Help Needed - several problems

Status
Not open for further replies.
P

pmaxxx13

New member
First of all, thanks for taking the time to assist. I had some bad issues a fews years back and this site / people were AMAZING!
:rockon:

Issues on son's PC with explorer redirect, missing exe, etc Additionally, cannot download the lastest windows explorer update

DDS text below and other file attached as requested (not sure that this matters, but it took 11 minutes to run).

Thanks

Patrick

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by Owner at 17:09:22 on 2011-12-26
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
F:\dds.scr
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Hyvovv] C:\Users\Connor Appleby\AppData\Roaming\Hyvovv.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [hUtkqvriAukQ.exe] C:\ProgramData\hUtkqvriAukQ.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [5-Day Forecast] "C:\Program Files (x86)\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" /Startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [BambooCore] "C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{0F6C1251-DE0E-4DF2-9EB9-7943A8261CD9} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
BHO-X64: ooVoo Toolbar - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [5-Day Forecast] "C:\Program Files (x86)\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" /Startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun-x64: [BambooCore] "C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
.
============= SERVICES / DRIVERS ===============
.
R? Avgtdia;AVG TDI Driver
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McProxy;McAfee Proxy Service
R? mfebopk;McAfee Inc. mfebopk
R? mferkdk;McAfee Inc. mferkdk
R? PerfHost;Performance Counter DLL Host
R? SwitchBoard;Adobe SwitchBoard
R? USBAAPL64;Apple Mobile USB Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? avgwd;AVG WatchDog
S? DockLoginService;Dock Login Service
S? e1yexpress;Intel(R) Gigabit Network Connections Driver
S? FontCache;Windows Font Cache Service
S? McShield;McAfee Real-time Scanner
S? McSysmon;McAfee SystemGuards
S? mfeavfk;McAfee Inc. mfeavfk
S? mfehidk;McAfee Inc. mfehidk
S? mfesmfk;McAfee Inc. mfesmfk
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? OA002Afx;Provides a software interface to control audio effects of OA002 camera.
S? OA002Ufd;Creative Camera OA002 Upper Filter Driver
S? OA002Vid;Creative Camera OA002 Function Driver
S? PCTCore;PCTools KDS
S? PxHlpa64;PxHlpa64
S? SBSDWSCService;SBSD Security Center Service
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? TabletServicePen;TabletServicePen
S? TouchServicePen;Wacom Consumer Touch Service
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-26 19:02:42 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\Autodesk
2011-12-26 18:55:39 -------- d-----w- C:\ProgramData\Alias
2011-12-26 18:53:35 -------- d-----w- C:\Program Files (x86)\Autodesk
2011-12-26 18:48:12 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-12-26 18:47:55 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\Wacom
2011-12-26 18:47:44 -------- d-----w- C:\ProgramData\Wacom
2011-12-26 18:46:14 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
2011-12-26 18:45:16 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\WTablet
2011-12-26 18:45:15 1107832 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2011-12-26 18:45:14 1326456 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2011-12-26 18:45:09 -------- d-----w- C:\ProgramData\AppData
2011-12-26 18:44:48 -------- d-----w- C:\Program Files (x86)\TabletPlugins
2011-12-26 18:42:43 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
2011-12-26 18:41:28 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
2011-12-26 18:41:25 1401208 ----a-w- C:\Windows\System32\Wintab32.dll
2011-12-26 18:41:25 1392504 ----a-w- C:\Windows\System32\WacomMT.dll
2011-12-26 18:41:25 1369464 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2011-12-26 18:41:25 1156472 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2011-12-26 18:41:25 1152888 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2011-12-26 18:41:24 1665400 ----a-w- C:\Windows\System32\Pen_Tablet.dll
2011-12-26 18:41:19 -------- d-----w- C:\Program Files\Tablet
2011-12-26 18:33:49 208896 ----a-w- C:\Windows\MBR.exe
2011-12-26 18:33:44 98816 ----a-w- C:\Windows\sed.exe
2011-12-26 18:33:44 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-26 18:33:44 256000 ----a-w- C:\Windows\PEV.exe
2011-12-26 18:32:16 -------- d-s---w- C:\ComboFix-1
2011-12-26 02:42:08 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 01:25:53 -------- d-----w- C:\ProgramData\ALM
2011-12-26 00:59:50 -------- d-----w- C:\Program Files (x86)\Adobe Story
2011-12-26 00:56:20 -------- d-----w- C:\Program Files (x86)\My Company Name
2011-12-24 07:50:22 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\Wyga
2011-12-24 07:50:22 -------- d-----w- C:\Users\Connor Appleby\AppData\Roaming\Unefti
2011-12-15 02:49:47 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:49:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 02:49:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:49:29 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:49:29 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:49:15 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:49:13 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-15 02:49:13 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-12-01 00:08:37 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-12-01 00:08:30 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-11-27 16:29:53 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-12-01 00:08:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-07 11:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 17:20:48.87 ===============
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


Sorry for the delay, the holidays kind of put us behind

Your going to have to download this program to known clean computer and transfer it by disk to the infected one. Looks like you ran it before , if the old icon is still on your desktop drag it to trash and download a fresh new updated copy

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Last edited:
combo fix log

Sorry for the delayed response, was traveling

FYI - during combo-fix run I had an error message pop up twice:"PEV.exe stopped working"

Also, internet now works but re-directs

Thanks for your help!

ComboFix 12-01-06.01 - Connor Appleby 01/06/2012 15:00:07.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8182.4940 [GMT -5:00]
Running from: c:\users\Connor Appleby\Desktop\ComboFix.exe
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
.
---- Previous Run -------
.
C:\DFREECB.tmp
c:\program files (x86)\LP
c:\program files (x86)\LP\7685\1303.tmp
c:\program files (x86)\LP\7685\871B.tmp
c:\program files (x86)\LP\7685\933.tmp
c:\programdata\054452l2d078j880h735m5rji6p4
c:\programdata\121518b2t827b281r656r4vbi8m1
c:\programdata\48286118k4k7
c:\users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Templates\054452l2d078j880h735m5rji6p4
c:\users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Templates\121518b2t827b281r656r4vbi8m1
c:\users\Connor Appleby\Taskmgr.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 20:49 . 2012-01-06 20:49 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-01-06 20:49 . 2012-01-06 20:49 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-06 20:49 . 2012-01-06 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 14:27 . 2011-12-30 14:27 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\AVG2012
2011-12-28 22:42 . 2011-12-28 22:42 -------- d-----w- c:\users\Sarah\AppData\Roaming\Wacom
2011-12-28 22:41 . 2011-12-28 22:41 -------- d-----w- c:\users\Sarah\AppData\Roaming\WTablet
2011-12-26 21:07 . 2011-12-26 21:07 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-26 19:02 . 2011-12-26 19:02 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Autodesk
2011-12-26 18:55 . 2011-12-26 18:55 -------- d-----w- c:\programdata\Alias
2011-12-26 18:53 . 2011-12-26 18:53 -------- d-----w- c:\program files (x86)\Autodesk
2011-12-26 18:48 . 2011-12-26 18:48 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-12-26 18:47 . 2011-12-26 18:47 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Wacom
2011-12-26 18:47 . 2011-12-27 14:52 -------- d-----w- c:\programdata\Wacom
2011-12-26 18:46 . 2011-12-26 18:47 -------- d-----w- c:\program files (x86)\Bamboo Dock
2011-12-26 18:45 . 2011-12-26 18:45 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\WTablet
2011-12-26 18:32 . 2012-01-06 19:46 -------- d-----w- C:\ComboFix-1
2011-12-26 02:42 . 2011-12-26 02:42 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 01:25 . 2011-12-26 01:25 -------- d-----w- c:\programdata\ALM
2011-12-26 00:59 . 2011-12-26 00:59 -------- d-----w- c:\program files (x86)\Adobe Story
2011-12-26 00:56 . 2011-12-26 00:56 -------- d-----w- c:\program files (x86)\My Company Name
2011-12-24 07:50 . 2011-12-24 11:10 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Wyga
2011-12-24 07:50 . 2011-12-24 07:50 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Unefti
2011-12-15 02:49 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:49 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:49 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 02:49 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:49 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 02:49 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:49 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 02:49 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 00:08 . 2011-05-18 00:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 06:27 . 2011-11-11 07:00 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82C839B-8539-4680-989B-B2FCC8B07A95}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-02-09 03:44 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-02-09 81920]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-18 22631608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-30 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"5-Day Forecast"="c:\program files (x86)\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" [2010-06-15 876544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-06-24 629848]
"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
.
c:\users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-9-30 53248]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 20:35]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 20:35]
.
2012-01-06 c:\windows\Tasks\Norton Security Scan for Connor Appleby.job
- c:\progra~2\NORTON~2\Engine\313~1.7\Nss.exe [2011-06-26 04:47]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{53F3B42F-94F6-43E8-8F18-C7EF3438945E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F18474AD-0958-4E2A-ABFC-5E8E3C831E2D}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-17 16308768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Hyvovv - c:\users\Connor Appleby\AppData\Roaming\Hyvovv.exe
Wow6432Node-HKCU-Run-hUtkqvriAukQ.exe - c:\programdata\hUtkqvriAukQ.exe
Wow6432Node-HKCU-Run-Bamboo Dock - c:\program files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Spyware Doctor\pctsAuxs.exe
c:\program files (x86)\Spyware Doctor\pctsSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\progra~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-06 16:25:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-06 21:25
.
Pre-Run: 336,619,831,296 bytes free
Post-Run: 336,161,443,840 bytes free
.
- - End Of File - - 31D8CAAE3FECF46A83413F4119E35D79
 
Hi,

Lets do a few things.

oovootoolbar <--This may not have any uninstall feature, you can check in Programs and Features in the Control Panel. This program will change your IE search setting and is not recommended, if there is no uninstall we can remove it during the fix.

