Jump to content

heidiiiii5

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by heidiiiii5

  1. If she has that stuff on the computer (itorrent etc) I will ask her about that later and tell her to remove it. I have no idea. I will get back to you. Thanks!
  2. I have completely forgotten how to do this so if I am posting in the wrong area, I am sorry, My daughter left me a note stating that she accidentally clicked on a link today and some stupid malware downloaded. She used the quick scan on our version of Malwarebytes but I guess it seemed to not get them all. I do not really know. She says that something called Expressburn wont go away. I have just gotten home and not experienced anything yet but I have been here twice with some really nasty stuff so I want to nip it in the bud. Thanks Heidi
  3. I am about ready to throw this Dell off the front porch and run over it repeatedly with my Jeep! I do not know what was downloaded because of course the *kids* act dumb when it comes to fessing up. I know I have something infecting the computer because of all the weird things going on. I bought malwarebytes yesterday because I could not take it anymore. I just do not know what to do besides the quick scan that quarantines stuff One issue is with startup. There is something infecting the start up and sometimes it says it has critical problems and has to close. Or it will just crash. Or it wont let you shut down properly. The clock will change the time on its own. When you first go on, and you open another window, another window will pop up and wants you to watch a video. It is a cluster you know what! Oh, and on Tuesday System Mechanic Pro just stopped working all together. The iolo system tray wont even come on so I cannot turn on the virus protection...it will not automatically come on anymore. I hope someone can help me.
  4. Okay. duh. I need more coffee. You said protection log. I will post one from yesterday and today. 2012/05/29 10:34:02 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/29 10:34:05 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/29 10:34:08 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 10:34:12 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 10:37:35 -0400 HEIDI-PC Heidi MESSAGE Executing scheduled update: Daily 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Scheduled update executed successfully: database updated from version v2012.05.27.06 to version v2012.05.29.04 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Starting database refresh 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Stopping IP protection 2012/05/29 10:40:41 -0400 HEIDI-PC Heidi MESSAGE IP Protection stopped 2012/05/29 10:40:45 -0400 HEIDI-PC Heidi MESSAGE Database refreshed successfully 2012/05/29 10:40:45 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 10:40:48 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 17:04:23 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/29 17:04:28 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/29 17:04:31 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 17:04:34 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 19:17:26 -0400 HEIDI-PC chelsea MESSAGE Starting protection 2012/05/29 19:17:30 -0400 HEIDI-PC chelsea MESSAGE Protection started successfully 2012/05/29 19:17:33 -0400 HEIDI-PC chelsea MESSAGE Starting IP protection 2012/05/29 19:17:36 -0400 HEIDI-PC chelsea MESSAGE IP Protection started successfully 2012/05/30 00:01:15 -0400 HEIDI-PC chelsea MESSAGE Executing scheduled update: Daily 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Starting database refresh 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Stopping IP protection 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Scheduled update executed successfully: database updated from version v2012.05.29.04 to version v2012.05.29.07 2012/05/30 00:04:51 -0400 HEIDI-PC chelsea MESSAGE IP Protection stopped 2012/05/30 00:04:55 -0400 HEIDI-PC chelsea MESSAGE Database refreshed successfully 2012/05/30 00:04:55 -0400 HEIDI-PC chelsea MESSAGE Starting IP protection 2012/05/30 00:04:59 -0400 HEIDI-PC chelsea MESSAGE IP Protection started successfully 2012/05/30 05:50:16 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/30 05:50:20 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/30 05:50:23 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/30 05:50:26 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51106, Process: firefox.exe) 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51107, Process: firefox.exe) 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51108, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51160, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51164, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51173, Process: firefox.exe) I have noticed an issue with Windows Defender now too. It will turn off and then will not turn on again (time out) unless you restart the computer.
  5. Which log do you want from Mbam? The todays protection log or the most current mbam log?
  6. Here are the two things that popped up. I will do the scan now .1. C:\programdata\Iolo\systemshield\quarantined\DoraAdventure W32/NewMalware-LSR-based-Maxim 2. C:\Programdata\iolo\systemshield\quarantined\71B5DAE-302B W32/NewMalware-LSR-based-Maxim
  7. Everything was fine until the MP needed to be upgraded. Then Windows defender quarantined the same two malware`s that I posted before. The Dora and the other one (up thread). The computer is acting fine. None of the other issues with the browser`s like before. Just this morning the trial malwarebytes told me that it stopped a virus from getting in. So I am wondering if it is coming from the virus protection. I am going to purchase Malwarebytes when the trial is over. Another weird thing happened that makes me think it is related. About a few days after you fixed the computer, I get a weird phone call from the NY area. They told me that there were virus attacks in my area and that they had been told I had an issue. I needed to turn on my computer. I told them off basically because I did not fall off the turnip truck. But it creeped us out and wondered if it was connected at all. Anyway, I did the upgrade on the iolo and it is quarantined. If It happens again, I am gonna fling this laptop off my front porch.
