Jump to content

masterrwong

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. masterrwong
    I have another user profile on the machine, that profile's firefox was sill pointing to babylon search, I deleted some unknow add-ons and change the home page URL in firefox, so far so good. All in all, my machine is running fine. Any more tips or things I need to do. Thanks!!!
  2. masterrwong
    Thanks! Here is the threads report from AVP. Status: Deleted (events: 1) 7/7/2012 3:32:48 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\06222012_204455\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ High
  3. masterrwong
    I downloaded KVRT Version 11 (11.0.0.1245) but it wouldn't install. I saw the splash screen of it extracting some files to my temp directory, then the screen/window close and nothing. Thoughts?
  4. masterrwong
    Hi Maniac, Sorry for the late update, life has been beyond busy. After the scan was completed, I couldn't find C:\Program Files\EsetOnlineScanner\log.txt I found this instead C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt, and here is its content: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK That's it, 3 lines. Thanks for the help as always.
  5. masterrwong
    Great, rebooted and all shortcuts are working as usual. Here is comboxfix.txt ComboFix 12-06-25.05 - Royce 06/25/2012 20:58:08.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2523 [GMT -7:00] Running from: c:\users\Royce\Desktop\ComboFix.exe Command switches used :: c:\users\Royce\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))) . . 2012-06-26 04:07 . 2012-06-26 04:07 -------- d-----w- c:\users\Hayden\AppData\Local\temp 2012-06-26 04:07 . 2012-06-26 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-26 03:51 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8D2C03E-AE74-4644-949A-D15915EA29B2}\mpengine.dll 2012-06-23 20:45 . 2012-06-23 20:45 -------- d-----w- c:\users\Hayden\AppData\Local\Macromedia 2012-06-23 03:55 . 2012-06-23 03:56 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP 2012-06-23 03:44 . 2012-06-23 03:44 -------- d-----w- C:\_OTL 2012-06-20 05:12 . 2012-06-23 03:56 -------- d-----w- C:\sh4ldr 2012-06-20 05:12 . 2012-06-20 05:12 -------- d-----w- c:\program files\Enigma Software Group 2012-06-20 05:11 . 2012-06-20 05:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-06-20 04:41 . 2012-06-20 04:41 -------- d-----w- c:\users\Royce\AppData\Local\Macromedia 2012-06-20 04:40 . 2012-06-20 04:40 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-20 04:40 . 2012-06-20 04:40 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\Malwarebytes 2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\dvdcss 2012-06-20 04:03 . 2012-06-20 04:03 -------- d-----w- c:\users\Hayden\AppData\Roaming\dvdcss 2012-06-20 04:02 . 2012-06-20 04:08 -------- d-----w- c:\users\Hayden\AppData\Roaming\ConverterLite 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\programdata\ActivePath 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Google 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Giant Savings 2012-06-20 04:01 . 2012-06-20 04:20 -------- d-----w- c:\program files (x86)\Giant Savings 2012-06-20 04:00 . 2012-06-20 04:00 -------- d-----w- c:\program files (x86)\Playbryte 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\users\Hayden\AppData\Roaming\Malwarebytes 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\programdata\Malwarebytes 2012-06-19 05:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-19 04:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 04:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 04:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 04:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 04:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 04:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 04:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 04:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 04:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 15:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-15 15:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-15 15:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-15 15:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-15 15:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-15 15:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-15 15:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-15 15:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-15 15:55 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-15 15:55 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-15 15:55 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-15 15:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-15 15:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-15 15:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-15 15:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-15 15:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-15 15:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-11 16:52 . 2012-06-11 16:52 -------- d-----w- c:\users\Royce\AppData\Roaming\Apple Computer 2012-06-02 22:31 . 2012-06-23 04:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-27 04:12 . 2012-05-27 04:16 -------- d-----w- c:\users\Hayden\AppData\Roaming\Apple Computer 2012-05-27 04:12 . 2012-05-27 04:12 -------- d-----w- c:\users\Hayden\AppData\Local\Apple Computer 2012-05-27 04:12 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-05-27 04:12 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-05-27 04:10 . 2012-05-27 04:11 -------- d-----w- c:\programdata\Apple . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 04:08 . 2011-06-04 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-30 11:35 . 