When redirects are present most times there is a rootkit type of infection present, lets check.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 17:46:52
-----------------------------
17:46:52.737 OS Version: Windows x64 6.0.6002 Service Pack 2
17:46:52.739 Number of processors: 8 586 0x1A05
17:46:52.741 ComputerName: CONNORAPPLEB-PC UserName: Connor Appleby
17:46:55.246 Initialize success
17:47:07.442 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:47:07.446 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
17:47:07.468 Disk 0 MBR read successfully
17:47:07.472 Disk 0 MBR scan
17:47:07.475 Disk 0 TDL4@MBR code has been found
17:47:07.479 Disk 0 Windows VISTA default MBR code found via API
17:47:07.484 Disk 0 MBR hidden
17:47:07.489 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:47:07.517 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
17:47:07.530 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699980 MB offset 31586304
17:47:07.536 Disk 0 MBR [TDL4] **ROOTKIT**
17:47:07.543 Disk 0 trace - called modules:
17:47:07.549 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009379254]<<
17:47:07.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d95790]
17:47:07.564 3 CLASSPNP.SYS[fffffa600100cc33] -> nt!IofCallDriver -> [0xfffffa8008c908c0]
17:47:07.572 \Driver\PCTCore[0xfffffa8007db3aa0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8009379254
17:47:07.581 Scan finished successfully
17:47:45.932 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:47:45.956 The log file has been saved successfully to "F:\aswMBRrun.txt"
 
Hi,

Your computer is infected with the TDL4 version of the TDSS rootkit.


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
1) i was able to uninstall oovootoolbar prior to running aswMBR (meant to tell you that in last post)
2) TDSKiller foumd and cured 1