  8. All done. Thank you Elise! I am super happy! I am going to tell everyone that this is the place to go and this is the program to have on their computers. I am going to most definitely download full version. I came home from a bad vacation to a limping computer. You got rid of it! Bless you. You can close the topic now.
  9. I typed in combofix/uninstall in the Run box. It says it does not find that on the computer. I double checked that I typed it correctly and it did the same thing. Oh! I am so happy that you helped me. I am definitely coming back to hit your donate button when the paycheck comes in. And other then the thing up top. Everything is good.
  10. I will not be back on until tomorrow morning. Have a good one. See you then.
  11. Here is the next scan. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk2 a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\ProgramData\iolo\System Shield\Quarantined\C2DC25F-65B95BCF.INFECTED multiple threats deleted - quarantined C:\Users\chelsea\Downloads\Adobe Photoshop CS5 or extended activator VIRUS FREE.zip Win32/HackKMS.A application deleted - quarantined C:\Users\chelsea\Downloads\openfreely_1296.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined C:\Users\Heidi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7ce16a0a-45e03a4d Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
  12. I started it at 330pm and it is still at 44% at 6pm. Hoping it gets done before I go to bed. LOL It has found 10 things already.
  13. Browser is working fine now. That snap.do is gone. The only thing was when I did the full scan, I got the pop up saying that I had those two malwares that I posted above before. One was a Dora one. And we still have to fix those things on the desktop. But so far, so good.
  14. Here is the OTL: OTL logfile created on: 5/22/2012 3:04:14 PM - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Heidi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 51.37% Memory free 6.95 Gb Paging File | 4.87 Gb Available in Paging File | 70.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 397.06 Gb Free Space | 88.04% Space Free | Partition Type: NTFS Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/22 10:54:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Downloads\OTL.exe PRC - [2012/05/09 10:42:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/04/17 10:51:36 | 001,432,536 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011/02/16 07:22:42 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/05/10 09:09:19 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/10 09:05:17 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 09:04:35 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012/05/10 09:04:16 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/10 09:04:08 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/10 09:04:03 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012/05/10 09:03:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/10 09:03:43 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 09:03:39 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 09:03:37 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 09:03:19 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/09 10:42:39 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/05 15:11:16 | 008,797,856 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2011/05/30 11:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2011/05/30 11:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/09/28 14:53:34 | 000,179,520 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV:64bit: - [2011/09/28 14:53:30 | 000,119,104 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV:64bit: - [2011/09/28 14:53:20 | 000,121,152 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) SRV:64bit: - [2011/07/13 22:15:36 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/07/13 20:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/05/27 15:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/05/09 10:42:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/05 15:11:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/03/31 16:08:18 | 000,077,984 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011/02/16 07:22:42 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk) DRV:64bit: - [2012/04/10 15:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/09/28 15:06:40 | 000,173,376 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\amp.sys -- (AMP) DRV:64bit: - [2011/09/28 15:06:38 | 001,484,096 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\ampse.sys -- (AMPSE) DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/07/15 17:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011/07/15 17:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011/07/13 23:00:06 | 009,978,880 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/07/13 21:33:58 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/06/16 18:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/16 18:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/05/27 15:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/31 16:08:30 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/03/31 16:08:30 | 000,281,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/03/31 16:08:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/03/31 16:08:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/03/31 16:08:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/03/31 16:08:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/03/31 16:08:30 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/24 16:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/12/16 03:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/12/01 20:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/13 13:35:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/19 18:51:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsozilla Firefox 12.0\extensions\Plugins... [2012/02/17 16:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions [2012/05/22 11:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions [2012/05/09 10:43:25 | 000,001,301 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\searchplugins\my-homepage.xml [2012/05/18 09:59:58 | 000,002,416 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\searchplugins\Web Search.xml [2012/03/18 06:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/17 21:48:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/09 10:42:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/09 10:42:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/09 10:42:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=W3i&dpid=UnknownProvider&searchtype=ds&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/21 15:30:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\iavlsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\iavlsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\iavlsp64.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 156.154.119.11 156.154.129.