2012-05-12 19:55 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-25_04.36.31 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-26 03:43 . 2012-06-26 03:43 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-06-25 04:34 . 2012-06-25 04:34 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2009-04-29 12:31 . 2012-06-25 04:37 38722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-26 03:46 31984 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-03-14 03:00 . 2012-06-26 03:43 4866 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-04-30 19:33 . 2012-06-26 03:46 4038 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2318586025-2754874566-3958745835-1003_UserData.bin - 2012-06-25 04:35 . 2012-06-25 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-26 03:44 . 2012-06-26 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-26 03:44 . 2012-06-26 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-25 04:35 . 2012-06-25 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-06-26 03:47 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-25 04:12 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-10 22:44 . 2012-06-25 09:19 415090 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-26 03:51 624864 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-23 03:56 624864 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-23 03:56 106950 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-26 03:51 106950 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-06-25 04:34 232148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-26 03:43 232148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:54 . 2012-06-25 04:12 3375104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-26 03:47 3375104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-25 04:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-26 03:47 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeePass Password Safe"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2010-09-01 787456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040] . c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-06-26 c:\windows\Tasks\ActiveMail Updater.job - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-06-20 17:23] . 2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 04:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.15.1 FF - ProfilePath - c:\users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-25 21:19:57 ComboFix-quarantined-files.txt 2012-06-26 04:19 ComboFix2.txt 2012-06-25 04:46 . Pre-Run: 386,345,947,136 bytes free Post-Run: 386,061,443,072 bytes free . - - End Of File - - 0ACD98E99E5B14427590F68B2C650125
  6. masterrwong
    Uh O! I ran combofix, but after it rebooted the machine, I wan't able to start any of my applications, including Firefox, Notepad, Window Explorer, etc. Can't even run "cmd". All resulted in "Illegal operation attempted on a registry key that has been marked as deletion." HELP!!!! I am not sure if this is the combofix.txt (and I don't know a way to get to it since my Window Explorer is not working), but this is the log file that poped up after reboot. ComboFix 12-06-24.03 - Royce 06/24/2012 21:23:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1960 [GMT -7:00] Running from: c:\users\Royce\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 ))))))))))))))))))))))))))))))) . . 2012-06-23 20:45 . 2012-06-23 20:45 -------- d-----w- c:\users\Hayden\AppData\Local\Macromedia 2012-06-23 03:55 . 2012-06-23 03:56 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP 2012-06-23 03:44 . 2012-06-23 03:44 -------- d-----w- C:\_OTL 2012-06-20 05:12 . 2012-06-23 03:56 -------- d-----w- C:\sh4ldr 2012-06-20 05:12 . 2012-06-20 05:12 -------- d-----w- c:\program files\Enigma Software Group 2012-06-20 05:11 . 2012-06-20 05:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-06-20 04:41 . 2012-06-20 04:41 -------- d-----w- c:\users\Royce\AppData\Local\Macromedia 2012-06-20 04:40 . 2012-06-20 04:40 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-20 04:40 . 2012-06-20 04:40 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\Malwarebytes 2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\dvdcss 2012-06-20 04:03 . 2012-06-20 04:03 -------- d-----w- c:\users\Hayden\AppData\Roaming\dvdcss 2012-06-20 04:02 . 2012-06-20 04:08 -------- d-----w- c:\users\Hayden\AppData\Roaming\ConverterLite 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\programdata\ActivePath 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Google 2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Giant Savings 2012-06-20 04:01 . 2012-06-20 04:20 -------- d-----w- c:\program files (x86)\Giant Savings 2012-06-20 04:00 . 2012-06-20 04:00 -------- d-----w- c:\program files (x86)\Playbryte 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\users\Hayden\AppData\Roaming\Malwarebytes 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\programdata\Malwarebytes 2012-06-19 05:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-19 04:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 04:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 04:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 04:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 04:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 04:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 04:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 04:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 04:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 15:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-15 15:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-15 15:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-15 15:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-15 15:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-15 15:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-15 15:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-15 15:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-15 15:55 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-15 15:55 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-15 15:55 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-15 15:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-15 15:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-15 15:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-15 15:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-15 15:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-15 15:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-11 16:52 . 