18:07:40.0144 3048 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:07:41.0221 3048 ============================================================
18:07:41.0221 3048 Current date / time: 2012/01/06 18:07:41.0221
18:07:41.0221 3048 SystemInfo:
18:07:41.0221 3048
18:07:41.0221 3048 OS Version: 6.0.6002 ServicePack: 2.0
18:07:41.0221 3048 Product type: Workstation
18:07:41.0221 3048 ComputerName: CONNORAPPLEB-PC
18:07:41.0221 3048 UserName: Connor Appleby
18:07:41.0221 3048 Windows directory: C:\Windows
18:07:41.0221 3048 System windows directory: C:\Windows
18:07:41.0221 3048 Running under WOW64
18:07:41.0221 3048 Processor architecture: Intel x64
18:07:41.0221 3048 Number of processors: 8
18:07:41.0221 3048 Page size: 0x1000
18:07:41.0221 3048 Boot type: Normal boot
18:07:41.0221 3048 ============================================================
18:07:43.0452 3048 Initialize success
18:07:47.0632 4192 ============================================================
18:07:47.0632 4192 Scan started
18:07:47.0632 4192 Mode: Manual;
18:07:47.0632 4192 ============================================================
18:07:49.0270 4192 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
18:07:49.0302 4192 61883 - ok
18:07:49.0380 4192 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:07:49.0426 4192 ACPI - ok
18:07:49.0489 4192 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:07:49.0520 4192 adp94xx - ok
18:07:49.0645 4192 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:07:49.0676 4192 adpahci - ok
18:07:49.0707 4192 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:07:49.0738 4192 adpu160m - ok
18:07:49.0770 4192 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:07:49.0816 4192 adpu320 - ok
18:07:50.0004 4192 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:07:50.0035 4192 AFD - ok
18:07:50.0097 4192 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:07:50.0128 4192 agp440 - ok
18:07:50.0300 4192 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:07:50.0331 4192 aic78xx - ok
18:07:50.0518 4192 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
18:07:50.0550 4192 aliide - ok
18:07:50.0674 4192 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:07:50.0706 4192 amdide - ok
18:07:50.0737 4192 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:07:50.0768 4192 AmdK8 - ok
18:07:50.0830 4192 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:07:50.0877 4192 arc - ok
18:07:50.0893 4192 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:07:50.0924 4192 arcsas - ok
18:07:50.0971 4192 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:51.0002 4192 AsyncMac - ok
18:07:51.0064 4192 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:07:51.0064 4192 atapi - ok
18:07:51.0127 4192 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
18:07:51.0158 4192 Avc - ok
18:07:51.0189 4192 Beep - ok
18:07:51.0236 4192 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:07:51.0267 4192 blbdrive - ok
18:07:51.0330 4192 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:07:51.0361 4192 bowser - ok
18:07:51.0423 4192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:07:51.0454 4192 BrFiltLo - ok
18:07:51.0517 4192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:07:51.0532 4192 BrFiltUp - ok
18:07:51.0579 4192 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:07:51.0610 4192 Brserid - ok
18:07:51.0642 4192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:07:51.0673 4192 BrSerWdm - ok
18:07:51.0688 4192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:07:51.0720 4192 BrUsbMdm - ok
18:07:51.0751 4192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:07:51.0782 4192 BrUsbSer - ok
18:07:51.0813 4192 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:07:51.0844 4192 BTHMODEM - ok
18:07:52.0047 4192 catchme - ok
18:07:52.0078 4192 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:07:52.0110 4192 cdfs - ok
18:07:52.0156 4192 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:07:52.0188 4192 cdrom - ok
18:07:52.0234 4192 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:07:52.0266 4192 circlass - ok
18:07:52.0546 4192 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:07:52.0593 4192 CLFS - ok
18:07:52.0812 4192 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:07:52.0858 4192 cmdide - ok
18:07:52.0890 4192 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
18:07:52.0936 4192 Compbatt - ok
18:07:52.0936 4192 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:07:52.0983 4192 crcdisk - ok
18:07:53.0139 4192 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:07:53.0170 4192 DfsC - ok
18:07:53.0451 4192 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:07:53.0482 4192 disk - ok
18:07:53.0623 4192 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:07:53.0654 4192 drmkaud - ok
18:07:53.0810 4192 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:07:53.0872 4192 DXGKrnl - ok
18:07:53.0888 4192 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
18:07:53.0919 4192 e1express - ok
18:07:53.0950 4192 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:07:53.0982 4192 E1G60 - ok
18:07:54.0028 4192 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:07:54.0075 4192 e1yexpress - ok
18:07:54.0138 4192 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:07:54.0184 4192 Ecache - ok
18:07:54.0216 4192 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:07:54.0262 4192 elxstor - ok
18:07:54.0309 4192 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
18:07:54.0340 4192 ErrDev - ok
18:07:54.0496 4192 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:07:54.0528 4192 exfat - ok
18:07:54.0574 4192 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:07:54.0606 4192 fastfat - ok
18:07:54.0652 4192 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:07:54.0684 4192 fdc - ok
18:07:54.0730 4192 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:07:54.0762 4192 FileInfo - ok
18:07:54.0808 4192 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:07:54.0840 4192 Filetrace - ok
18:07:54.0871 4192 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:07:54.0918 4192 flpydisk - ok
18:07:54.0980 4192 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:07:55.0011 4192 FltMgr - ok
18:07:55.0027 4192 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:07:55.0058 4192 Fs_Rec - ok
18:07:55.0089 4192 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:07:55.0120 4192 gagp30kx - ok
18:07:55.0167 4192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:07:55.0198 4192 GEARAspiWDM - ok
18:07:55.0292 4192 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:07:55.0323 4192 HDAudBus - ok
18:07:55.0354 4192 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:07:55.0386 4192 HidBth - ok
18:07:55.0401 4192 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:07:55.0432 4192 HidIr - ok
18:07:55.0479 4192 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:07:55.0510 4192 HidUsb - ok
18:07:55.0588 4192 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:07:55.0620 4192 HpCISSs - ok
18:07:55.0698 4192 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:07:55.0744 4192 HTTP - ok
18:07:55.0776 4192 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:07:55.0807 4192 i2omp - ok
18:07:55.0838 4192 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:07:55.0869 4192 i8042prt - ok
18:07:55.0916 4192 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
18:07:55.0963 4192 iaStor - ok
18:07:55.0994 4192 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:07:56.0041 4192 iaStorV - ok
18:07:56.0088 4192 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:07:56.0119 4192 iirsp - ok
18:07:56.0337 4192 IntcAzAudAddService (e28edf74900e68184f44cfcdd66f1bc3) C:\Windows\system32\drivers\RTKVHD64.sys
18:07:56.0368 4192 IntcAzAudAddService - ok
18:07:56.0415 4192 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
18:07:56.0446 4192 intelide - ok
18:07:56.0462 4192 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:07:56.0493 4192 intelppm - ok
18:07:56.0540 4192 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:56.0587 4192 IpFilterDriver - ok
18:07:56.0587 4192 IpInIp - ok
18:07:56.0618 4192 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:07:56.0649 4192 IPMIDRV - ok
18:07:56.0727 4192 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:07:56.0774 4192 IPNAT - ok
18:07:56.0805 4192 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:07:56.0836 4192 IRENUM - ok
18:07:56.0868 4192 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:07:56.0899 4192 isapnp - ok
18:07:56.0961 4192 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:07:57.0008 4192 iScsiPrt - ok
18:07:57.0039 4192 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:07:57.0070 4192 iteatapi - ok
18:07:57.0164 4192 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:07:57.0195 4192 iteraid - ok
18:07:57.0226 4192 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:07:57.0258 4192 kbdclass - ok
18:07:57.0304 4192 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:07:57.0336 4192 kbdhid - ok
18:07:57.0429 4192 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:07:57.0460 4192 KSecDD - ok
18:07:57.0476 4192 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:07:57.0507 4192 ksthunk - ok
18:07:57.0616 4192 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:07:57.0648 4192 lltdio - ok
18:07:58.0053 4192 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:07:58.0084 4192 LSI_FC - ok
18:07:58.0225 4192 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:07:58.0272 4192 LSI_SAS - ok
18:07:58.0287 4192 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:07:58.0334 4192 LSI_SCSI - ok
18:07:58.0365 4192 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:07:58.0396 4192 luafv - ok
18:07:58.0490 4192 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:07:58.0521 4192 megasas - ok
18:07:58.0599 4192 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:07:58.0646 4192 MegaSR - ok
18:07:58.0724 4192 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
18:07:58.0771 4192 mfeavfk - ok
18:07:58.0833 4192 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
18:07:58.0880 4192 mfebopk - ok
18:07:58.0942 4192 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
18:07:58.0989 4192 mfehidk - ok
18:07:59.0020 4192 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
18:07:59.0067 4192 mferkdk - ok
18:07:59.0098 4192 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
18:07:59.0130 4192 mfesmfk - ok
18:07:59.0145 4192 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:07:59.0176 4192 Modem - ok
18:07:59.0223 4192 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:07:59.0254 4192 monitor - ok
18:07:59.0270 4192 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:07:59.0317 4192 mouclass - ok
18:07:59.0348 4192 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:07:59.0379 4192 mouhid - ok
18:07:59.0410 4192 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:07:59.0457 4192 MountMgr - ok
18:07:59.0551 4192 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
18:07:59.0582 4192 MPFP - ok
18:07:59.0769 4192 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:07:59.0800 4192 mpio - ok
18:07:59.0925 4192 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:07:59.0956 4192 mpsdrv - ok
18:07:59.0988 4192 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:08:00.0019 4192 Mraid35x - ok
18:08:00.0050 4192 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:08:00.0097 4192 MRxDAV - ok
18:08:00.0144 4192 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:00.0175 4192 mrxsmb - ok
18:08:00.0222 4192 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:00.0253 4192 mrxsmb10 - ok
18:08:00.0268 4192 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:00.0300 4192 mrxsmb20 - ok
18:08:00.0331 4192 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
18:08:00.0393 4192 msahci - ok
18:08:00.0409 4192 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:08:00.0456 4192 msdsm - ok
18:08:00.0518 4192 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
18:08:00.0565 4192 MSDV - ok
18:08:00.0627 4192 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:08:00.0658 4192 Msfs - ok
18:08:00.0674 4192 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:08:00.0705 4192 msisadrv - ok
18:08:00.0752 4192 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:08:00.0783 4192 MSKSSRV - ok
18:08:00.0814 4192 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:00.0846 4192 MSPCLOCK - ok
18:08:00.0892 4192 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:08:00.0924 4192 MSPQM - ok
18:08:01.0048 4192 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:08:01.0080 4192 MsRPC - ok
18:08:01.0111 4192 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:08:01.0142 4192 mssmbios - ok
18:08:01.0173 4192 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:08:01.0204 4192 MSTEE - ok
18:08:01.0220 4192 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:08:01.0251 4192 Mup - ok
18:08:01.0329 4192 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:08:01.0360 4192 NativeWifiP - ok
18:08:01.0548 4192 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:08:01.0594 4192 NDIS - ok
18:08:01.0828 4192 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:01.0860 4192 NdisTapi - ok
18:08:01.0875 4192 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:01.0906 4192 Ndisuio - ok
18:08:01.0953 4192 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:01.0984 4192 NdisWan - ok
18:08:02.0016 4192 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:08:02.0047 4192 NDProxy - ok
18:08:02.0062 4192 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:08:02.0094 4192 NetBIOS - ok
18:08:02.0156 4192 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:08:02.0187 4192 netbt - ok
18:08:02.0250 4192 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:08:02.0281 4192 nfrd960 - ok
18:08:02.0343 4192 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:08:02.0374 4192 Npfs - ok
18:08:02.0421 4192 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:08:02.0468 4192 nsiproxy - ok
18:08:02.0671 4192 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:08:02.0702 4192 Ntfs - ok
18:08:02.0718 4192 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:08:02.0749 4192 Null - ok
18:08:02.0796 4192 NVHDA (6574620a7d7549bb72ea26c162025909) C:\Windows\system32\drivers\nvhda64v.sys
18:08:02.0827 4192 NVHDA - ok
18:08:03.0451 4192 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:08:04.0200 4192 nvlddmkm - ok
18:08:04.0278 4192 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:08:04.0309 4192 nvraid - ok
18:08:04.0340 4192 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:08:04.0371 4192 nvstor - ok
18:08:04.0402 4192 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:08:04.0434 4192 nv_agp - ok
18:08:04.0449 4192 NwlnkFlt - ok
18:08:04.0465 4192 NwlnkFwd - ok
18:08:04.0574 4192 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
18:08:04.0605 4192 OA002Afx - ok
18:08:04.0668 4192 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
18:08:04.0699 4192 OA002Ufd - ok
18:08:04.0746 4192 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
18:08:04.0777 4192 OA002Vid - ok
18:08:04.0855 4192 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:08:04.0886 4192 ohci1394 - ok
18:08:04.0948 4192 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys
18:08:04.0995 4192 Packet - ok
18:08:05.0042 4192 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:08:05.0089 4192 Parport - ok
18:08:05.0136 4192 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:08:05.0182 4192 partmgr - ok
18:08:05.0229 4192 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:08:05.0276 4192 pci - ok
18:08:05.0323 4192 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
18:08:05.0354 4192 pciide - ok
18:08:05.0401 4192 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:08:05.0448 4192 pcmcia - ok
18:08:05.0557 4192 PCTCore (3a68080572b81577791a7b19bb880da9) C:\Windows\system32\drivers\PCTCore64.sys
18:08:05.0588 4192 PCTCore - ok
18:08:05.0650 4192 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:08:05.0697 4192 PEAUTH - ok
18:08:05.0775 4192 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:05.0806 4192 PptpMiniport - ok
18:08:05.0838 4192 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:08:05.0869 4192 Processor - ok
18:08:05.0931 4192 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:08:05.0962 4192 PSched - ok
18:08:06.0009 4192 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:08:06.0040 4192 PxHlpa64 - ok
18:08:06.0118 4192 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:08:06.0165 4192 ql2300 - ok
18:08:06.0196 4192 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:08:06.0228 4192 ql40xx - ok
18:08:06.0259 4192 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:08:06.0290 4192 QWAVEdrv - ok
18:08:06.0664 4192 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
18:08:06.0727 4192 R300 - ok
18:08:06.0914 4192 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:06.0945 4192 RasAcd - ok
18:08:07.0054 4192 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:07.0086 4192 Rasl2tp - ok
18:08:07.0117 4192 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:07.0148 4192 RasPppoe - ok
18:08:07.0179 4192 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:07.0210 4192 RasSstp - ok
18:08:07.0242 4192 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:07.0288 4192 rdbss - ok
18:08:07.0304 4192 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:07.0335 4192 RDPCDD - ok
18:08:07.0366 4192 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:08:07.0398 4192 rdpdr - ok
18:08:07.0413 4192 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:08:07.0444 4192 RDPENCDD - ok
18:08:07.0491 4192 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:08:07.0522 4192 RDPWD - ok
18:08:07.0600 4192 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:08:07.0632 4192 rspndr - ok
18:08:07.0694 4192 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:08:07.0725 4192 sbp2port - ok
18:08:07.0803 4192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:08:07.0834 4192 secdrv - ok
18:08:07.0881 4192 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:08:07.0912 4192 Serenum - ok
18:08:07.0928 4192 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:08:07.0975 4192 Serial - ok
18:08:08.0006 4192 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:08:08.0037 4192 sermouse - ok
18:08:08.0100 4192 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:08:08.0131 4192 sffdisk - ok
18:08:08.0162 4192 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:08:08.0193 4192 sffp_mmc - ok
18:08:08.0224 4192 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:08:08.0256 4192 sffp_sd - ok
18:08:08.0287 4192 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:08:08.0318 4192 sfloppy - ok
18:08:08.0365 4192 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:08:08.0412 4192 SiSRaid2 - ok
18:08:08.0427 4192 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:08:08.0474 4192 SiSRaid4 - ok
18:08:08.0521 4192 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:08:08.0552 4192 Smb - ok
18:08:08.0630 4192 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:08:08.0661 4192 spldr - ok
18:08:08.0802 4192 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:08:08.0833 4192 srv - ok
18:08:09.0098 4192 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:08:09.0129 4192 srv2 - ok
18:08:09.0301 4192 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:08:09.0348 4192 srvnet - ok
18:08:09.0410 4192 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:08:09.0457 4192 swenum - ok
18:08:09.0535 4192 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:08:09.0566 4192 Symc8xx - ok
18:08:09.0613 4192 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:08:09.0660 4192 Sym_hi - ok
18:08:09.0800 4192 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:08:09.0847 4192 Sym_u3 - ok
18:08:10.0190 4192 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
18:08:10.0221 4192 Tcpip - ok
18:08:10.0252 4192 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
18:08:10.0268 4192 Tcpip6 - ok
18:08:10.0330 4192 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:08:10.0362 4192 tcpipreg - ok
18:08:10.0393 4192 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:08:10.0424 4192 TDPIPE - ok
18:08:10.0440 4192 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:08:10.0471 4192 TDTCP - ok
18:08:10.0549 4192 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:08:10.0580 4192 tdx - ok
18:08:10.0674 4192 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:08:10.0689 4192 TermDD - ok
18:08:10.0783 4192 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
18:08:10.0814 4192 TIEHDUSB - ok
18:08:10.0908 4192 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
18:08:10.0923 4192 Tpkd - ok
18:08:11.0032 4192 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:11.0064 4192 tssecsrv - ok
18:08:11.0079 4192 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:08:11.0110 4192 tunmp - ok
18:08:11.0173 4192 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:08:11.0204 4192 tunnel - ok
18:08:11.0220 4192 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:08:11.0251 4192 uagp35 - ok
18:08:11.0376 4192 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:08:11.0422 4192 udfs - ok
18:08:11.0485 4192 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:08:11.0516 4192 uliagpkx - ok
18:08:11.0563 4192 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:08:11.0610 4192 uliahci - ok
18:08:11.0656 4192 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:08:11.0688 4192 UlSata - ok
18:08:11.0734 4192 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:08:11.0781 4192 ulsata2 - ok
18:08:11.0812 4192 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:08:11.0844 4192 umbus - ok
18:08:11.0875 4192 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
18:08:11.0906 4192 UMPass - ok
18:08:11.0968 4192 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:08:12.0000 4192 USBAAPL64 - ok
18:08:12.0046 4192 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
18:08:12.0093 4192 usbaudio - ok
18:08:12.0140 4192 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:12.0171 4192 usbccgp - ok
18:08:12.0202 4192 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:08:12.0234 4192 usbcir - ok
18:08:12.0265 4192 usbehci (b1c7edb07f61bdee587831b440fc7656) C:\Windows\system32\DRIVERS\usbehci.sys
18:08:12.0296 4192 usbehci - ok
18:08:12.0374 4192 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:08:12.0405 4192 usbhub - ok
18:08:12.0436 4192 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:08:12.0468 4192 usbohci - ok
18:08:12.0546 4192 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:08:12.0577 4192 usbprint - ok
18:08:12.0608 4192 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:08:12.0639 4192 usbscan - ok
18:08:12.0717 4192 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:12.0717 4192 USBSTOR - ok
18:08:12.0764 4192 usbuhci (c8d88a2a3587a8424b4b17a6f7eb67fa) C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:12.0795 4192 usbuhci - ok
18:08:12.0858 4192 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:08:12.0889 4192 usbvideo - ok
18:08:12.0920 4192 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:12.0951 4192 vga - ok
18:08:12.0998 4192 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:08:13.0014 4192 VgaSave - ok
18:08:13.0045 4192 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:08:13.0076 4192 viaide - ok
18:08:13.0107 4192 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:08:13.0154 4192 volmgr - ok
18:08:13.0201 4192 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:08:13.0248 4192 volmgrx - ok
18:08:13.0294 4192 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:08:13.0341 4192 volsnap - ok
18:08:13.0388 4192 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:08:13.0419 4192 vsmraid - ok
18:08:13.0497 4192 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
18:08:13.0544 4192 wacommousefilter - ok
18:08:13.0560 4192 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:08:13.0591 4192 WacomPen - ok
18:08:13.0669 4192 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
18:08:13.0700 4192 wacomvhid - ok
18:08:13.0762 4192 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:13.0794 4192 Wanarp - ok
18:08:13.0794 4192 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:13.0794 4192 Wanarpv6 - ok
18:08:13.0872 4192 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:08:13.0903 4192 Wd - ok
18:08:13.0996 4192 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:08:14.0043 4192 Wdf01000 - ok
18:08:14.0152 4192 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
18:08:14.0184 4192 WmiAcpi - ok
18:08:14.0262 4192 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:08:14.0293 4192 WpdUsb - ok
18:08:14.0480 4192 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:08:14.0511 4192 ws2ifsl - ok
18:08:14.0574 4192 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:14.0605 4192 WUDFRd - ok
18:08:14.0652 4192 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
18:08:14.0683 4192 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
18:08:14.0683 4192 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
18:08:14.0698 4192 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR7
18:08:14.0698 4192 \Device\Harddisk1\DR7 - ok
18:08:14.0730 4192 Boot (0x1200) (6e8a2cdf2fd41ad24e9b31d51dcbc778) \Device\Harddisk0\DR0\Partition0
18:08:14.0745 4192 \Device\Harddisk0\DR0\Partition0 - ok
18:08:14.0761 4192 Boot (0x1200) (ac4416963b521b473742284ae8515833) \Device\Harddisk0\DR0\Partition1
18:08:14.0761 4192 \Device\Harddisk0\DR0\Partition1 - ok
18:08:14.0761 4192 Boot (0x1200) (de736fb0c6c9fa6d8855d2dfa0118bab) \Device\Harddisk1\DR7\Partition0
18:08:14.0761 4192 \Device\Harddisk1\DR7\Partition0 - ok
18:08:14.0776 4192 ============================================================
18:08:14.0776 4192 Scan finished
18:08:14.0776 4192 ============================================================
18:08:14.0776 6680 Detected object count: 1
18:08:14.0776 6680 Actual detected object count: 1
18:08:28.0910 6680 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
18:08:28.0910 6680 \Device\Harddisk0\DR0 - ok
18:08:28.0910 6680 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
18:08:34.0027 6944 Deinitialize success
 