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0393E023-2857-44D0-85FC-93B55B5B8A18}: DhcpNameServer = 192.168.2.1 192.168.2.1 156.154.119.11 156.154.129.11 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/22 11:47:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/21 16:15:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/21 15:33:47 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/05/21 15:17:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/05/21 10:16:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/05/21 10:16:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/05/21 10:15:54 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/05/21 10:01:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/19 21:05:27 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Malwarebytes [2012/05/19 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/19 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/19 21:05:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/05/19 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/19 18:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/19 18:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/05/10 19:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/10 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/10 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/09 12:03:13 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012/05/09 12:03:11 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/05/09 12:03:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/05/09 12:03:10 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/05/09 10:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/09 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/05/06 22:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/06 22:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/06 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/06 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/05/04 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/05/04 22:39:52 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\WinRAR [2012/05/04 22:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/05/04 22:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012/05/04 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/05/04 22:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012/05/04 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple Computer [2012/05/03 12:35:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2012/05/03 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2012/05/03 12:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Manual [2012/05/03 12:09:48 | 000,336,896 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLM9W.DLL [2012/05/03 12:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012/04/26 10:26:21 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Apple Computer [2012/04/25 22:23:33 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll [2012/04/25 22:23:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll [2012/04/25 22:23:33 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2012/04/25 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/04/25 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/04/25 22:21:34 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple [2012/04/25 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/04/25 22:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/04/25 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/04/25 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/04/25 22:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/04/25 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple ========== Files - Modified Within 30 Days ========== [2012/05/22 15:11:09 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/05/22 14:41:12 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1002UA.job [2012/05/22 14:38:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1005UA.job [2012/05/22 14:26:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1004UA.job [2012/05/22 13:38:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1005Core.job [2012/05/22 12:26:03 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job [2012/05/22 12:08:34 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/22 12:08:34 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/22 12:01:38 | 000,000,408 | ---- | M] () -- C:\windows\SysWow64\iolo.ini [2012/05/22 12:01:38 | 000,000,408 | ---- | M] () -- C:\windows\SysNative\iolo.ini [2012/05/22 12:00:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/05/22 12:00:43 | 2799,697,920 | -HS- | M] () -- C:\hiberfil.sys [2012/05/22 11:26:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1004Core.job [2012/05/22 10:54:36 | 000,001,416 | ---- | M] () -- C:\Users\Heidi\Desktop\OTL - Shortcut.lnk [2012/05/21 22:41:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1002Core.job [2012/05/21 15:30:49 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/05/21 15:06:21 | 000,013,296 | ---- | M] () -- C:\Users\Heidi\Desktop\ComboFix - Shortcut.lnk [2012/05/19 21:47:43 | 000,001,420 | ---- | M] () -- C:\Users\Heidi\Desktop\dds - Shortcut.lnk [2012/05/19 21:05:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/19 19:48:35 | 000,001,181 | ---- | M] () -- C:\Users\Heidi\Desktop\System Checkup.lnk [2012/05/19 18:50:44 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/18 14:43:43 | 000,002,405 | ---- | M] () -- C:\Users\Heidi\Desktop\Google Chrome.lnk [2012/05/10 08:54:54 | 004,851,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/05/10 01:38:44 | 000,794,158 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/05/10 01:38:44 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/05/10 01:38:44 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/05/06 22:56:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/06 22:36:25 | 000,180,224 | ---- | M] () -- C:\windows\SysWow64\qtcf.dll [2012/05/05 15:11:17 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/05/05 15:11:17 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/05/05 15:11:08 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/04/27 23:55:20 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/04/27 11:54:00 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job ========== Files Created - No Company Name ========== [2012/05/22 10:54:36 | 000,001,416 | ---- | C] () -- C:\Users\Heidi\Desktop\OTL - Shortcut.lnk [2012/05/22 09:44:40 | 000,000,408 | ---- | C] () -- C:\windows\SysWow64\iolo.ini [2012/05/22 09:44:40 | 000,000,408 | ---- | C] () -- C:\windows\SysNative\iolo.ini [2012/05/21 15:06:21 | 000,013,296 | ---- | C] () -- C:\Users\Heidi\Desktop\ComboFix - Shortcut.lnk [2012/05/21 10:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/05/21 10:16:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/05/21 10:16:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/05/21 10:16:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/05/21 10:16:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/05/19 21:47:43 | 000,001,420 | ---- | C] () -- C:\Users\Heidi\Desktop\dds - Shortcut.lnk [2012/05/19 21:05:23 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/19 19:48:35 | 000,001,181 | ---- | C] () -- C:\Users\Heidi\Desktop\System Checkup.lnk [2012/05/19 18:50:44 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/06 22:56:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/06 22:36:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\qtcf.dll [2012/04/27 10:54:27 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012/04/25 22:21:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/04/09 17:07:15 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/02/25 14:54:22 | 000,012,288 | ---- | C] () -- C:\Users\Heidi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/17 17:40:20 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dll [2011/12/11 18:42:34 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/12/11 18:41:12 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011/12/11 18:41:08 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011/12/11 18:41:07 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini [2011/12/11 18:41:07 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011/12/11 18:41:07 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011/12/11 18:41:07 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011/12/11 17:37:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/12/11 17:34:34 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2011/12/11 17:25:28 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011/07/13 20:55:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll < End of report >
  15. I will do the OTL log now. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.22.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Heidi :: HEIDI-PC [administrator] Protection: Enabled 5/22/2012 1:36:57 PM mbam-log-2012-05-22 (13-36-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 362161 Time elapsed: 1 hour(s), 25 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  16. deleted uTorrent, doing full scan now. I would like it to have the google/firefox search like the first page does. I do get it when I hit the home button on the upper right hand side. I will add report when done. I am also going to play around and see how it is acting.