2012-06-11 16:52 -------- d-----w- c:\users\Royce\AppData\Roaming\Apple Computer 2012-06-02 22:31 . 2012-06-23 04:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-02 04:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B999A0D3-D8B3-428E-A732-D381D0F0A327}\mpengine.dll 2012-05-27 04:12 . 2012-05-27 04:16 -------- d-----w- c:\users\Hayden\AppData\Roaming\Apple Computer 2012-05-27 04:12 . 2012-05-27 04:12 -------- d-----w- c:\users\Hayden\AppData\Local\Apple Computer 2012-05-27 04:12 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-05-27 04:12 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-05-27 04:10 . 2012-05-27 04:11 -------- d-----w- c:\programdata\Apple . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 04:08 . 2011-06-04 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-30 11:35 . 2012-05-12 19:55 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeePass Password Safe"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2010-09-01 787456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040] . c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPNAT *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-25 c:\windows\Tasks\ActiveMail Updater.job - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-06-20 17:23] . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 04:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.15.1 FF - ProfilePath - c:\users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000005cac4cf14fbe FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000005cac4cf14fbe FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:02 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-06-24 21:46:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-25 04:46 . Pre-Run: 383,851,311,104 bytes free Post-Run: 386,556,145,664 bytes free . - - End Of File - - 56FAA1EC0FB8215009CE2B82BB82AF30
  7. masterrwong
    Here are the OTL and Malwarebytes' Anti-Malware logs. Seems promising, Malwarebytes' Anti-Malware didn't detect anything. Keeping my fingers cross! Thanks for the help again, awaiting for your reply. All processes killed ========== OTL ========== HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\skin folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\locale folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\defaults folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome\content folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\skin folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\locale\en-US folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\locale folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\defaults folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome\content\lib folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome\content folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome folder moved successfully. C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully. C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully. C:\Users\Hayden\AppData\Roaming\Babylon folder moved successfully. C:\Users\Hayden\AppData\Roaming\BabylonToolbar\Shared folder moved successfully. C:\Users\Hayden\AppData\Roaming\BabylonToolbar\IE folder moved successfully. C:\Users\Hayden\AppData\Roaming\BabylonToolbar\FF folder moved successfully. C:\Users\Hayden\AppData\Roaming\BabylonToolbar\CR folder moved successfully. C:\Users\Hayden\AppData\Roaming\BabylonToolbar folder moved successfully. ========== FILES ========== C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} scheduled to be moved on reboot. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Royce\Desktop\cmd.bat deleted successfully. C:\Users\Royce\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hayden ->Temp folder emptied: 14405801818 bytes ->Temporary Internet Files folder emptied: 152076950 bytes ->Java cache emptied: 290617 bytes ->FireFox cache emptied: 90661928 bytes ->Flash cache emptied: 1816 bytes User: Public User: Royce ->Temp folder emptied: 206973414 bytes ->Temporary Internet Files folder emptied: 4536375 bytes ->Java cache emptied: 16527 bytes ->FireFox cache emptied: 47679815 bytes ->Flash cache emptied: 14772 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 189872 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 429950085 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36062897 bytes RecycleBin emptied: 68899254 bytes Total Files Cleaned = 14,728.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06222012_204455 Files\Folders moved on Reboot... C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. C:\Users\Royce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Royce :: HAYDEN-PC [administrator] Protection: Enabled 6/22/2012 8:59:06 PM mbam-log-2012-06-22 (20-59-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225808 Time elapsed: 2 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. masterrwong
    I tried but can't uninstall PlayBryte (300k) through Control Panel. The mouse icon spinned for couple seconds, that's all. Awaiting for you next suggestion. Thanks again.