Make sure you reboot and then run aswMBR again and post the new log please.

Then run this program

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
 
logs requested below

FYI - I got an error message when trying to shut down PC Tools Spyware Doctor


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 18:40:07
-----------------------------
18:40:07.270 OS Version: Windows x64 6.0.6002 Service Pack 2
18:40:07.271 Number of processors: 8 586 0x1A05
18:40:07.272 ComputerName: CONNORAPPLEB-PC UserName: Connor Appleby
18:40:09.113 Initialize success
18:40:16.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:40:16.375 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
18:40:16.389 Disk 0 MBR read successfully
18:40:16.394 Disk 0 MBR scan
18:40:16.398 Disk 0 Windows VISTA default MBR code
18:40:16.404 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
18:40:16.447 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
18:40:16.468 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699980 MB offset 31586304
18:40:16.473 Service scanning
18:40:31.097 Modules scanning
18:40:31.103 Disk 0 trace - called modules:
18:40:31.130 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys ataport.SYS pciide.sys
18:40:31.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009159300]
18:40:31.146 3 CLASSPNP.SYS[fffffa600100bc33] -> nt!IofCallDriver -> [0xfffffa8007c66320]
18:40:31.156 5 PCTCore64.sys[fffffa6000a665fc] -> nt!IofCallDriver -> [0xfffffa8007dd4760]
18:40:31.167 7 acpi.sys[fffffa6000947fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007db5060]
18:40:31.178 Scan finished successfully
18:40:58.979 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
18:40:58.995 The log file has been saved successfully to "F:\aswMBR.txt"
18:41:09.359 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
18:41:09.370 The log file has been saved successfully to "F:\aswMBR2.txt"



