B93CDEE1C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[2009/07/13 21:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5B4B379AD10DEDA4EDA01B8C6961B193 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009/07/13 21:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2011/05/14 03:11:10 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=6743E8705A96FCBF71279B5AE2CCFDBC -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011/06/03 01:58:27 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6EB2AEE15C20681E323E9A3E334FE6CF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2010/11/20 09:26:42 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/06/03 02:54:47 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=8225958BAC83EAFCDB6BAB6EE5EDF6E6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2011/05/14 03:36:24 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=98DA1B7572DAD6BA10296E0DF0950B37 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\erdnt\cache86\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\SysWOW64\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\erdnt\cache64\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\SysNative\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/05/14 03:33:36 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=CC5CBC069944E7EA70D8674478A70A37 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011/07/16 00:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011/07/16 01:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=DDBD24DC04DA5FD0EDF45CF72B7C01E2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[2010/11/20 08:08:56 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NDIS.SYS >
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\erdnt\cache64\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\erdnt\cache64\ntfs.sys
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\SysNative\drivers\ntfs.sys
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2009/07/13 21:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2009/07/13 21:39:28 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=19117589BA265AAF89BEBE1E9040000C -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_83bbe97eac162e90\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 21:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/20 01:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/13 21:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\erdnt\cache64\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/08/21 02:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/07/13 21:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0F05EC2887BFE197AD82A13287D2F404 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\erdnt\cache64\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SysNative\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\root\AppData\Local\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\root\AppData\Local\temp\RarSFX1\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< End of report >

OTL Extras logfile created on: 7/6/2012 8:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bill\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 62.34% Memory free
15.98 Gb Paging File | 12.85 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 356.01 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 416.14 Gb Free Space | 89.35% Space Free | Partition Type: NTFS