  9. masterrwong
    Thanks for the response. Here are the logs from OTL. OTL logfile created on: 6/20/2012 8:52:07 PM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Royce\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.43% Memory free 7.73 Gb Paging File | 5.42 Gb Available in Paging File | 70.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 343.31 Gb Free Space | 76.12% Space Free | Partition Type: NTFS Drive D: | 1023.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: HAYDEN-PC | User Name: Royce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/20 20:50:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe PRC - [2012/06/19 21:40:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/06/19 21:12:15 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/09/01 10:21:44 | 000,787,456 | ---- | M] (Dominik Reichl) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010/06/08 08:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/06/08 08:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/03 12:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 12:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/29 12:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/10/15 01:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ========== Modules (No Company Name) ========== MOD - [2012/06/19 21:40:56 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/06/19 21:12:15 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2012/06/16 03:35:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll MOD - [2012/06/16 03:34:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/16 03:34:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/19 03:40:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/19 03:40:44 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll MOD - [2012/05/19 03:30:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/19 03:29:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/19 03:29:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll MOD - [2012/05/19 03:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/19 03:29:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/19 03:29:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/08/11 16:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2010/08/11 16:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2010/08/11 16:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010/08/11 16:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2010/08/11 16:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2010/08/11 16:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2010/08/11 16:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010/02/09 11:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010/02/09 11:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010/02/09 11:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010/02/09 11:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2010/02/09 11:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/10/15 01:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/10/15 01:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll MOD - [2009/09/27 22:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/06/02 14:59:36 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/06/01 23:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/02/02 23:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009/12/29 12:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/06/19 21:12:15 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/10/26 01:42:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/10/26 01:32:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/06/08 08:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 12:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/03 12:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/06/08 08:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/06/01 22:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/17 14:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/02/02 23:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2010/02/02 23:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2010/02/02 23:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=050412_30b&babsrc=SP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 21:40:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/20 18:58:38 | 000,000,000 | ---D | M] [2011/03/15 22:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Royce\AppData\Roaming\Mozilla\Extensions [2012/06/19 22:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions [2012/06/19 22:24:11 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com [2012/06/19 21:01:06 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com [2012/02/20 18:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/19 21:40:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/16 22:17:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/19 21:01:03 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.) O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found. O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003..\Run: [KeePass Password Safe] C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400}: DhcpNameServer = 192.168.15.1 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 20:50:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe [2012/06/19 23:08:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Royce\Desktop\dds.com [2012/06/19 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2012/06/19 22:12:33 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/06/19 22:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/06/19 22:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/06/19 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Local\Macromedia [2012/06/19 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Malwarebytes [2012/06/19 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\dvdcss [2012/06/19 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath [2012/06/19 21:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings [2012/06/19 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playbryte [2012/06/18 22:02:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/11 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Apple Computer [2012/05/26 21:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/26 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/05/26 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/05/26 21:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/05/26 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/05/26 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/05/26 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/05/26 21:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 20:50:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe [2012/06/20 20:49:03 | 000,000,025 | ---- | M] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb.lock [2012/06/20 20:44:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/20 20:44:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job [2012/06/20 20:44:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/19 23:08:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Royce\Desktop\dds.com [2012/06/19 22:12:34 | 000,002,260 | ---- | M] () -- C:\Users\Royce\Desktop\SpyHunter.lnk [2012/06/19 21:40:59 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/19 21:40:59 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/19 21:40:50 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/19 