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 435MT
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 155):
0x06C05000 \SystemRoot\system32\ntoskrnl.exe
0x0711D000 \SystemRoot\system32\hal.dll
0x0060C000 \SystemRoot\system32\kdcom.dll
0x00616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00651000 \SystemRoot\system32\PSHED.dll
0x00665000 \SystemRoot\system32\CLFS.SYS
0x006C2000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x0093D000 \SystemRoot\system32\drivers\acpi.sys
0x00993000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0099C000 \SystemRoot\system32\drivers\msisadrv.sys
0x009A6000 \SystemRoot\system32\drivers\pci.sys
0x009D6000 \SystemRoot\System32\drivers\partmgr.sys
0x009EB000 \SystemRoot\system32\drivers\volmgr.sys
0x00774000 \SystemRoot\System32\drivers\volmgrx.sys
0x00800000 \SystemRoot\system32\DRIVERS\intelide.sys
0x007DA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x007EA000 \SystemRoot\system32\drivers\pciide.sys
0x00A07000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A1A000 \SystemRoot\system32\drivers\atapi.sys
0x00A22000 \SystemRoot\system32\drivers\ataport.SYS
0x00A46000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5A000 \SystemRoot\system32\drivers\PCTCore64.sys
0x00A92000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A9E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
0x00B25000 \SystemRoot\system32\drivers\msrpc.sys
0x00B75000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00F81000 \SystemRoot\system32\drivers\volsnap.sys
0x00FC5000 \SystemRoot\System32\Drivers\Tpkd.sys
0x00FE8000 \SystemRoot\System32\Drivers\spldr.sys
0x00DCD000 \SystemRoot\System32\Drivers\mup.sys
0x00BCE000 \SystemRoot\System32\drivers\ecache.sys
0x00DDF000 \SystemRoot\system32\drivers\disk.sys
0x0100A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01036000 \SystemRoot\system32\drivers\crcdisk.sys
0x01062000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0106F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01078000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02808000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03319000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0331B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0108B000 \SystemRoot\System32\drivers\watchdog.sys
0x0109B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x01188000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x011D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03405000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0344B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0345C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0346E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x0347E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0349A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x034A7000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x034AA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x034BC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x034C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x034FD000 \SystemRoot\system32\DRIVERS\storport.sys
0x0355A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03567000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0358A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03596000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x035C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x035D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03608000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0361B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03629000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03635000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03637000 \SystemRoot\system32\DRIVERS\ks.sys
0x0366B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03676000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03686000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x036CE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x036D9000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x036E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x036F5000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0370C000 \SystemRoot\system32\drivers\portcls.sys
0x03747000 \SystemRoot\system32\drivers\drmk.sys
0x0376A000 \SystemRoot\system32\drivers\ksthunk.sys
0x0400B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x041AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x041B4000 \SystemRoot\System32\Drivers\Null.SYS
0x041C8000 \SystemRoot\System32\drivers\vga.sys
0x041D6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x041BD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03770000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0377B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0378C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04203000 \SystemRoot\System32\drivers\tcpip.sys
0x04378000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x043A4000 \SystemRoot\System32\Drivers\Mpfp.sys
0x043E1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03795000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x037B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x043FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x037C8000 \SystemRoot\system32\DRIVERS\smb.sys
0x04409000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0444D000 \SystemRoot\system32\drivers\afd.sys
0x044B8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x044C3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x044E1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x044F0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0450B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04558000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04564000 \SystemRoot\system32\drivers\mfehidk.sys
0x045AE000 \SystemRoot\System32\Drivers\dfsc.sys
0x045CB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x037E3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x01040000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04603000 \SystemRoot\system32\DRIVERS\OA002Vid.sys
0x0464E000 \SystemRoot\system32\DRIVERS\OA002Ufd.sys
0x04678000 \SystemRoot\system32\drivers\usbaudio.sys
0x04691000 \??\C:\Windows\system32\Drivers\OA002Afx.sys
0x046C5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x046D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x046DF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x046E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x046F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x046FB000 \SystemRoot\System32\drivers\Dxapi.sys
0x04707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x00880000 \SystemRoot\System32\ATMFD.DLL
0x00690000 \SystemRoot\System32\cdd.dll
0x0471A000 \SystemRoot\system32\drivers\luafv.sys
0x0473C000 \SystemRoot\system32\drivers\spsys.sys
0x047D6000 \SystemRoot\system32\DRIVERS\packet.sys
0x047E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08A03000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08A1B000 \SystemRoot\system32\drivers\HTTP.sys
0x08ABE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08AE7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08B05000 \SystemRoot\system32\drivers\mrxdav.sys
0x08B2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08B55000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08B9E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08BBD000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09008000 \SystemRoot\System32\DRIVERS\srv.sys
0x0909B000 \SystemRoot\system32\drivers\peauth.sys
0x09151000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0915C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0916C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0918C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x091A2000 \??\C:\Program Files (x86)\Spyware Doctor\PCTSDInj64.sys
0x091AC000 \SystemRoot\system32\drivers\mfeavfk.sys
0x091C4000 \SystemRoot\system32\drivers\tdtcp.sys
0x091D1000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x0AC0C000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x0AC48000 \SystemRoot\system32\drivers\mfesmfk.sys
0x0AC53000 \??\C:\Users\CONNOR~1\AppData\Local\Temp\aswMBR.sys
0x771A0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
568 C:\Windows\System32\csrss.exe
636 C:\Windows\System32\wininit.exe
656 C:\Windows\System32\csrss.exe
692 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
992 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\audiodg.exe
1064 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\SLsvc.exe
1148 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\nvvsvc.exe
1264 C:\Program Files\Dell\DellDock\DockLogin.exe
1340 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1348 C:\Windows\System32\wisptis.exe
1356 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1436 C:\Windows\System32\svchost.exe
1784 C:\Windows\System32\spoolsv.exe
1808 C:\Windows\System32\svchost.exe
1276 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1864 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1856 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1964 C:\Program Files\Bonjour\mDNSResponder.exe
2080 C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
2204 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
2284 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2336 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
2392 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2536 C:\Windows\System32\svchost.exe
2552 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
2588 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
2736 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
2764 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2864 C:\Windows\System32\svchost.exe
2904 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3028 C:\Windows\System32\svchost.exe
3068 C:\Windows\System32\SearchIndexer.exe
3016 C:\Windows\System32\WUDFHost.exe
3128 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3340 C:\Windows\System32\taskeng.exe
3908 C:\Windows\System32\wbem\WmiPrvSE.exe
3360 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
4624 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
4636 C:\Windows\System32\taskeng.exe
4684 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
4700 C:\Windows\System32\wisptis.exe
4708 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
4716 C:\Windows\System32\dwm.exe
4848 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
4896 C:\Windows\explorer.exe
4916 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
5032 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
4744 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
5196 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
5220 C:\Program Files\Windows Sidebar\sidebar.exe
5240 C:\Windows\ehome\ehtray.exe
5324 C:\Windows\ehome\ehmsas.exe
5460 C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
5472 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
5484 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
5500 C:\Program Files\Dell\DellDock\DellDock.exe
5524 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
5532 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
5560 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
5632 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5692 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
5868 C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
5988 C:\Program Files\Windows Media Player\wmpnscfg.exe
976 C:\Program Files\Windows Media Player\wmpnetwk.exe
5380 C:\Program Files\iPod\bin\iPodService.exe
3148 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
6536 C:\Windows\System32\svchost.exe
6576 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
6756 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
5300 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
5436 C:\Windows\System32\wuauclt.exe
5924 C:\Windows\System32\wbem\WmiPrvSE.exe
832 C:\Program Files (x86)\Safari\Safari.exe
1176 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
5160 C:\Users\Connor Appleby\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Wonderful, I was concerned that your Master Boot Record was infected but it looks fine.

How are the redirects ?

With this type of infection there may be more we cant see, so lets do this.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Internet re-direct is gone, working fine now. I am having trouble with Explorer, so have to use Safari. Explorer says running without add-ons, thing maybe my son my have done something trying to fix internet

I had some issues with anti-virus programs that i was not able to disable, hopefully this did not interfere with the scan

Thanks!


ComboFix 12-01-06.03 - Connor Appleby 01/06/2012 19:32:21.3.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8182.6112 [GMT -5:00]
Running from: c:\users\Connor Appleby\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 00:56 . 2012-01-07 01:00 -------- d-----w- c:\users\Connor Appleby\AppData\Local\temp
2012-01-07 00:56 . 2012-01-07 00:56 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-01-07 00:56 . 2012-01-07 00:56 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-07 00:56 . 2012-01-07 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 14:27 . 2011-12-30 14:27 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\AVG2012
2011-12-28 22:42 . 2011-12-28 22:42 -------- d-----w- c:\users\Sarah\AppData\Roaming\Wacom
2011-12-28 22:41 . 2011-12-28 22:41 -------- d-----w- c:\users\Sarah\AppData\Roaming\WTablet
2011-12-26 21:07 . 2011-12-26 21:07 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-26 19:02 . 2011-12-26 19:02 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Autodesk
2011-12-26 18:55 . 2011-12-26 18:55 -------- d-----w- c:\programdata\Alias
2011-12-26 18:53 . 2011-12-26 18:53 -------- d-----w- c:\program files (x86)\Autodesk
2011-12-26 18:48 . 2011-12-26 18:48 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-12-26 18:47 . 2011-12-26 18:47 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Wacom
2011-12-26 18:47 . 2011-12-27 14:52 -------- d-----w- c:\programdata\Wacom
2011-12-26 18:46 . 2011-12-26 18:47 -------- d-----w- c:\program files (x86)\Bamboo Dock
2011-12-26 18:45 . 2011-12-26 18:45 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\WTablet
2011-12-26 18:32 . 2012-01-06 19:46 -------- d-----w- C:\ComboFix-1
2011-12-26 02:42 . 2011-12-26 02:42 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 01:25 . 2011-12-26 01:25 -------- d-----w- c:\programdata\ALM
2011-12-26 00:59 . 2011-12-26 00:59 -------- d-----w- c:\program files (x86)\Adobe Story
2011-12-26 00:56 . 2011-12-26 00:56 -------- d-----w- c:\program files (x86)\My Company Name
2011-12-24 07:50 . 2011-12-24 11:10 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Wyga
2011-12-24 07:50 . 2011-12-24 07:50 -------- d-----w- c:\users\Connor Appleby\AppData\Roaming\Unefti
2011-12-15 02:49 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:49 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:49 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 02:49 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:49 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 02:49 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:49 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 02:49 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 00:08 . 2011-05-18 00:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 06:27 . 2011-11-11 07:00 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82C839B-8539-4680-989B-B2FCC8B07A95}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-06_20.59.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-07 01:00 62592 c:\windows\system64\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-07 01:00 85398 c:\windows\system64\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-02 22:21 . 2012-01-07 01:00 12112 c:\windows\system64\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1554704811-4091891495-1094212442-1000_UserData.bin
+ 2011-12-26 19:52 . 2012-01-07 00:58 55983 c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2011-12-26 19:52 . 2012-01-06 20:56 55983 c:\windows\system64\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-07 01:00 62592 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-07 01:00 85398 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-02 22:21 . 2012-01-07 01:00 12112 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1554704811-4091891495-1094212442-1000_UserData.bin
- 2011-12-26 19:52 . 2012-01-06 20:56 55983 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2011-12-26 19:52 . 2012-01-07 00:58 55983 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-02 22:17 . 2012-01-07 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-02 22:17 . 2012-01-06 20:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 15:51 . 2012-01-07 00:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-06 15:51 . 2012-01-06 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-17 17:06 . 2011-12-26 18:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-17 17:06 . 2012-01-06 21:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-17 17:06 . 2012-01-06 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-17 17:06 . 2011-12-26 18:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-10-17 17:06 . 2012-01-06 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-10-17 17:06 . 2011-12-26 18:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-06 15:51 . 2012-01-07 00:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 15:51 . 2012-01-06 20:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-06 15:51 . 2012-01-07 00:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-06 15:51 . 2012-01-06 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-03 01:11 . 2012-01-06 23:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-03 01:11 . 2012-01-02 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 01:11 . 2012-01-06 23:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-03 01:11 . 2012-01-02 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-06 19:39 . 2012-01-06 23:09 1740 c:\windows\SoftwareDistribution\EventCache\{97D814BB-C395-4388-85E4-0026D7BD9996}.bin
+ 2012-01-07 00:57 . 2012-01-07 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-06 20:56 . 2012-01-06 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-06 20:56 . 2012-01-06 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-07 00:57 . 2012-01-07 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-05 20:18 . 2012-01-07 01:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-05 20:18 . 2012-01-06 20:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-21 03:20 . 2012-01-06 20:59 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-07 01:01 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-06 20:59 671744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-07 01:01 671744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:46 . 2012-01-06 23:42 604264 c:\windows\system64\perfh009.dat
- 2006-11-02 12:46 . 2012-01-06 19:45 604264 c:\windows\system64\perfh009.dat
- 2006-11-02 12:46 . 2012-01-06 19:45 103964 c:\windows\system64\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-06 23:42 103964 c:\windows\system64\perfc009.dat
- 2009-11-28 15:28 . 2011-12-26 00:31 245760 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-28 15:28 . 2012-01-07 00:34 245760 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 12:46 . 2012-01-06 23:42 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-06 19:45 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-06 23:42 103964 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-06 19:45 103964 c:\windows\system32\perfc009.dat
- 2009-11-28 15:28 . 2011-12-26 00:31 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-28 15:28 . 2012-01-07 00:34 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-14 00:02 . 2012-01-06 20:52 360168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-14 00:02 . 2012-01-07 00:56 360168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-01-21 03:20 . 2012-01-07 01:01 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-06 20:59 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-18 22631608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-30 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"5-Day Forecast"="c:\program files (x86)\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" [2010-06-15 876544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-06-24 629848]
"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
.
c:\users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-9-30 53248]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 20:35]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 20:35]
.
2012-01-06 c:\windows\Tasks\Norton Security Scan for Connor Appleby.job
- c:\progra~2\NORTON~2\Engine\313~1.7\Nss.exe [2011-06-26 04:47]
.
2012-01-07 c:\windows\Tasks\User_Feed_Synchronization-{53F3B42F-94F6-43E8-8F18-C7EF3438945E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F18474AD-0958-4E2A-ABFC-5E8E3C831E2D}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-17 16308768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Spyware Doctor\pctsAuxs.exe
c:\program files (x86)\Spyware Doctor\pctsSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Safari\Safari.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
.
**************************************************************************
.
Completion time: 2012-01-06 20:10:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 01:10
ComboFix2.txt 2012-01-06 21:25
.
Pre-Run: 334,196,748,288 bytes free
Post-Run: 333,992,267,776 bytes free
.
- - End Of File - - 80B8325F9D9C6730D52EE5170D5E507C
 