  17. When I click the home tab, the second page is normal. No more snap.do! I will play around to see if it slows down
  18. When I open a new tab, it is blank. I did not install the uTorrent. My child did. I will uninstall it. now. I will be back to do the rest but have appointment now
  19. I have to leave for about an hour. I will be back. I appreciate your help!
  20. No report popped up after it rebooted itself. There are three things on the desktop that are like light in color. Firefox, and two things that say Desktop.ini Also when I click to show desktop, the clock/weather disappears but if I minimize, it is still on the screen. Probably nothing but I thought I would let you know. What should I do? Still no report
  21. If I only stay on the one page that is firefox/google and do not tab another page...everything is fine. When I tab to get another page, the browser is snap.do and then the quality of the computer use goes downhill.
  22. Sorry It took me so long to post. OTL logfile created on: 5/22/2012 10:55:10 AM - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Heidi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 59.47% Memory free 6.95 Gb Paging File | 5.06 Gb Available in Paging File | 72.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 397.18 Gb Free Space | 88.06% Space Free | Partition Type: NTFS Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/22 10:54:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Downloads\OTL.exe PRC - [2012/05/09 10:42:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/04/17 10:51:36 | 001,432,536 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011/02/16 07:22:42 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/05/10 09:09:19 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/10 09:05:17 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 09:04:35 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012/05/10 09:04:16 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/10 09:04:08 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/10 09:04:03 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012/05/10 09:03:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/10 09:03:43 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 09:03:39 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 09:03:37 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 09:03:19 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/09 10:42:39 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/04/25 12:14:10 | 000,077,112 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_12.dll MOD - [2012/04/25 02:40:54 | 000,079,872 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko12.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2011/05/30 11:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2011/05/30 11:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/09/28 14:53:34 | 000,179,520 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV:64bit: - [2011/09/28 14:53:30 | 000,119,104 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV:64bit: - [2011/09/28 14:53:20 | 000,121,152 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) SRV:64bit: - [2011/07/13 22:15:36 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/07/13 20:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/05/27 15:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/05/09 10:42:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/05 15:11:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/03/31 16:08:18 | 000,077,984 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011/02/16 07:22:42 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk) DRV:64bit: - [2012/04/10 15:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/09/28 15:06:40 | 000,173,376 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\amp.sys -- (AMP) DRV:64bit: - [2011/09/28 15:06:38 | 001,484,096 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\ampse.sys -- (AMPSE) DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/07/15 17:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011/07/15 17:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011/07/13 23:00:06 | 009,978,880 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/07/13 21:33:58 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/06/16 18:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/16 18:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/05/27 15:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/31 16:08:30 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/03/31 16:08:30 | 000,281,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/03/31 16:08:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/03/31 16:08:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/03/31 16:08:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/03/31 16:08:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/03/31 16:08:30 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/24 16:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/12/16 03:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/12/01 20:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=1aceb128-6fe4-448f-808d-8383156da089&searchtype=ds&isid=9860&q={searchTerms} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=1aceb128-6fe4-448f-808d-8383156da089&searchtype=ds&isid=9860&q={searchTerms} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=1aceb128-6fe4-448f-808d-8383156da089&searchtype=ds&isid=9860&q={searchTerms} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\..\SearchScopes\{B56CBE13-013A-49F8-800D-F22648DC17FB}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms} IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/13 13:35:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/19 18:51:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsozilla Firefox 12.0\extensions\Plugins... [2012/02/17 16:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions [2012/05/18 11:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions [2012/04/27 10:57:24 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/05/18 11:07:44 | 000,000,000 | ---D | M] ("Community Smartbar") -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\extensions\helperbar@helperbar.com [2012/05/09 10:43:25 | 000,001,301 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\searchplugins\my-homepage.xml [2012/05/18 09:59:58 | 000,002,416 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\9jmhnmps.default\searchplugins\Web Search.xml [2012/03/18 06:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/17 21:48:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/09 10:42:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/09 10:42:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/09 10:42:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=W3i&dpid=UnknownProvider&searchtype=ds&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/21 15:30:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\iavlsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\iavlsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\iavlsp64.