Computer Name: HUTCHENS | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10AC0B0A-F842-4A81-AD31-6937ED8C70CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{1A74308B-FF45-4E8B-91D4-43463486CB90}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AAF3BE9-C0A8-4CC2-8761-BA914243263B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2080740C-FB75-49C0-9883-04FBCC5F116B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AC6B79E-2366-4772-B618-0EFC5A469B94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B37DE61-C707-4DA5-BC8D-9275D2DF3183}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F6C8EFD-8F26-455B-8FE0-C0BADB7029D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30630639-E83E-4464-92CF-4706D62265D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{499D2B68-B867-4E05-BD35-AA5790CA7816}" = rport=137 | protocol=17 | dir=out | app=system |
"{81DF553A-C4E9-4629-9FF5-33B81A70E012}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C4EC3CF-9B3D-45C6-BEF8-F426458EA891}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{973F5FA4-D5E6-4AD3-8FD3-9EC21478B785}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C173913-E4CC-4D55-A8D1-2E18FCF130D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{A39D470D-472E-439D-A198-3010E541C056}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4CE0080-CDEE-4694-A8C7-E966724B7E41}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5844B36-6A38-4E64-835F-D6554DEEC56D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3FD5FC2-1288-45FF-971E-11A3F0F31EBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B8A70EF3-D932-4821-9728-C998B80ADB2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D102B466-97C1-40D0-9EA7-405D6673F75D}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD8B5EFF-AC1C-4CF5-BB36-DAC0A271682E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9D93A5B-C282-4B5C-B325-9FF87BBB16F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA19EEE2-E71A-497F-BEBF-F6FF73443209}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB6622D6-79A2-4231-A0C5-7E6C050E57C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2386FB8-C003-4131-9EE2-9CCD16FCBC90}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F4591E52-2E02-42E5-8308-E6AB1C429654}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBD7EBC5-6936-497F-AFC7-25276A46E1D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D2A605-1909-44F1-8808-C163071E5F2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{02FB2FA7-3F52-4321-AB76-46738988DB24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04B99821-7A26-4505-955A-774522CFC380}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D357FEE-4E33-41F7-B7DE-6F20C2BF191E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10D75BAB-9044-4C8D-ADF5-3E1276C89016}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{187EA28A-CBF3-423E-AB50-60CBA84A4A87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1B26D3D3-F324-4DA3-89EC-20A8635F6012}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C76F5C6-0EE1-4A6A-8D64-9E18FB3518A6}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{24957D0C-3556-4C27-B420-5CE00396CFD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27ADFC5F-8332-4BE4-84D7-B5BE0722AABE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{2BA69C5B-CA30-4A6D-9A46-9C7640D90513}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{314EA2E6-DBE1-474D-B746-814ACA8EBD08}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{334E4B86-6025-443A-ADCE-CC41C130C68C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{34834B11-9DEC-43BD-AF12-CCF4E92C6361}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3514193B-79D5-46D2-AC2E-4A45E7DC9ADC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{378C4595-34D8-4304-AE2F-AC3FEF0FE1AC}" = protocol=6 | dir=out | app=system |
"{3B80DD93-35A4-42AF-B854-0245AB5868BD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4344162B-2113-41BC-B6D7-0B7291892A04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BDDF778-CE00-4B42-BDE7-C9C5D8F2E1F4}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{4F1EE337-6043-41F1-9AE5-9321C5C0992A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51F878FF-5553-45B6-9A13-DD84DBF690F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5241FF1D-CA3A-4920-894C-158236CC3EA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5515A9C6-35F1-4D3F-927C-5D60448CFE54}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{5A6867F8-EEC2-4CE4-9673-C44CDC5135DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B356238-B85A-4F4B-B574-B6E86E35BAB2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5CE806D4-32C2-44C0-96CE-357A61780410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64398B0D-7BD1-4789-9CF6-05FE3B613901}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6BB397D3-1988-4D3B-A5A7-28D7DB36F9FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E90085C-D094-42BA-990C-30DBD28F52EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FCCABC0-7FA7-47DF-9762-370A45DBB92A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{71524B20-8140-4E0F-856F-4BB3C107B7F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{799C9CAD-537D-4093-A7D0-7FA4F8442C22}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7D4DB816-9787-440C-BD15-DDE8B84ECEAE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{7DF2A407-4819-4D07-9F67-399BBD321CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{8539473F-DE95-48AB-A944-CE1BF516EE24}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{85D2862E-6745-40B3-AAB9-71FBEF40F29F}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{8C6703BE-B7DE-4F50-A4AA-21125B36A69B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{8CF9D454-49B4-4A69-A6AC-9E8752FA47CC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{977C551D-7937-4B7C-A1C1-FB050E6F12FF}" = dir=in | app=c:\program files\itunes.exe |
"{9EF4DFE4-4B90-486F-A9E0-ED86721AF9A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A62B935F-6297-414C-84E8-7189A3282CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{A700A8A5-8547-44B1-A77C-4BB030785784}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7831BAD-CA02-4427-AF52-86C7929257FE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{AD13966D-7CB6-4FF0-B6FD-61A41F1C9F08}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B09A3305-54C5-425A-94E5-F46AFEC0EEBE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B1331B7F-8D3D-429E-A139-BF7AB9B34F01}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{B60376BB-08AA-482C-B75C-700E7C538087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6848999-6A4D-43FA-8142-E9BF1CCADDAF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B8B35EA3-FC36-4A47-BEFD-CE5CAB62E9FF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{BB0B35EF-7A93-4880-BB47-75B33B260E8D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BCFFF7A5-849A-411E-8AD5-2A81AF466C02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BE45BD8F-C349-464C-82FF-5A4C7D32D441}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{BFA7916B-F5C2-42B7-841A-36CA765E15AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C2899AAF-18C2-4152-A4A6-893883B75880}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{C73FD1A8-99A2-44CD-ACAA-50B90D4DA2BB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD4EDAC8-C8CC-406D-B872-0F8943F6F795}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D5064947-CB3F-4080-B888-772912541755}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D67F9BCA-BC55-48BB-BC14-7CD47E8C1798}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9658FC7-8D86-4F93-861A-99F316FE0EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{E7C067B4-21D8-42EA-AFBC-9F9400B7E1FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF4C8BC2-4D11-4CCA-BB47-8F7BA2BB3584}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F3F1463C-3540-4DB7-8049-19329E7F8D43}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F837D9B1-51CC-4B0A-B985-4D4B01251301}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{FD7C4B9F-3115-4EBC-8E68-E78C8601E36C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{0015AD39-F186-449D-B7C3-963C51A56BCB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1E95AB3C-ADFE-4C56-BD8B-7B31424153D8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2421B2BB-C09A-4594-842D-CA3ED17E946A}" = PGP Desktop
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70B236CC-347F-46C1-B926-3E711C980089}" = Palm webOS SDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB048BF4-6AD7-450B-9538-0DF2C9229840}" = Oracle VM VirtualBox 3.2.6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"Dell Support Center" = Dell Support Center
"Dell V715w" = Dell V715w
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Dell TouchCam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista
"{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy
"{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German
"{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F72902B-5166-4522-8610-76BD903F8584}" = IDXWebFrameworkControls
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816E3C02-DABF-1354-0B98-5E153F7DF79B}" = Skins
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{836D5E9B-6D1E-4AFF-9329-5B9CB29A73C6}" = ArcSoft Print Creations
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese
"{85CCC733-272A-482A-A832-0D6153F5AE6A}" = TouchWorksWebControls
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English
"{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static
"{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBF0A096-6EE7-488E-8C04-2536C7B3F120}" = Dell Touch Zone
"{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Dell TouchCam
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MKSAP MOC II" = MKSAP MOC II
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee SecurityCenter
"RealPlayer 15.0" = RealPlayer
"SimBioSys® Physiology Labs v3" = SimBioSys® Physiology Labs v3
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VLC media player" = VLC media player 2.0.1
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WordSmart Vocabulary_is1" = WordSmart Vocabulary
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2012 1:31:28 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13042

