Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Banker Trojan won't go away


  • This topic is locked This topic is locked
23 replies to this topic

#1 nasha155

nasha155

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 04 July 2012 - 10:57 PM

Please see screenshot included. Attached File  Proof of Virus.png   81.4KB   15 downloads

I have removed this over and over. I use SpyBot Search and destroy, MalwareBites, and a paid version of Avast Internet Security. I thought I was covered. My desktop items started relocating themselves, and I knew something was wrong. Ran a scan, and low and behold there was Banker. I removed it, and thought that was the end. NOTE: Of all of the programs I run, only Spybot s and d was able to detect it.
I am very concerned. This computer is used for business. I have nearly 900 customers with credit card numbers that are saved on this computer, not to mention my own personal accts. I have to ask now, do I have to call 900 ppl and tell them their cards are compromised?
How do I make this thing go away permanently? It keeps coming back.

P.S I tried to download the dds program however it will not download?

See attached for Spybot log. Attached File  SpyBot Log.txt   3.17KB   3 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 09 July 2012 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459390 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 10 July 2012 - 01:06 AM

Hello,

I still need help please. I can't download DDS, the link does not work. I am running:

Windows 7 Home Premium
64 bit OS
Service Pack 1

I have basically just used Spybot Search and destroy to try to fix this, as Avast and Malwarebytes do not detect it.

I previously had a computer do this, and had tried everything, including manually deleting where it was supposed to be and it returned anyway. Shortly thereafter my computer became non responsive, and stopped connecting to the internet altogether.

This does not go away with normal treatment, and it just continues to do damage.

Please see new screenshot taken AFTER the last one in which I removed it with Spybot S&D. Attached File  Banker2.png   82.9KB   4 downloadsI have also attached yet another fix log. Well, nevermind. Interesting enough that Spybot has stopped recording logs of fixes/findings.

#4 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 10 July 2012 - 01:12 AM

Please see scanned copy of the SpyBot scan and fix log. It did not save it in the file, but it allowed me to print it. Attached File  Fix log.jpg   186.94KB   4 downloads No matter how many times I get rid of it, it comes right back upon reboot. I do not have the original windows disks.

#5 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 10 July 2012 - 07:08 AM

Hi nasha155,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Can you try and explain to me what happens when you try to download DDS.scr or DDS.pif. Have you tried right clicking on the link and then choose to SAVE LINK AS then save it to desktop and run it. Try that and report back to me how that went for you.

Best Regards,
Karsten

Edit: Added question

Edited by KarstenHansen, 10 July 2012 - 07:30 AM.


#6 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 10 July 2012 - 12:35 PM

Hi Karsten,

Thank you so much for your reply. You were right, I opened DDS the way you reccomended and it worked fine.

Hopefully this is what you need.

Attached File  DDS.1.txt   25.49KB   2 downloads

I zipped the other one but it won't let me post it here. It says "error you can't upload this kind of file"

So if you need it, just let me know the best way to send it to you.

Thanks again. Just the thought of another computer going down thanks to this same virus makes me sick :( Everything I have read about it says it is not a major virus, but that can't be further from the truth. I saqw it first hand with my laptop, but that time I caught it because I was using malware removal bot, which I have since been told was malware :(

#7 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 10 July 2012 - 01:51 PM

Hi nasha155 :),

:welcome: to BleepingComputer.

My name is Karsten and I'll help you with the cleanup of malware from your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