21:40:50 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/19 21:40:50 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/19 21:32:45 | 3113,234,432 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 21:02:26 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\ConverterLite.lnk [2012/06/19 21:01:18 | 000,000,501 | ---- | M] () -- C:\user.js [2012/06/18 22:02:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/16 03:31:13 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/31 11:06:16 | 000,435,388 | ---- | M] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb [2012/05/26 21:12:46 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/19 22:51:24 | 000,000,025 | ---- | C] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb.lock [2012/06/19 22:12:34 | 000,002,260 | ---- | C] () -- C:\Users\Royce\Desktop\SpyHunter.lnk [2012/06/19 21:38:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ [2012/06/19 21:01:19 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job [2012/06/18 22:02:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/02 15:31:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/02 15:30:58 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ [2012/06/02 15:30:57 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ [2012/06/02 15:30:57 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ [2012/06/02 15:30:52 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ [2012/06/02 15:30:49 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ [2012/06/02 15:30:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ [2012/05/26 21:12:46 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/26 21:11:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2011/11/09 20:26:02 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2011/04/29 18:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/10 15:18:13 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/26 03:28:55 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/26 03:26:00 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010/10/26 03:26:00 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010/10/26 03:26:00 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini [2010/10/26 03:26:00 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini [2010/10/26 03:26:00 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini [2010/10/26 03:26:00 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2010/10/26 03:26:00 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini [2010/10/26 01:39:50 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010/10/26 00:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012/06/19 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\Babylon [2012/06/19 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\BabylonToolbar [2012/06/19 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\ConverterLite [2011/03/16 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\KeePass [2012/04/15 12:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\SoftGrid Client [2011/03/10 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\TP [2012/04/15 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Babylon [2012/06/19 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\ConverterLite [2011/07/31 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\KeePass [2011/10/22 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Windows Live Writer [2012/04/15 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Wondershare Video Converter Platinum [2012/06/20 20:44:55 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\ActiveMail Updater.job [2009/07/13 22:08:49 | 000,018,296 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/20/2012 8:52:15 PM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Royce\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.43% Memory free 7.73 Gb Paging File | 5.42 Gb Available in Paging File | 70.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 343.31 Gb Free Space | 76.12% Space Free | Partition Type: NTFS Drive D: | 1023.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: HAYDEN-PC | User Name: Royce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs "{18F97AF0-4F88-4494-AFE2-5A5702E142CC}" = SpyHunter "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) "DW WLAN Card Utility" = DW WLAN Card Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012 "{0E42A955-54D0-49CB-9ABA-78B506F88436}" = ActiveMail "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime "{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese "{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding "{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista "{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean "{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English "{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Advanced Audio FX Engine" = Advanced Audio FX Engine "ConverterLite" = ConverterLite 1.5.0 "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "Giant Savings" = Giant Savings "GoToAssist" = GoToAssist 8.0.0.514 "KeePass Password Safe_is1" = KeePass Password Safe 1.18 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Playbryte" = PlayBryte "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/31/2012 8:37:11 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5117 Error - 5/31/2012 8:37:11 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5117 Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6115 Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6115 Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7113 Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7113 Error - 5/31/2012 8:37:14 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/31/2012 8:37:14 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8143 [ Broadcom Wireless LAN Events ] Error - 6/19/2012 1:12:04 AM | Computer Name = Hayden-PC | Source = WLAN-Tray | ID = 0 Description = 22:12:00, Mon, Jun 18, 12 Error - Unable to gain access to user store [ Dell Events ] Error - 3/12/2011 12:55:18 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/15/2011 11:22:37 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/15/2011 11:22:37 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/27/2011 5:43:29 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/27/2011 5:43:29 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 5/7/2011 4:48:08 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 5/7/2011 4:48:08 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 6/9/2011 10:36:37 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 6/9/2011 10:36:37 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 1/31/2012 1:31:43 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 1/6/2012 6:30:19 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/6/2012 2:33:01 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/6/2012 5:43:32 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/7/2012 12:22:31 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/7/2012 11:59:46 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/8/2012 6:45:19 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/9/2012 12:49:27 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/9/2012 3:38:03 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/10/2012 1:17:37 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error - 1/10/2012 5:51:13 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. < End of report >
  10. masterrwong