This is what you want to do, you have 3 anti virus programs running, Spyware Doctor with AV, McAfee and AVG, more than one is overkill and will severely hamper system performance, all you need is one, keep it updated and run regular scans. Your call but you need to uninstall two of them via Programs and Features in the Control Panel. My self, I would get rid of Spyware Doctor and AVG, but its up to you.

The second run of Combofix found nothing which is great, sometimes things respawn but it looks fine.


Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset....will take a few seconds ...then close IE and reopen it and see if it made a difference

Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
uninstalled Ppyware Dr & AVG

IE working fine now - Thanks

scan came back clean

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19088
Connor Appleby :: CONNORAPPLEB-PC [administrator]

1/6/2012 8:46:04 PM
mbam-log-2012-01-06 (20-46-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221040
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Great, we always like to run a free online virus scanner to check for anything we have missed.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.




Then let me take one final look

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
FYI - one microsoft update continues to fail: Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2618444)


I ran the ESET scanner and it found no issues. The default was set to scan files in last 30 days. No log was produced (maybe becuase nothing was fouind)?

OTL Text

OTL logfile created on: 1/7/2012 7:09:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Connor Appleby\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.28% Memory free
16.13 Gb Paging File | 13.54 Gb Available in Paging File | 83.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 307.64 Gb Free Space | 45.00% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.84 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive E: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.92 Gb Total Space | 7.58 Gb Free Space | 50.80% Space Free | Partition Type: FAT32

Computer Name: CONNORAPPLEB-PC | User Name: Connor Appleby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Connor Appleby\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (OA002Vid) -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA002Ufd) -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\DRIVERS\avc.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\DRIVERS\61883.sys (Microsoft Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\DRIVERS\msdv.sys (Microsoft Corporation)
DRV:64bit: - (OA002Afx) -- C:\Windows\SysNative\Drivers\OA002Afx.sys (Creative Technology Ltd.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 68 A7 A1 11 56 6B 1D 46 A4 33 9E 4F 64 B4 06 A6 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 68 A7 A1 11 56 6B 1D 46 A4 33 9E 4F 64 B4 06 A6 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 68 A7 A1 11 56 6B 1D 46 A4 33 9E 4F 64 B4 06 A6 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 68 A7 A1 11 56 6B 1D 46 A4 33 9E 4F 64 B4 06 A6 [binary data]

IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 93 38 9F DD CC CC 01 [binary data]
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/23 09:03:19 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Connor Appleby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: No name found = C:\Users\Connor Appleby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/01/06 19:58:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [5-Day Forecast] C:\Program Files (x86)\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Connor Appleby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://www1.snapfish.com/SnapfishActivia3.cab (Snapfish Activia3)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6C1251-DE0E-4DF2-9EB9-7943A8261CD9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/11 19:21:22 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 07:08:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Connor Appleby\Desktop\OTL.exe
[2012/01/07 06:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/06 21:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/06 21:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/06 21:17:22 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/06 21:17:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/06 21:17:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/06 21:17:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/06 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Local\temp
[2012/01/06 19:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 14:45:13 | 004,373,779 | R--- | C] (Swearware) -- C:\Users\Connor Appleby\Desktop\ComboFix.exe
[2012/01/04 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\Desktop\x
[2011/12/30 09:27:14 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\AVG2012
[2011/12/26 16:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/26 16:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/12/26 14:02:42 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\Autodesk
[2011/12/26 13:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
[2011/12/26 13:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/12/26 13:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2011/12/26 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011/12/26 13:47:55 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\Wacom
[2011/12/26 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2011/12/26 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2011/12/26 13:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2011/12/26 13:45:16 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\WTablet
[2011/12/26 13:45:15 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2011/12/26 13:45:14 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2011/12/26 13:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2011/12/26 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2011/12/26 13:44:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2011/12/26 13:42:43 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2011/12/26 13:41:28 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2011/12/26 13:41:25 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2011/12/26 13:41:25 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2011/12/26 13:41:25 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2011/12/26 13:41:25 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2011/12/26 13:41:25 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2011/12/26 13:41:24 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2011/12/26 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/12/26 13:33:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/26 13:33:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/26 13:33:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/26 13:32:16 | 000,000,000 | ---D | C] -- C:\ComboFix-1
[2011/12/26 13:28:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/26 13:23:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 21:42:08 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/25 21:30:56 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\Desktop\Adobe
[2011/12/25 20:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/25 19:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2011/12/25 19:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/12/25 19:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/25 19:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5
[2011/12/24 02:50:22 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\Wyga
[2011/12/24 02:50:22 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\AppData\Roaming\Unefti
[2011/12/15 14:48:36 | 000,000,000 | -H-D | C] -- C:\Users\Connor Appleby\Documents\.picasaoriginals
[2011/12/14 21:49:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 21:49:29 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 21:49:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/10 23:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/09 20:29:47 | 000,000,000 | ---D | C] -- C:\Users\Connor Appleby\Documents\Audio
[2010/03/05 13:10:24 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Connor Appleby\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/01/07 07:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{53F3B42F-94F6-43E8-8F18-C7EF3438945E}.job
[2012/01/07 07:12:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 07:08:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Connor Appleby\Desktop\OTL.exe
[2012/01/07 06:41:59 | 000,060,939 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012/01/07 06:37:09 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 06:37:09 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 04:42:51 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F18474AD-0958-4E2A-ABFC-5E8E3C831E2D}.job
[2012/01/06 23:12:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/06 20:45:34 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 20:43:26 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/06 20:43:26 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/06 20:43:26 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/06 20:37:42 | 000,339,840 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/06 20:37:10 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/01/06 20:37:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 20:37:03 | 4285,718,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 19:58:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/06 19:22:45 | 004,373,779 | R--- | M] (Swearware) -- C:\Users\Connor Appleby\Desktop\ComboFix.exe
[2012/01/06 14:39:27 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Connor Appleby.job
[2012/01/02 08:58:00 | 000,008,484 | ---- | M] () -- C:\Users\Connor Appleby\AppData\Local\d3d9caps.dat
[2011/12/28 17:56:39 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/28 17:12:34 | 1051,717,811 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/26 17:24:21 | 000,002,301 | ---- | M] () -- C:\Users\Connor Appleby\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/26 16:07:34 | 000,000,725 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\NTREGOPT.lnk
[2011/12/26 16:07:34 | 000,000,706 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\ERUNT.lnk
[2011/12/26 15:49:16 | 002,102,650 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\malware.diagcab
[2011/12/26 13:55:41 | 000,002,037 | ---- | M] () -- C:\Users\Connor Appleby\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookExpress 2011.lnk
[2011/12/26 13:55:41 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBookExpress 2011.lnk
[2011/12/26 13:47:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011/12/26 12:39:13 | 000,000,134 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Internet Explorer Troubleshooting.url
[2011/12/26 09:24:42 | 085,260,637 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/25 21:25:51 | 000,001,045 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/12/25 21:25:38 | 000,001,457 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Illustrator CS5.1.lnk
[2011/12/25 20:47:45 | 004,843,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/25 20:38:08 | 000,001,046 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Premiere Pro CS5.5.lnk
[2011/12/25 20:32:35 | 000,000,974 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Flash Professional CS5.5.lnk
[2011/12/25 20:28:40 | 000,001,158 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe After Effects CS5.5.lnk
[2011/12/25 20:23:41 | 000,001,116 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Flash Catalyst CS5.5.lnk
[2011/12/25 20:17:59 | 000,001,044 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Audition CS5.5.lnk
[2011/12/25 20:12:36 | 000,001,184 | -HS- | M] () -- C:\Users\Connor Appleby\AppData\Local\48286118k4k7
[2011/12/25 19:59:03 | 000,000,104 | ---- | M] () -- C:\Users\Connor Appleby\Network - Shortcut.lnk
[2011/12/25 19:56:53 | 000,000,988 | ---- | M] () -- C:\Users\Connor Appleby\Desktop\Adobe Bridge CS5.1.lnk
[2011/12/15 18:25:28 | 000,094,162 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/12/15 15:26:48 | 000,001,414 | -HS- | M] () -- C:\Users\Connor Appleby\AppData\Local\054452l2d078j880h735m5rji6p4
[2011/12/15 14:49:34 | 000,000,913 | ---- | M] () -- C:\Users\Connor Appleby\Documents\.picasa.ini
[2011/12/15 14:48:36 | 002,320,538 | ---- | M] () -- C:\Users\Connor Appleby\Documents\ME AND MY BOO!.jpg
[2011/12/10 23:09:30 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/12/10 23:09:30 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/09 20:43:19 | 000,053,194 | ---- | M] () -- C:\Users\Connor Appleby\Documents\sewer man improv.cwp
[2011/12/09 20:36:24 | 003,362,480 | ---- | M] () -- C:\Users\Connor Appleby\sewer mann.mp3
[2011/12/09 10:17:25 | 000,078,336 | ---- | M] () -- C:\Users\Connor Appleby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/01/06 20:45:34 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 08:59:16 | 4285,718,527 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/28 14:01:10 | 000,000,452 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F18474AD-0958-4E2A-ABFC-5E8E3C831E2D}.job
[2011/12/26 16:07:34 | 000,000,725 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\NTREGOPT.lnk
[2011/12/26 16:07:34 | 000,000,706 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\ERUNT.lnk
[2011/12/26 15:49:15 | 002,102,650 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\malware.diagcab
[2011/12/26 13:55:41 | 000,002,037 | ---- | C] () -- C:\Users\Connor Appleby\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookExpress 2011.lnk
[2011/12/26 13:55:41 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBookExpress 2011.lnk
[2011/12/26 13:47:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2011/12/26 13:42:35 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal.lnk
[2011/12/26 13:42:35 | 000,001,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes.lnk
[2011/12/26 13:41:19 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
[2011/12/26 13:41:19 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2011/12/26 13:33:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/26 13:33:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/26 13:33:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/26 13:33:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/26 13:33:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/26 12:39:13 | 000,000,134 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Internet Explorer Troubleshooting.url
[2011/12/25 21:25:51 | 000,001,045 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/12/25 21:25:38 | 000,001,457 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Illustrator CS5.1.lnk
[2011/12/25 20:38:08 | 000,001,046 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Premiere Pro CS5.5.lnk
[2011/12/25 20:32:35 | 000,000,974 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Flash Professional CS5.5.lnk
[2011/12/25 20:28:40 | 000,001,158 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe After Effects CS5.5.lnk
[2011/12/25 20:23:41 | 000,001,116 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Flash Catalyst CS5.5.lnk
[2011/12/25 20:17:59 | 000,001,044 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Audition CS5.5.lnk
[2011/12/25 20:12:24 | 000,001,184 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\48286118k4k7
[2011/12/25 19:59:03 | 000,000,104 | ---- | C] () -- C:\Users\Connor Appleby\Network - Shortcut.lnk
[2011/12/25 19:56:53 | 000,000,988 | ---- | C] () -- C:\Users\Connor Appleby\Desktop\Adobe Bridge CS5.1.lnk
[2011/12/15 15:25:57 | 000,001,414 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\054452l2d078j880h735m5rji6p4
[2011/12/15 14:48:36 | 002,320,538 | ---- | C] () -- C:\Users\Connor Appleby\Documents\ME AND MY BOO!.jpg
[2011/12/09 20:34:50 | 003,362,480 | ---- | C] () -- C:\Users\Connor Appleby\sewer mann.mp3
[2011/12/09 20:30:04 | 000,053,194 | ---- | C] () -- C:\Users\Connor Appleby\Documents\sewer man improv.cwp
[2011/11/29 03:19:49 | 000,012,508 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\uf36os4qiys384hl57ab3al78b64o855v08872ix020cgq
[2011/11/29 03:19:49 | 000,012,508 | -HS- | C] () -- C:\ProgramData\uf36os4qiys384hl57ab3al78b64o855v08872ix020cgq
[2011/11/28 04:02:19 | 000,001,296 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\121518b2t827b281r656r4vbi8m1
[2011/11/26 13:58:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\312yOTHH.exe.b
[2011/11/26 13:55:53 | 000,000,112 | ---- | C] () -- C:\ProgramData\rU4PWC.dat
[2011/11/25 14:59:59 | 000,012,084 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\q54qp10egtn1b47yak1cxuws82656ekrq
[2011/11/25 14:59:59 | 000,012,084 | -HS- | C] () -- C:\ProgramData\q54qp10egtn1b47yak1cxuws82656ekrq
[2011/10/15 07:53:02 | 000,000,296 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/15 07:53:02 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/15 07:52:54 | 000,000,440 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/05/26 12:36:33 | 000,012,114 | -HS- | C] () -- C:\Users\Connor Appleby\AppData\Local\n8ph4jrwihupnmj32kp3qhs85iiqqew
[2011/05/26 12:36:33 | 000,012,114 | -HS- | C] () -- C:\ProgramData\n8ph4jrwihupnmj32kp3qhs85iiqqew
[2011/05/11 12:05:36 | 000,000,160 | ---- | C] () -- C:\ProgramData\~48619256r
[2011/05/11 12:05:36 | 000,000,152 | ---- | C] () -- C:\ProgramData\~48619256
[2011/05/11 12:05:14 | 000,000,328 | ---- | C] () -- C:\ProgramData\48619256
[2011/05/09 17:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Connor Appleby\AppData\Local\{93F58D26-DC2D-441C-B29E-11FAAE8C6512}
[2011/02/20 10:18:30 | 000,000,732 | ---- | C] () -- C:\Users\Connor Appleby\AppData\Local\d3d9caps64.dat
[2010/08/10 21:42:04 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/05 14:11:04 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/19 16:37:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 16:37:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/19 16:36:55 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/03 07:51:33 | 000,008,484 | ---- | C] () -- C:\Users\Connor Appleby\AppData\Local\d3d9caps.dat
[2009/10/02 17:25:26 | 000,078,336 | ---- | C] () -- C:\Users\Connor Appleby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 10:20:21 | 000,339,840 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/30 10:20:21 | 000,339,840 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/30 06:10:56 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/09/30 06:10:56 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/21 05:57:10 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/15 14:48:04 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\mcs_cor1.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/11/26 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\5CB13
[2009/11/13 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\acccore
[2009/12/06 11:15:48 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Antares
[2011/10/23 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\asssQQJ6dEK8R
[2011/02/17 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Audacity
[2011/12/26 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Autodesk
[2011/12/30 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\AVG2012
[2011/11/25 12:30:55 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Cakewalk
[2010/10/19 20:55:25 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Canon
[2011/12/25 21:42:08 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/14 21:20:37 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/18 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\EVVVellIBtzPy
[2011/10/18 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\fJJ66dWWK8fL9
[2011/11/26 09:42:11 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\hNtxP0ucSiDoGaH
[2011/11/26 09:42:20 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\JjYCwkIVrOtPuSi
[2011/10/18 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\lAAA1uuvS2ob3pG
[2011/01/28 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\MAXON
[2011/11/26 09:42:27 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\nBtzP0ycAiDoFpH
[2011/10/18 17:06:34 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\OFFF3ppnG5aQ6dK
[2011/02/08 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\ooVoo Details
[2009/12/06 11:24:44 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\PACE Anti-Piracy
[2011/11/26 09:42:19 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\pobF3pmG5Q6W8R9
[2010/09/26 17:45:42 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Publish Providers
[2011/11/26 10:05:13 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\pxA0uvS2iFpGaHd
[2010/06/10 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Sony
[2011/10/23 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\tJJ77dEEK8RZ9YX
[2011/11/26 09:42:13 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\UJ7dEK8gR9Y
[2011/12/24 02:50:22 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Unefti
[2011/12/26 13:47:55 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Wacom
[2011/12/26 13:48:12 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011/12/24 06:10:20 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Wyga
[2011/11/26 09:42:26 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\Z8gRZqhYXkVl
[2011/10/23 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\Connor Appleby\AppData\Roaming\ZcAA11ivD2on4pH
[2009/11/19 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\acccore
[2010/02/28 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook
[2009/10/25 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Publish Providers
[2009/10/25 17:00:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Sony
[2011/12/28 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom
[2012/01/06 20:36:06 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/07 07:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{53F3B42F-94F6-43E8-8F18-C7EF3438945E}.job
[2012/01/07 04:42:51 | 000,000,452 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F18474AD-0958-4E2A-ABFC-5E8E3C831E2D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

>
 
OTL Extras logfile created on: 1/7/2012 7:09:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Connor Appleby\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.28% Memory free
16.13 Gb Paging File | 13.54 Gb Available in Paging File | 83.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 307.64 Gb Free Space | 45.00% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.84 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive E: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.92 Gb Total Space | 7.58 Gb Free Space | 50.80% Space Free | Partition Type: FAT32