All future logs I would like to have you post like I have done with this one now.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Nadya at 10:23:02 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.3407 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Alarm Clock\AlarmMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nadya\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Tracker\Tracker.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Alarm Clock\Alarm Tray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RCIEBrowserToolbar Class: {05f8c4f4-44da-49d7-92ee-0944ab774d99} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: RingCentral For Internet Explorer: {a50f643c-3c5b-4d99-b68c-21a13c81e50e} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Nadya\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe"
uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [<NO NAME>] cmd.exe /c rd /s /q "C:\Users\Nadya\AppData\Local\Temp\joi8F99.tmp"
uRunOnce: [join.me_joi9D40.tmp_cleanup] cmd.exe /c del /f /q "C:\Users\Nadya\AppData\Local\Temp\joi9D40.tmp_cleanup.bat"
uRunOnce: [join.me_joi8F99.tmp_cleanup] cmd.exe /c del /f /q "C:\Users\Nadya\AppData\Local\Temp\joi8F99.tmp_cleanup.bat"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Nadya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nadya\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Nadya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Nadya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Nadya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tracker.lnk - C:\Program Files (x86)\Tracker\Tracker.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.216.160.2 209.216.160.131
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\051657C61647162716 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\34F6C657D626961602259667562702759464940253 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\34F6C657D626961602259667562702759464940263 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\34F6C657D626961602259667562702759664960253 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\4505D2C494E4B4F5145363137303 : DhcpNameServer = 209.216.160.2 209.216.160.131
TCP: Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}\7456272656270275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{998F4F57-8051-4F15-A08E-439D18262AA2} : DhcpNameServer = 209.216.160.2 209.216.160.131
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: RCIEBrowserToolbar Class: {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll
BHO-X64: RingCentral For Internet Explorer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: RingCentral For Internet Explorer: {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;C:\Program Files\Alarm Clock\AlarmMonitor.exe [2011-4-23 819456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-4 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-7-4 133912]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-1-4 519888]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-3 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-14 1692480]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-3-3 428640]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-12 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 257224]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-12 116648]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-7-4 4563848]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-05 19:26:27 -------- d-----w- C:\ProgramData\TightVNC
2012-07-05 06:26:40 37704 ----a-w- C:\Windows\System32\VNCpm.dll
2012-07-05 06:26:25 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys
2012-07-05 06:26:25 26112 ----a-w- C:\Windows\System32\vncmirror.dll
2012-07-05 06:26:20 -------- d-----w- C:\Program Files\RealVNC
2012-07-04 23:00:50 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-07-04 23:00:29 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-07-04 23:00:28 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-07-04 23:00:20 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-07-04 07:30:08 -------- d-----w- C:\Program Files (x86)\Pogo Games
2012-07-04 07:10:20 -------- d-----w- C:\Games
2012-07-04 07:09:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B653C07-E9C1-4DE4-8C0B-6B4D511AD402}\offreg.dll
2012-07-04 03:01:05 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B653C07-E9C1-4DE4-8C0B-6B4D511AD402}\mpengine.dll
2012-07-03 08:46:44 -------- d-----w- C:\ProgramData\Tri-Peaks 2 Quest for the Ruby Ring
2012-07-03 08:46:34 -------- d-----w- C:\Users\Nadya\AppData\Roaming\Pogo Games
2012-07-03 08:46:14 -------- d-----w- C:\Program Files (x86)\iWin.com
2012-07-03 08:42:43 -------- d-----w- C:\ProgramData\PogoDGC
2012-07-03 08:42:29 -------- d-----w- C:\Users\Nadya\AppData\Local\APN
2012-07-03 04:19:14 -------- d-----w- C:\Users\Nadya\AppData\Local\Thunderbird
2012-06-22 10:52:22 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-22 10:52:03 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-18 02:54:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 02:54:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-18 01:34:57 -------- d-----w- C:\Users\Nadya\AppData\Local\{3345E419-6C7D-406E-9EE5-460116C8B0CD}
2012-06-11 06:49:13 -------- d-----w- C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows
.
==================== Find3M ====================
.
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 02:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-14 07:13:34 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 10:24:45.10 ===============

I will need some time now to analyse the log, I thank you in advance for your patience.

Best Regards,
Karsten

#8 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 11 July 2012 - 03:18 PM

Hi nasha155 :)
I need to know if these programs are wellknown and used by you:

HiveDesk for Windows
TightVNC
Tracker


Best Regards,
Karsten

#9 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 11 July 2012 - 07:04 PM

Hi Karsten,

I work from home, and HiveDesk and Tracker track screenshots so I get paid. I have used them for awhile, and have not had issues with them. Yet.

TightVNC is a remote desktop setup we use from work that enables us to work together on 1 computer.

All of these I have trusted, however if you tell me there is cause to be concerned I will work out other programs.

I will do what I have to to make sure this virus goes away.

Thank you so much.

#10 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 12 July 2012 - 05:55 AM

Hi nasha155 :)
All I needed to know was that the programs were used and installed by you (as you know they are fine programs, but could potentionally be used badly). Now I know, good, yes I did think that you had to be a worker from home. Give me a little time to prepare some kind of fix for you and thanks so much for the information, makes things alot easier for me.

Best Regards,
Karsten

Edit: Added information about Spybot.
nasha155, I dont know if you know this but Spybot is a really old program, does it even get updated anymore? You would do much better with either Malwarebytes, or SuperAntiSpyware, or Emsisoft Anti-Malware would maybe be a much better choice for you, that is something you can think about. I just wanted to let you know the facts of spybot. Another good point against Spybot is what it had identified as a banker trojan, I found to be related to some online gaming programs that will need to be removed.

Edited by KarstenHansen, 12 July 2012 - 09:08 AM.


#11 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 12 July 2012 - 08:26 AM

Hi nasha155 :)
We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • OTL log is all I expect to get from you this time

Karsten

#12 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 12 July 2012 - 11:00 PM

Hi Karsten,

Here are the logs you need:

OTL.txt:


OTL logfile created on: 7/12/2012 8:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nadya\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 32.56% Memory free
54.63 Gb Paging File | 48.21 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): c:\pagefile.sys 50000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 765.81 Gb Free Space | 83.45% Space Free | Partition Type: NTFS