Error - 3/1/2012 1:31:28 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13042

Error - 3/1/2012 1:31:29 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2012 1:31:29 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14040

Error - 3/1/2012 1:31:29 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14040

Error - 3/1/2012 1:31:30 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2012 1:31:30 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15039

Error - 3/1/2012 1:31:30 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15039

Error - 3/1/2012 1:31:31 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2012 1:31:31 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16037

Error - 3/1/2012 1:31:31 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16037

Error - 3/1/2012 1:31:32 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2012 1:31:32 PM | Computer Name = Hutchens | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17035

[ Dell Events ]
Error - 4/28/2011 9:18:23 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/1/2011 11:00:34 AM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/1/2011 11:00:34 AM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/1/2011 11:01:24 AM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/1/2011 11:01:24 AM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/24/2011 7:47:02 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/24/2011 7:47:02 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 4:32:54 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 4:32:55 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/1/2011 1:44:48 PM | Computer Name = Hutchens | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 2/4/2012 11:11:56 PM | Computer Name = Hutchens | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 57
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/7/2012 7:08:41 PM | Computer Name = Hutchens | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 169908
seconds with 900 seconds of active time. This session ended with a crash.

Error - 3/13/2012 9:27:14 AM | Computer Name = Hutchens | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 471425
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 4/18/2012 6:07:55 PM | Computer Name = Hutchens | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 334165
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 5/29/2012 8:36:15 PM | Computer Name = Hutchens | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 608602
seconds with 7320 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/5/2012 10:35:54 PM | Computer Name = Hutchens | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 7/5/2012 10:39:03 PM | Computer Name = Hutchens | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31

Error - 7/5/2012 10:46:03 PM | Computer Name = Hutchens | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31

Error - 7/5/2012 11:30:22 PM | Computer Name = Hutchens | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 7/5/2012 11:52:43 PM | Computer Name = Hutchens | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 7/6/2012 3:10:26 AM | Computer Name = Hutchens | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 7/6/2012 10:18:44 AM | Computer Name = Hutchens | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 7/6/2012 5:10:49 PM | Computer Name = Hutchens | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 7/6/2012 5:12:05 PM | Computer Name = Hutchens | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 7/6/2012 5:12:35 PM | Computer Name = Hutchens | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 07 July 2012 - 10:45 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    grpconv.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#13 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 07 July 2012 - 12:02 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:58 on 07/07/2012 by root
Administrator - Elevation successful

========== filefind ==========

Searching for "grpconv.exe"
C:\Windows\System32\grpconv.exe --a---- 18432 bytes [23:56 13/07/2009] [01:39 14/07/2009] 4F432B394E3C7D6657A58FF44D3FBBB0
C:\Windows\SysWOW64\grpconv.exe --a---- 16384 bytes [23:40 13/07/2009] [01:14 14/07/2009] 67517491E2367098334372E0C167F515
C:\Windows\winsxs\amd64_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_fe7d1685575edfa6\grpconv.exe --a---- 18432 bytes [23:56 13/07/2009] [01:39 14/07/2009] 4F432B394E3C7D6657A58FF44D3FBBB0
C:\Windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe --a---- 16384 bytes [23:40 13/07/2009] [01:14 14/07/2009] 67517491E2367098334372E0C167F515

-= EOF =-

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 07 July 2012 - 03:21 PM

The file looks good. It's not the same size of the other similar files but will check it out.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\Windows\SysWOW64\grpconv.exe
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

#15 Bill 0

Bill 0
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 PM

Posted 07 July 2012 - 05:05 PM

http://virusscan.jotti.org/en/scanresult/eec7b0e2afe7a72aaacb3c555f24ee5712656c0c/e19cd78728a70c07752943478d30a76dccb454a8




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users