Computer Name: CONNORAPPLEB-PC | User Name: Connor Appleby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0A DB D1 1E 8A 8D CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC044D-3F41-498A-9950-B1EAC348175A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{02D00BB0-86F6-4B58-9EE3-A1E6319F2FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ED157E0-745F-44C5-8769-A9D96458BE09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{292C7578-CE34-4661-87BB-4D271C670054}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2AC3CAC7-7052-4AD9-AA9B-F449AAB55892}" = lport=2869 | protocol=6 | dir=in | app=system |
"{33CA2E30-92B3-453F-B071-3A8A08467200}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{37626C89-19A0-425B-8667-DCAB1AA3E588}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41C49750-BAFD-4C90-BD26-A0F6501F915E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{50BBA6F5-5A86-447D-9C90-31D224966BB7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{53500DAD-9121-4FF0-AF07-C0EC38AE7FF9}" = lport=37676 | protocol=6 | dir=in | name=oovoo tcp port 37676 |
"{5E8ACE34-9EE4-44BA-9771-7D7B61DD5211}" = lport=3390 | protocol=6 | dir=in | app=system |
"{62C87CD0-8096-440A-A1A2-98F1A8670AC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{785F0DF6-E028-45F5-BFA3-E6C812E74CF9}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8311FA23-A112-4455-816D-177F7B137A7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{849A9E97-997F-448D-B9A4-40544B34F9D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8549D967-3C62-42BF-8677-6D6172A8C98C}" = lport=37676 | protocol=17 | dir=in | name=oovoo udp port 37676 |
"{9CF89842-D882-4767-A046-7228733D626C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2B7DB6F-869F-48AB-8702-F492547017C2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A31E8ABC-284C-4B4E-BA49-0E0C0477602B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA91B5C5-A825-434B-BCA5-8B07F5490CC3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B1E774DC-2ADA-4C0A-95AA-AFCDA808C1FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD7A5D4E-2308-488A-8E8B-5F6BE8EC9DC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D332F22D-FF08-4BFA-ADBE-4AC469FB19F8}" = lport=37677 | protocol=17 | dir=in | name=oovoo udp port 37677 |
"{D592E0E6-D074-4769-9A24-800025C4DB8B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E54E3A88-5516-4F61-9DC8-02C78566798D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5645046-464D-42AD-BE63-2101214AA0FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0DFB439-E0A3-464F-B8D9-588C1DB1E4A6}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0492E873-9797-481F-A3B3-3B29C45D56FF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{0F1A2FF7-5D9E-4EF3-B889-46AC129B04F5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{10DBB04F-08A6-4B8C-898E-5891D6EEC73C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13210A2A-6257-4ACD-B936-0B10FF8903C3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{244D598B-E958-4D38-8A7F-2210CEFB2D12}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{34E71F22-D02A-42FD-9DE1-743D7EFFB3F6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{376EB22D-B36A-45E9-912C-3164FA234E06}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5174BBC5-384B-480B-B52B-109BFAA115C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{548C34AA-1B87-42FD-BBEE-B72A7F9965B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F749502-11E5-48CB-A867-531C2BD1EE36}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{60FDD5A9-7D61-49AA-802D-FD1AEF18DC9E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6FBD141D-A6CB-4766-A759-174C8873B7C0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{740B2B85-2009-4D1F-990F-F62C9413A45E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{75A45C0E-7623-437B-9FBA-C321DDE9C08A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{75CF915E-BC16-419B-A4FB-D4927F4BA56A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{77855F75-F401-4D57-9CEC-52731EBEBAA8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{781FB803-CEEE-4F02-9856-DB7CE01F64FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83A5D4D9-9E4C-4BFC-9290-99834A557E14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8485C968-8B8C-48C9-B386-1382797DB470}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8E1A41C2-24B1-4FCE-B963-836304F9C230}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9017D0C7-35F1-4423-8448-BB25EEFDA919}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{95F107B4-0A25-48B3-8A86-F89ECEC4AC9F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9C96BA63-A22E-4030-AA56-382260E50F43}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A4B12264-BE16-4988-ABDA-FBF05E1E92D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC206B2F-5404-4F71-AAD0-7A7DA3A348D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ACF23CC8-E4CC-4B1F-AA60-A884DF52A034}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{AD897A7E-C3F2-44E5-A435-B720ABADC6C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B5694ECF-F16D-4037-974B-B2E1D47ECB6E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{BCBCD6F7-8530-48E4-9A96-B340253BE0AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C7EE6CB2-5D02-43CD-A07D-3FA91D49432D}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C9804864-C809-4A29-96D8-2FA0AAA6C0B2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D2B2EF87-2E5E-48BB-8C8B-C543B441D2BA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D3C55C8A-D9D7-41B6-86AE-3FC705040605}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D6C27649-4056-4566-9CF9-B2B9DC224DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E337A98D-EDE1-4755-B0B3-DCF054539C43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E43EA2E1-8FD6-45B9-8F06-77D20D0EA22D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E4D97E37-D484-4402-AAF2-3E1309D81653}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4F310C3-545C-46E2-96EE-01963FDADB90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E607344E-870F-41CA-8942-D47FFF919E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E99B0D43-A068-48FF-8DCF-65E526E3525C}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F2994172-CEED-48BE-BD04-C1E77D436FF9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F36A1404-1B0A-420D-A2C0-09C16D69F1DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FC11FDA9-D2A0-44DA-B4B0-0A72E26D245B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FF19AA82-A6BB-46DF-9CB8-4551913141CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{2382F535-83A7-4FC0-886E-4680517CB655}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{2DAEBA29-21D0-4773-9E0C-7345113B1126}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{F04BF68F-7D69-4E0A-A5D3-25593F661714}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{6130A414-DAAB-49C0-8395-21AF2AA7A1F7}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{F3DA9A82-F427-4B67-8A08-6A875EAE3729}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AVG" = AVG 2012
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"MAXONFD3BFAC6" = CINEMA 4D Demo 12.032
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PROSetDX" = Intel(R) Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 30
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E8F136A-E573-44AB-860D-ABF7B03C1434}" = 5-Day Forecast
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D62518F-F86F-C57D-8599-F90C2CA99A6F}" = Bamboo Dock
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79F41FC6-07F9-47C2-BBAC-37C7C70EE703}" = MCEBrowser
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}" = Autodesk SketchBookExpress 2011
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2E447CB-2950-46A6-A403-0E4F7EED564B}" = SAMSUNG Video Codec 1.2.5009
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"AIM_7" = AIM 7
"Aleks 3.12" = Aleks 3.12
"Bamboo Dock" = Bamboo Dock
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee SecurityCenter
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MyCamera" = Canon Utilities MyCamera
"NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas
"NewBlue VideoFX MSPP" = NewBlue VideoFX MSPP
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2011 5:47:35 PM | Computer Name = ConnorAppleb-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/26/2011 5:47:49 PM | Computer Name = ConnorAppleb-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2011 6:08:07 PM | Computer Name = ConnorAppleb-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2011 12:41:08 AM | Computer Name = ConnorAppleb-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 724 Start Time: 01ccc51ae0149ace Termination Time: 9

Error - 12/28/2011 3:30:00 PM | Computer Name = ConnorAppleb-PC | Source = Application Error | ID = 1000
Description = Faulting application Bamboo Dock.exe, version 0.0.0.0, time stamp
0x4da506f6, faulting module Pen_Tablet.dll, version 5.2.5.5, time stamp 0x4e694dd7,
exception code 0x40000015, fault offset 0x000bc484, process id 0x1954, application
start time 0x01ccc4a7294ac44e.

Error - 12/28/2011 6:04:50 PM | Computer Name = ConnorAppleb-PC | Source = RasClient | ID = 20227
Description =

Error - 12/28/2011 6:17:15 PM | Computer Name = ConnorAppleb-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 9:49:24 AM | Computer Name = ConnorAppleb-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/30/2011 9:55:46 AM | Computer Name = ConnorAppleb-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/1/2012 9:49:27 AM | Computer Name = ConnorAppleb-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/20/2009 6:56:52 AM | Computer Name = ConnorAppleb-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/21/2011 10:39:26 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 107
Description =

Error - 1/21/2011 10:51:42 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 107
Description =

Error - 1/21/2011 10:57:05 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 109
Description =

Error - 1/21/2011 11:13:35 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 107
Description =

Error - 1/21/2011 11:13:36 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 109
Description =

Error - 6/29/2011 4:34:16 AM | Computer Name = ConnorAppleb-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 1/7/2012 7:28:33 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "ELIZABETH-PC :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.109 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 7:30:52 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "PAPPLEBY-LT2 :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 7:38:56 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "ELIZABETH-PC :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.109 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 7:41:16 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "PAPPLEBY-LT2 :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 7:50:22 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "ELIZABETH-PC :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.109 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 7:52:39 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "PAPPLEBY-LT2 :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 8:01:15 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "ELIZABETH-PC :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.109 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 8:03:32 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "PAPPLEBY-LT2 :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 8:12:12 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "ELIZABETH-PC :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.109 did
not allow the name to be claimed by this computer.

Error - 1/7/2012 8:14:29 AM | Computer Name = ConnorAppleb-PC | Source = netbt | ID = 4321
Description = The name "PAPPLEBY-LT2 :0" could not be registered on the interface
with IP address 192.168.1.118. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.


< End of report
 
A bit more to do

  • Close all programs so that you are at your desktop.
  • Open the Control Panel switch to classic view, then click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.




You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\ProgramData\312yOTHH.exe <--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en





Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1554704811-4091891495-1094212442-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
I apologize, but I am not sure what file I submit to virustotal when you say submit this file?

I did comlete the task of showing all hidden files

Thanks
 
C:\ProgramData\312yOTHH.exe <--This file

Go to Computer
Click on your C: drive
Then ProgramData
Then 312yOTHH.exe
 
312yOTHH.exe.b

the file on my system has a "b" at the end?

I tried sending the file on both sites, but got a file is empty reply back (looked at size and it is 0)
 
Status
Not open for further replies.
Back
Top