Computer Name: NADYA-PC | User Name: Nadya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 20:48:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nadya\Downloads\OTL.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 09:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/06/14 18:05:19 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadya\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/10 18:04:31 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\Tracker\Tracker.exe
PRC - [2012/03/14 16:11:00 | 000,155,136 | ---- | M] (Scalable Ventures) -- C:\Users\Nadya\AppData\Roaming\HiveDesk for Windows\HiveDesk.exe
PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/03 06:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2011/03/03 18:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/23 16:52:10 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2010/11/23 16:52:06 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/01/27 14:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/24 15:08:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/24 15:08:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/24 15:08:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/24 15:08:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/14 18:05:16 | 001,977,312 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/06/14 18:05:16 | 000,162,784 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/06/14 18:05:16 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/05/15 08:42:04 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 08:02:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 08:02:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 08:02:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 08:02:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 08:02:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 08:01:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/10 18:04:31 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\Tracker\Tracker.exe
MOD - [2012/05/03 06:14:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/03 06:14:42 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/23 16:53:18 | 001,049,856 | ---- | M] () -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2010/11/23 16:53:04 | 000,374,016 | ---- | M] () -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2010/11/23 16:45:20 | 001,908,736 | ---- | M] () -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\Characters\RCSPSkDesktop.dll
MOD - [2010/05/05 12:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\NetFixDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/03 09:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/05/29 14:34:46 | 004,563,848 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
SRV:64bit: - [2011/06/10 12:40:19 | 000,497,920 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2011/04/23 05:54:10 | 000,819,456 | R--- | M] (Cinnamon Software Inc.) [Auto | Running] -- C:\Program Files\Alarm Clock\AlarmMonitor.exe -- (AlarmClockMonitor)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/11 16:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2010/04/29 18:10:40 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 21:48:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/25 19:47:36 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/03 06:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/03/03 18:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/07/03 09:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/06/27 13:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/05/29 14:15:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 18:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2011/03/03 18:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 22:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/10/24 05:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2697877