    Yup, stupid me, got infected. Google search with random ads. opening and redirect. I use Win7 and FireFox. Google Thanks for the help in advance. Read other posts and I must say I am impress with all the helpers. So there it goes, my DDS logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Royce at 23:09:49 on 2012-06-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1581 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\KeePass Password Safe\KeePass.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskmgr.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: ActiveMail: {ef7aed5f-0c26-4820-a570-7da8b6d93f4a} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File uRun: [KeePass Password Safe] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Royce\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.15.1 TCP: Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400}\56078656D6562716C6D27657563747 : DhcpNameServer = 192.168.3.1 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO-X64: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll BHO-X64: ActiveMail - No File TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000005cac4cf14fbe FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000005cac4cf14fbe FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:02:26 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-26 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-26 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-26 689472] R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-26 2320920] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 257224] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe 2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe 2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe 2012-06-20 05:12:33 -------- d-----w- C:\sh4ldr 2012-06-20 05:12:33 -------- d-----w- C:\Program Files\Enigma Software Group 2012-06-20 05:11:34 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP 2012-06-20 05:11:32 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-06-20 04:41:10 -------- d-----w- C:\Users\Royce\AppData\Local\Macromedia 2012-06-20 04:40:56 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-20 04:40:56 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-06-20 04:11:49 -------- d-----w- C:\Users\Royce\AppData\Roaming\Malwarebytes 2012-06-20 04:01:17 -------- d-----w- C:\ProgramData\ActivePath 2012-06-20 04:01:05 -------- d-----w- C:\Program Files (x86)\Giant Savings 2012-06-20 04:00:27 -------- d-----w- C:\Program Files (x86)\Playbryte 2012-06-19 05:02:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-19 05:02:31 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-19 05:02:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-19 04:30:56 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 04:30:35 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 04:30:20 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 04:30:20 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-15 15:56:05 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-15 15:56:03 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-15 15:55:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-15 15:55:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-15 15:55:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-15 15:55:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-15 15:55:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-15 15:55:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-15 15:55:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-15 15:55:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-15 15:55:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-15 15:55:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-15 15:54:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-15 15:54:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-15 15:54:52 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-15 15:54:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-15 15:54:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-10 05:08:39 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-06-02 22:31:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-02 04:26:51 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B999A0D3-D8B3-428E-A732-D381D0F0A327}\mpengine.dll 2012-05-27 04:12:44 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-05-27 04:12:44 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-05-27 04:12:44 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-05-27 04:12:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-05-27 04:12:15 -------- d-----w- C:\Program Files\iTunes 2012-05-27 04:12:15 -------- d-----w- C:\Program Files\iPod 2012-05-27 04:12:15 -------- d-----w- C:\Program Files (x86)\iTunes 2012-05-27 04:10:51 -------- d-----w- C:\Program Files\Bonjour 2012-05-27 04:10:51 -------- d-----w- C:\Program Files (x86)\Bonjour . ==================== Find3M ==================== . 2012-06-20 04:12:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-26 21:24:46 892928 ----a-w- C:\Windows\SysWow64\iconv.dll 2012-03-26 21:24:44 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax 2012-03-26 21:24:44 496640 ----a-w- C:\Windows\SysWow64\xvid.ax . ============= FINISH: 23:10:15.14 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/10/2011 2:12:31 PM System Uptime: 6/19/2012 9:32:32 PM (2 hours ago) . Motherboard: Dell Inc. | | 0G62V9 Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 909/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 343.477 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\9&2D793958&0&34159EA00887_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\9&2D793958&0&34159EA00887_C00000000 Service: . ==== System Restore Points =================== . RP75: 5/18/2012 9:18:26 PM - Windows Update RP76: 5/19/2012 3:00:51 AM - Windows Update RP77: 5/22/2012 9:14:08 PM - Windows Update RP78: 5/26/2012 9:11:26 PM - Installed iTunes RP79: 5/29/2012 9:34:14 PM - Windows Update RP80: 6/11/2012 3:01:04 AM - Windows Update RP81: 6/16/2012 3:00:46 AM - Windows Update RP82: 6/18/2012 9:29:52 PM - Windows Update RP83: 6/19/2012 10:11:40 PM - Installed SpyHunter . ==== Installed Programs ====================== . ActiveMail Adobe Flash Player 11 Plugin Adobe Photoshop Elements 8.0 Adobe Reader 9.1 Advanced Audio FX Engine AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update Babylon toolbar on IE BabylonObjectInstaller Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ConverterLite 1.5.0 Cozi Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central Giant Savings GoToAssist 8.0.0.514 Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology iSEEK AnswerWorks English Runtime Java Auto Updater Java 6 Update 31 Junk Mail filter update KeePass Password Safe 1.18 Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.61.0.1400 McAfee Security Scan Plus Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 11.0 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PlayBryte Quicken 2011 Quicken 2012 Roxio Burn Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Toolbars Skype™ 4.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 6/19/2012 9:34:42 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/19/2012 9:34:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/19/2012 9:33:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/19/2012 9:33:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/19/2012 9:33:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/17/2012 4:30:40 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.