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - No CLSID value found
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110014&babsrc=SP_ss&mntrId=0ce2d266000000000000ec55f9887a3a
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes\{12BB3AD6-725E-4FF4-B692-0FAD5FB7FDA7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=POGO&o=APN10145&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A6C&apn_dtid=^YYYYYY^YY^US&apn_uid=49f38661-e9b4-4f38-b0e4-22e748ecd651&apn_sauid=C0E046A1-B2D7-4A6A-AE34-A40F753A31D8
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes\{37A5D390-A5F1-4FFF-81A1-61E32FA5A1DE}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=A0ECAEBA4D59A04BAF662A4FCBFE7C75&q={searchTerms}
IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nadya\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nadya\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/02 21:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/21 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadya\AppData\Roaming\Mozilla\Extensions
[2011/04/21 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadya\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/07/02 21:19:15 | 000,564,663 | ---- | M] () (No name found) -- C:\USERS\NADYA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I78KQVN9.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?AF=110014&babsrc=HP_ss&mntrId=0ce2d266000000000000ec55f9887a3a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://search.babylon.com/?AF=110014&babsrc=HP_ss&mntrId=0ce2d266000000000000ec55f9887a3a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nadya\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nadya\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Nadya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RCIEBrowserToolbar Class) - {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - C:\Program Files (x86)\RingCentral\RingCentral Call Controller\IEBHO.dll (RingCentral, Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (RingCentral For Internet Explorer) - {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\Program Files (x86)\RingCentral\RingCentral Call Controller\IEBHO.dll (RingCentral, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\Toolbar\WebBrowser: (no name) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - No CLSID value found.
O3 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\Toolbar\WebBrowser: (RingCentral For Internet Explorer) - {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\Program Files (x86)\RingCentral\RingCentral Call Controller\IEBHO.dll (RingCentral, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\Run: [RCHotKey] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\Run: [RCUI] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\RunOnce: [] cmd.exe /c rd /s /q "C:\Users\Nadya\AppData\Local\Temp\joi8F99.tmp" File not found
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\RunOnce: [join.me_joi8F99.tmp_cleanup] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001..\RunOnce: [join.me_joi9D40.tmp_cleanup] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files (x86)\Tracker\Tracker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.216.160.2 209.216.160.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76833B9B-8133-4566-89D6-0803E8DDFEE6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998F4F57-8051-4F15-A08E-439D18262AA2}: DhcpNameServer = 209.216.160.2 209.216.160.131
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{356318b5-670f-11e0-a0ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{356318b5-670f-11e0-a0ea-806e6f6e6963}\Shell\AutoRun\command - "" = D:\wubi.exe --cdmenu
O33 - MountPoints2\{e01a18c8-6a28-11e1-adfa-782bcb8e29bd}\Shell - "" = AutoRun
O33 - MountPoints2\{e01a18c8-6a28-11e1-adfa-782bcb8e29bd}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 12:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2012/07/04 23:26:40 | 000,037,704 | ---- | C] (RealVNC Ltd) -- C:\Windows\SysNative\VNCpm.dll
[2012/07/04 23:26:25 | 000,026,112 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\vncmirror.dll
[2012/07/04 23:26:25 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys
[2012/07/04 23:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
[2012/07/04 23:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2012/07/04 16:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/07/04 16:00:50 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/07/04 16:00:29 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/07/04 16:00:28 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/07/04 16:00:20 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/07/04 00:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Games
[2012/07/04 00:10:20 | 000,000,000 | ---D | C] -- C:\Games
[2012/07/03 01:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tri-Peaks 2 Quest for the Ruby Ring
[2012/07/03 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Roaming\Pogo Games
[2012/07/03 01:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
[2012/07/03 01:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWin.com
[2012/07/03 01:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PogoDGC
[2012/07/03 01:42:29 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Local\APN
[2012/07/03 01:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2012/07/02 21:19:14 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Roaming\Thunderbird
[2012/07/02 21:19:14 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Local\Thunderbird
[2012/07/02 21:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/06/24 14:54:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/24 14:54:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/24 14:54:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/24 14:54:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/24 14:54:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/24 14:54:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/24 14:54:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/24 14:54:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/24 14:54:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/24 14:54:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/24 14:54:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/24 14:54:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/24 14:54:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/22 03:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/22 03:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/22 03:52:03 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/22 03:52:03 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/22 01:17:25 | 000,000,000 | ---D | C] -- C:\Users\Nadya\Desktop\Important stuff
[2012/06/18 20:35:07 | 000,000,000 | ---D | C] -- C:\Users\Nadya\Documents\My Scans
[2012/06/18 02:37:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2012/06/17 19:54:29 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/17 19:54:29 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/17 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadya\Documents\VideoPad Projects
[2012/06/17 18:34:57 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Local\{3345E419-6C7D-406E-9EE5-460116C8B0CD}
[2012/06/17 18:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/06/17 18:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/06/15 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Nadya\Desktop\My Scans
[2012/06/13 21:35:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 21:35:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 21:35:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 21:35:11 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 21:35:10 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 21:35:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 21:35:06 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 21:35:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 21:35:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 20:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2314362622-205653357-2409116681-1001UA.job
[2012/07/12 20:49:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 16:45:31 | 002,185,310 | ---- | M] () -- C:\Users\Nadya\Desktop\photo-8.jpg
[2012/07/12 15:21:05 | 001,892,755 | ---- | M] () -- C:\Users\Nadya\Desktop\photo-7.jpg
[2012/07/12 00:50:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2314362622-205653357-2409116681-1001Core.job
[2012/07/11 22:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 21:48:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 21:48:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 12:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 23:14:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 23:14:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 23:47:45 | 000,000,000 | -H-- | M] () -- C:\Users\Nadya\Documents\Default.rdp
[2012/07/04 23:26:23 | 000,000,939 | ---- | M] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\VNC Viewer.lnk
[2012/07/04 23:26:23 | 000,000,915 | ---- | M] () -- C:\Users\Nadya\Desktop\VNC Viewer.lnk
[2012/07/04 16:25:10 | 000,000,927 | ---- | M] () -- C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk
[2012/07/04 16:10:00 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/04 16:01:00 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/07/04 16:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/04 00:30:10 | 000,001,880 | ---- | M] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk
[2012/07/04 00:30:10 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Play Pogo Games.lnk
[2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 09:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/07/03 09:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 09:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 09:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/02 21:19:11 | 000,002,072 | ---- | M] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/07/02 21:19:11 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/06/30 14:43:37 | 000,114,269 | ---- | M] () -- C:\Users\Nadya\Desktop\bookmarks_6_30_12.html
[2012/06/27 13:33:54 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/06/24 15:17:10 | 000,001,053 | ---- | M] () -- C:\Users\Nadya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/24 15:16:45 | 000,001,021 | ---- | M] () -- C:\Users\Nadya\Desktop\Dropbox.lnk
[2012/06/24 15:05:55 | 000,423,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/24 15:01:22 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/24 15:01:22 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/24 15:01:22 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/22 03:51:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/22 03:51:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/21 21:51:50 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2012/06/21 21:51:50 | 000,001,125 | ---- | M] () -- C:\WildTangent Games App - dell.lnk
[2012/06/17 18:34:23 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 16:45:31 | 002,185,310 | ---- | C] () -- C:\Users\Nadya\Desktop\photo-8.jpg
[2012/07/12 15:21:05 | 001,892,755 | ---- | C] () -- C:\Users\Nadya\Desktop\photo-7.jpg
[2012/07/04 23:47:45 | 000,000,000 | -H-- | C] () -- C:\Users\Nadya\Documents\Default.rdp
[2012/07/04 23:26:23 | 000,000,939 | ---- | C] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\VNC Viewer.lnk
[2012/07/04 23:26:23 | 000,000,915 | ---- | C] () -- C:\Users\Nadya\Desktop\VNC Viewer.lnk
[2012/07/04 16:10:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/04 16:10:00 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/04 16:01:00 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/07/04 00:30:10 | 000,001,880 | ---- | C] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk
[2012/07/04 00:30:10 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Play Pogo Games.lnk
[2012/07/02 21:19:11 | 000,002,072 | ---- | C] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/07/02 21:19:11 | 000,002,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/07/02 21:19:11 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/06/30 14:42:31 | 000,114,269 | ---- | C] () -- C:\Users\Nadya\Desktop\bookmarks_6_30_12.html
[2012/06/17 19:54:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 18:34:23 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012/06/17 18:34:23 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012/06/05 13:34:06 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2012/05/16 00:39:52 | 000,007,612 | ---- | C] () -- C:\Users\Nadya\AppData\Local\Resmon.ResmonCfg
[2012/05/12 18:54:48 | 000,005,125 | ---- | C] () -- C:\Users\Nadya\AppData\Local\recently-used.xbel
[2012/04/03 12:07:30 | 000,060,304 | ---- | C] () -- C:\Users\Nadya\g2mdlhlpx.exe
[2012/03/08 15:01:32 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2012/02/15 23:07:01 | 000,095,408 | ---- | C] () -- C:\Users\Nadya\AppData\Roaming\Scribe.dmp
[2012/01/10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/31 13:05:58 | 000,000,000 | ---- | C] () -- C:\Users\Nadya\AppData\Local\rx_image32.Cache
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/21 16:17:48 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/03 18:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/03/03 18:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/03 18:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 861 bytes -> C:\Users\Nadya\Documents\Bison Disc Quote 4 panel Option.eml:OECustomProperty
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:380B35D4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1D5877C6

< End of report >

OTL.extras

OTL Extras logfile created on: 7/12/2012 8:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nadya\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 32.56% Memory free
54.63 Gb Paging File | 48.21 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): c:\pagefile.sys 50000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 765.81 Gb Free Space | 83.45% Space Free | Partition Type: NTFS

Computer Name: NADYA-PC | User Name: Nadya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0986A820-C8FD-4174-8898-6A0C9084BE6F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B377B47-AFA2-4629-9AA4-19DEF4DC2A7A}" = rport=138 | protocol=17 | dir=out | app=system |
"{24DC13D5-21A1-4346-A113-F721C4887477}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30B2AC83-B4EB-482F-95E7-8D17F376307E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39AE2BFC-10BA-4BBA-B8B2-BA5A835CCD03}" = lport=445 | protocol=6 | dir=in | app=system |
"{40CEF769-35A6-40DB-8827-D1AFE43B453B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4695F36F-F49C-42EA-9CBB-694731E4DAC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F62168F-71CB-4A75-AA38-48E0665CE9B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54D5EA4A-690C-43B4-81E7-0CDEC88F13F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{557F43E2-52E8-4F67-A88A-924C30B92196}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BFCD80C-EC46-423E-9D4C-695004123431}" = lport=138 | protocol=17 | dir=in | app=system |
"{613BF6A3-77F1-467D-8303-C123409CC0C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E6B02D7-87A2-4630-A900-B9784FF322E4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70365109-D9E8-442E-82B5-92B54E186381}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{72B80893-05E6-448B-968F-EB4714CE02AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7411C64E-B1A5-44C5-9C37-55A85F0AA035}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77AC1099-2433-4F9A-9515-62070F9247FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{78FED75E-EA03-4F92-ABBD-E8DA1185E7BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{89B39713-46A4-47D7-9A1C-F81BA51FADC6}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{92FE3288-15C1-408B-892D-7810BB4539C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E9754B1-47BE-4A41-A273-EF98B4830DD4}" = lport=427 | protocol=17 | dir=in | name=slp |
"{BD5F26B1-3D21-4CC4-942C-4B3B9B26246B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDE62014-BADC-4502-96FF-CB8436A0413D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D01A9B78-3F0F-44E3-8B55-70B05E773AF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2D5A1DD-1B6C-46F9-82F9-BB35834249D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB3A8A11-A44E-4573-BC40-F4489A9FFE55}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{FA4E7093-A89A-4D53-8AEA-411404CD8368}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C2E40DF-786D-4AC5-B2E9-B758192005AF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0D2BB8AD-D7D6-42E2-85F7-49965413F19A}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{16632DF3-C906-464C-B24F-F73A5A0ECE59}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{17E1B23C-8ACA-4262-958D-2DE971189FF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18F24AD1-6176-4020-B913-76CD2CB254D9}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{1914773E-6053-485C-AEC9-7BD21391A676}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{1F9EAC56-A585-4E21-BC05-167DE4EFCFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{27D3E8F7-0DD1-4ADA-A4A7-84243A620BBF}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{27F0B343-F8BD-4A01-8A1E-CB949B207BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29E5F9B8-D3E8-4C6A-8FE4-DD16A3DF2A56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EF2A92D-DA37-41D9-9ED7-31314DCECD44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3B99673B-E3A8-4C19-AFED-3D76B55899EA}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{3D07483E-5A44-46E8-82CA-3CAA57AF1742}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{484B348A-2FB1-40C5-8D0A-7C0BFDBA24DF}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{4EAFB23E-60B6-44AC-AB3B-642ECEF79709}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EB11B9E-F725-4E7D-B7D9-2D6FFFE3BFA8}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{5D7A30D7-FE91-4872-9840-041D85BCAC4F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{5EC616A5-9FD9-4267-8D16-DF61CC89EF46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73E8787B-5983-4D30-B565-DE91B72AA470}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7CB2FFF1-DBA7-411F-9D80-EEE6391B2C8D}" = protocol=6 | dir=in | app=c:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe |
"{825CA3E7-89EB-49A0-BF8A-5D2DDFB7B266}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{892E7482-2BC3-4DB0-9310-42304A67B0B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C489BF6-B411-45A3-9B5B-0DAFC18AFBEB}" = protocol=6 | dir=out | app=system |
"{8E749BC7-4D79-4F7A-A194-59A33FB4F143}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{8F552735-5F99-48CB-8AB7-BB87E06185C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FBA27E1-DE5A-4F66-853C-64AB181D89AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{92A8E843-9091-409A-9AEB-1E8806872D88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99B8BC0B-80FA-4980-8A68-3B4B79FFF738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E9F85C1-3400-46A9-AACE-89AD123F5813}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A00B8599-B985-436E-874F-28617813777D}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{A8468E2F-15FC-4438-89D1-97FAA64240A7}" = protocol=6 | dir=in | app=d:\productinst64.exe |
"{AE570913-3E4E-4BA4-AC3B-9ED6EFED20F7}" = protocol=17 | dir=in | app=c:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe |
"{B11BFA7E-1E56-4FB5-BC62-1AE668E47CEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\18 wheels of steel extreme trucker\bin\win_x86\extremetrucker.exe |
"{B849DAF5-B551-4657-8AA8-3026C728FA03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA62B947-EA13-4FCA-9A59-44B4641DA3E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{C0C9639B-66D7-4A2B-B24F-A9128B7DEC80}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{C91685D4-800D-4481-B56F-6ABDEB95E94D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA5E1F7C-36A4-4561-886F-A573F6B6BDDA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CD28787E-D61E-4BDA-BCF2-DA2A4F1B3B7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CD366B5C-CA3A-44E6-B3F4-B487DB060BE1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CEF1BF1D-2652-4A4A-BD44-52EC338376A2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D09B5BC7-6EC5-4950-920D-23403AFF0CC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D23D3697-C948-4E14-8710-6974A4F491FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2633C1F-A7C4-4191-AB8E-EE7568F77A99}" = protocol=17 | dir=in | app=c:\users\nadya\desktop\limewire\limewire.exe |
"{D3141FAC-ED8E-4A78-A4F2-A79965563BCE}" = protocol=17 | dir=in | app=d:\productinst64.exe |
"{DD4D5FED-B706-49C3-8B01-F43455E1AA38}" = protocol=6 | dir=in | app=c:\users\nadya\desktop\limewire\limewire.exe |
"{DDAC2770-3DF4-4690-8DC2-45BD55E54F97}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DE11AD0F-3822-4DC3-97DA-70948674A98F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E178957B-CD61-4819-BAC6-38B4344A573F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\18 wheels of steel extreme trucker\bin\win_x86\extremetrucker.exe |
"{E35ECBD8-867C-4117-B05B-920785177783}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE05AD68-E88E-43F0-B190-4CD760F6AD52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9F0766D-AA32-4605-9B2D-EDCF04BDFEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{FBE10440-3E76-47A5-B71D-DC98C9EFA530}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{0279C56B-B512-4E7C-889C-4379F0A5A252}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5DD2103F-933F-4F84-B48F-2AF71B09EF66}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{789FD35B-552A-45D9-A4ED-3B4C33299233}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{CD98EE42-AFD4-415F-A7D9-9443897519E9}C:\users\nadya\documents\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\nadya\documents\limewire\limewire.exe |
"TCP Query User{D3276853-32CD-4C4C-87E2-2E74941E442A}C:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{06A0F88B-CC55-4A05-9595-8953E844A83C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{504C52F2-8CC1-4A61-A301-3117B780AA19}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{8EE5A6FB-B31B-4AFA-B540-F53E5D9A2E16}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{C0B8F1A7-8D03-4E77-98FE-8E6DBC9D433D}C:\users\nadya\documents\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\nadya\documents\limewire\limewire.exe |
"UDP Query User{F907C777-D6A6-4367-BD8A-6CCDD4AF0C6B}C:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nadya\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1FA6376A-3120-45DA-8686-96DEFC8A0513}" = HP LaserJet Toolbox
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}" = HP LaserJet Professional M1210 MFP Series Toolbox
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A26791D3-EF9C-41D5-A526-D5C6CF70CE8E}" = Talking Alarm Clock 2.0
"{AD573731-6B28-4DBB-B572-11D9FDC34CDE}" = SmartFTP Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65099C4-9110-4C31-BD03-5C17EFB5FE92}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.0
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"RealVNC_is1" = VNC Server 5.0.0
"RealVNCViewer_is1" = VNC Viewer 5.0.0
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC4CAAE-52A6-46E4-9653-8F5FE303A02E}" = HiveDesk for Windows
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30ED44CB-7314-4C6E-800C-C4BADDE67D8A}" = 18 Wheels of Steel Extreme Trucker
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFB9315-8964-B381-2167-0C0FE726CD99}" = Tracker
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Artisteer 3" = Artisteer 3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"avast" = avast! Internet Security
"com.elance.tracker" = Tracker
"CrossFTP" = CrossFTP (remove only)
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"LiveUSB Creator" = LiveUSB Creator (remove only)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PogoDGC" = Pogo Games (remove only)
"RingCentral" = RingCentral Call Controller
"Scribe" = Express Scribe
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Steam App 33730" = 18 Wheels of Steel: Extreme Trucker
"TightVNC" = TightVNC 2.0.4
"Trusted Software Assistant_is1" = File Type Assistant
"Tux Paint_is1" = Tux Paint 0.9.21c
"VideoPad" = VideoPad Video Editor
"Vid-Saver" = Vid-Saver
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-03ac9beb-e70d-4dd3-832c-60ed77b2c411" = Jewel Quest Solitaire
"WTA-0b1717ff-be5a-433e-8689-df9864e00f3c" = Dora Saves the Crystal Kingdom
"WTA-7da5cf3e-68cf-4eb3-a2e7-7747999b14b5" = RollerCoaster Tycoon 3: Platinum
"WTA-c5b68b2f-c3be-4703-9d75-9ef61580e04f" = Jewel Quest Solitaire 3
"WTA-cdb9a935-be6f-4842-8bc6-224053b70905" = Eighteen Wheels of Steel Haulin'

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2314362622-205653357-2409116681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JoinMe" = join.me
"oDVT" = oDesk Team

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2012 11:35:48 PM | Computer Name = Nadya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 19.0.1084.52, time
stamp: 0x4fbc2f58 Faulting module name: chrome.dll, version: 19.0.1084.52, time
stamp: 0x4fbc2ede Exception code: 0x80000003 Fault offset: 0x0051d4c6 Faulting process
id: 0xd68 Faulting application start time: 0x01cd42004b550f20 Faulting application
path: C:\Users\Nadya\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Users\Nadya\AppData\Local\Google\Chrome\Application\19.0.1084.52\chrome.dll
Report
Id: 5fb4c95f-adf6-11e1-a6ec-782bcb8e29bd

Error - 6/4/2012 10:49:35 AM | Computer Name = Nadya-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/4/2012 10:49:36 AM | Computer Name = Nadya-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/4/2012 10:49:39 AM | Computer Name = Nadya-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/5/2012 4:34:14 PM | Computer Name = Nadya-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 6/15/2012 2:10:19 AM | Computer Name = Nadya-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.8.0.158 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16f0 Start Time:
01cd47f11fa9b518 Termination Time: 188 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id:

Error - 6/17/2012 4:04:02 AM | Computer Name = Nadya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: prism3d.exe, version: 1.0.0.1, time stamp:
0x454070b0 Faulting module name: prism3d.exe, version: 1.0.0.1, time stamp: 0x454070b0
Exception
code: 0xc0000005 Fault offset: 0x0005a155 Faulting process id: 0x2d38 Faulting application
start time: 0x01cd4c5f16fcd333 Faulting application path: C:\Program Files (x86)\WildGames\18
Wheels of Steel Haulin\prism3d.exe Faulting module path: C:\Program Files (x86)\WildGames\18
Wheels of Steel Haulin\prism3d.exe Report Id: ffc50d10-b852-11e1-9566-782bcb8e29bd

Error - 6/17/2012 5:10:13 AM | Computer Name = Nadya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: prism3d.exe, version: 1.0.0.1, time stamp:
0x454070b0 Faulting module name: p3core.dll, version: 0.0.0.0, time stamp: 0x45407096
Exception
code: 0xc0000005 Fault offset: 0x0000a155 Faulting process id: 0x2408 Faulting application
start time: 0x01cd4c5fdf8cdb50 Faulting application path: C:\Program Files (x86)\WildGames\18
Wheels of Steel Haulin\prism3d.exe Faulting module path: C:\Program Files (x86)\WildGames\18
Wheels of Steel Haulin\p3core.dll Report Id: 3ec7d08c-b85c-11e1-9566-782bcb8e29bd

Error - 6/18/2012 3:25:56 AM | Computer Name = Nadya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000019 Faulting process id: 0x2724 Faulting application
start time: 0x01cd4d23990092c5 Faulting application path: c:\program files (x86)\wildtangent
games\app\PatchHelper.exe Faulting module path: unknown Report Id: d79a4fe7-b916-11e1-9566-782bcb8e29bd

Error - 6/22/2012 12:51:54 AM | Computer Name = Nadya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Exception code: 0xc0000409 Fault offset: 0x00020023 Faulting process
id: 0x1d98 Faulting application start time: 0x01cd5032bd9f0f78 Faulting application
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Faulting module
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Report Id: fcc3a983-bc25-11e1-9566-782bcb8e29bd

[ Dell Events ]
Error - 6/25/2011 4:26:34 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/2/2011 4:26:43 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/2/2011 4:26:43 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/30/2011 4:36:08 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/30/2011 4:36:08 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/6/2011 4:36:06 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/6/2011 4:36:06 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/13/2011 4:36:59 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/13/2011 4:36:59 PM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/23/2011 11:00:02 AM | Computer Name = Nadya-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 7/4/2012 7:05:58 PM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
LaserJet Service service to connect.

Error - 7/4/2012 7:05:58 PM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%1053

Error - 7/4/2012 7:07:06 PM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 7/4/2012 7:23:32 PM | Computer Name = Nadya-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:16:26 PM on ?7/?4/?2012 was unexpected.

Error - 7/4/2012 7:24:26 PM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 7/5/2012 1:44:29 AM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 7/6/2012 8:28:45 PM | Computer Name = Nadya-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/10/2012 3:22:17 AM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 7/11/2012 12:02:30 AM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 7/11/2012 3:17:43 PM | Computer Name = Nadya-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058


< End of report >


Thanks again for all your help!

#13 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 13 July 2012 - 01:33 PM

Hi nasha155 :)
I would like to start by noticing how good you are doing, please keep up the awesome work you do. Now to continue our removal, I will make a full backup of your registry with ERUNT. Please do the following:

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe (use the shortcut on your desktop if you used the installer). Follow the prompts leaving the values at default.

After that we need to follow up with a OTL fix, please do this:
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    PRC - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
    SRV - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
    SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\Toolbar\WebBrowser: (no name) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - No CLSID value found.
    IE - HKU\S-1-5-21-2314362622-205653357-2409116681-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    [2012/07/04 00:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Games
    [2012/07/03 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\Nadya\AppData\Roaming\Pogo Games
    [2012/07/03 01:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
    [2012/07/03 01:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWin.com
    [2012/07/03 01:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PogoDGC
    [2012/07/03 01:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
    [2012/06/18 02:37:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
    [2012/07/04 00:30:10 | 000,001,880 | ---- | M] () -- C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk
    [2012/07/04 00:30:10 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Play Pogo Games.lnk
    [2012/06/21 21:51:50 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
    [2012/06/21 21:51:50 | 000,001,125 | ---- | M] () -- C:\WildTangent Games App - dell.lnk
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

In your next reply I expect to see:
How did the backup of the registry go?
OTL report

Best Regards,
Karsten

Edited by KarstenHansen, 13 July 2012 - 02:06 PM.


#14 nasha155

nasha155
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 13 July 2012 - 11:38 PM

Hi Karsten,

The backup of the registry went well, and there were no issues.

Here is the log that you asked for from OTL:


========== OTL ==========
Process PGMTrusted.exe killed successfully!
Service PGMTrusted stopped successfully!
Service PGMTrusted deleted successfully!
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe moved successfully.
Service GamesAppService stopped successfully!
Service GamesAppService deleted successfully!
C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2314362622-205653357-2409116681-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1AEC5771-FCD6-4537-A6B7-5F1935FD527C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AEC5771-FCD6-4537-A6B7-5F1935FD527C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2314362622-205653357-2409116681-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
C:\Program Files (x86)\Pogo Games\sounds folder moved successfully.
C:\Program Files (x86)\Pogo Games\pages folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\styles folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\scripts folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\product folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\plans folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\ous folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\misc folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\global folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\common folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images\buttons folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\images folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage\css folder moved successfully.
C:\Program Files (x86)\Pogo Games\gamepage folder moved successfully.
C:\Program Files (x86)\Pogo Games\firefox\chrome folder moved successfully.
C:\Program Files (x86)\Pogo Games\firefox folder moved successfully.
C:\Program Files (x86)\Pogo Games folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\Images\Badges\sm folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\Images\Badges folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\Images folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\hair\f folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\hair folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\garm-fb\f2 folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\garm-fb folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\face\f folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\face folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\body-lb\f2 folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\body-lb folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\body-fb\f2 folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg\body-fb folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache\avatarimg folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common\Cache folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games\Common folder moved successfully.
C:\Users\Nadya\AppData\Roaming\Pogo Games folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC\Games folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC folder moved successfully.
C:\Program Files (x86)\iWin.com\Tri-Peaks 2 Quest for the Ruby Ring\Sounds\Music folder moved successfully.
C:\Program Files (x86)\iWin.com\Tri-Peaks 2 Quest for the Ruby Ring\Sounds folder moved successfully.
C:\Program Files (x86)\iWin.com\Tri-Peaks 2 Quest for the Ruby Ring folder moved successfully.
C:\Program Files (x86)\iWin.com folder moved successfully.
C:\ProgramData\PogoDGC\opal folder moved successfully.
C:\ProgramData\PogoDGC\drm\data folder moved successfully.
C:\ProgramData\PogoDGC\drm folder moved successfully.
C:\ProgramData\PogoDGC folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games folder moved successfully.
C:\Users\Public\Documents\iwin\JQSolitaire3\cfg\layouts folder moved successfully.
C:\Users\Public\Documents\iwin\JQSolitaire3\cfg folder moved successfully.
C:\Users\Public\Documents\iwin\JQSolitaire3 folder moved successfully.
C:\Users\Public\Documents\iwin folder moved successfully.
C:\Users\Nadya\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk moved successfully.
C:\Users\Public\Desktop\Play Pogo Games.lnk moved successfully.
C:\Users\Public\Desktop\WildTangent Games App - dell.lnk moved successfully.
C:\WildTangent Games App - dell.lnk moved successfully.

OTL by OldTimer - Version 3.2.54.0 log created on 07132012_212921


Thanks again for being so helpful :)

#15 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 14 July 2012 - 08:06 AM

Hi nasha155 :)
You are ofcourse most welcome. I want you to know that I think you too do a wonderful job. How is the PC behaving now after we removed those Online Gaming/FUNWEB/Conduit issues, you seemed to experience, is it any better now?

Also another thing I want to let you know is this; Spybot S&D is very old and often makes those kind of bad identifications, and therefore you would really be better off without it. You can change it out with Malwarebytes Anti-Malware or SUPERAntiSpyware or even EMSISoft Anti-Malware. Personally I use Malwarebytes realtime protection and it does a SUPERB job at helping me stay CLEAN.

Think about these things and please for your own sake uninstall Spybot. It is though your choice and if you want to keep it you can do that too. Just know that you cannot always trust the results of such an old product. For example what Spybot thought was a banker, was really only some privacy/online gaming products/Conduit/FUNWEB issues, that I removed, so you should experience no issues now.

Best Regards
Karsten

Let's continue onto page :step2:

Edited by KarstenHansen, 14 July 2012 - 01:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users