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\iavlsp.dll (iolo technologies, LLC) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 156.154.119.11 156.154.129.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0393E023-2857-44D0-85FC-93B55B5B8A18}: DhcpNameServer = 192.168.2.1 192.168.2.1 156.154.119.11 156.154.129.11 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/21 16:15:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/21 15:33:47 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/05/21 15:17:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/05/21 10:16:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/05/21 10:16:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/05/21 10:15:54 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/05/21 10:01:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/19 21:05:27 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Malwarebytes [2012/05/19 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/19 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/19 21:05:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/05/19 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/19 18:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/19 18:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/05/10 19:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/10 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/10 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/09 12:03:13 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012/05/09 12:03:11 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/05/09 12:03:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/05/09 12:03:10 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/05/09 10:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/09 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/05/06 22:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/06 22:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/06 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/06 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/05/04 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/05/04 22:39:52 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\WinRAR [2012/05/04 22:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/05/04 22:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012/05/04 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/05/04 22:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012/05/04 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple Computer [2012/05/03 12:35:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2012/05/03 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2012/05/03 12:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Manual [2012/05/03 12:09:48 | 000,336,896 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLM9W.DLL [2012/05/03 12:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012/04/26 10:26:21 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Apple Computer [2012/04/25 22:23:33 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll [2012/04/25 22:23:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll [2012/04/25 22:23:33 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2012/04/25 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/04/25 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/04/25 22:21:34 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple [2012/04/25 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/04/25 22:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/04/25 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/04/25 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/04/25 22:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/04/25 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple ========== Files - Modified Within 30 Days ========== [2012/05/22 10:54:36 | 000,001,416 | ---- | M] () -- C:\Users\Heidi\Desktop\OTL - Shortcut.lnk [2012/05/22 10:41:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1002UA.job [2012/05/22 10:39:24 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/22 10:39:24 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/22 10:38:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1005UA.job [2012/05/22 10:32:25 | 000,000,408 | ---- | M] () -- C:\windows\SysWow64\iolo.ini [2012/05/22 10:32:25 | 000,000,408 | ---- | M] () -- C:\windows\SysNative\iolo.ini [2012/05/22 10:31:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/05/22 10:31:41 | 2799,697,920 | -HS- | M] () -- C:\hiberfil.sys [2012/05/22 10:11:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/05/21 23:26:03 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1004UA.job [2012/05/21 22:41:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1002Core.job [2012/05/21 15:30:49 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/05/21 15:06:21 | 000,013,296 | ---- | M] () -- C:\Users\Heidi\Desktop\ComboFix - Shortcut.lnk [2012/05/21 13:38:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1005Core.job [2012/05/21 13:01:48 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job [2012/05/21 11:26:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1367393647-3819637459-4209849266-1004Core.job [2012/05/19 21:47:43 | 000,001,420 | ---- | M] () -- C:\Users\Heidi\Desktop\dds - Shortcut.lnk [2012/05/19 21:05:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/19 19:48:35 | 000,001,181 | ---- | M] () -- C:\Users\Heidi\Desktop\System Checkup.lnk [2012/05/19 18:50:44 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/18 14:43:43 | 000,002,405 | ---- | M] () -- C:\Users\Heidi\Desktop\Google Chrome.lnk [2012/05/10 08:54:54 | 004,851,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/05/10 01:38:44 | 000,794,158 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/05/10 01:38:44 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/05/10 01:38:44 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/05/06 22:56:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/06 22:36:25 | 000,180,224 | ---- | M] () -- C:\windows\SysWow64\qtcf.dll [2012/05/05 15:11:17 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/05/05 15:11:17 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/05/05 15:11:08 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/04/27 23:55:20 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/04/27 11:54:00 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job ========== Files Created - No Company Name ========== [2012/05/22 10:54:36 | 000,001,416 | ---- | C] () -- C:\Users\Heidi\Desktop\OTL - Shortcut.lnk [2012/05/22 09:44:40 | 000,000,408 | ---- | C] () -- C:\windows\SysWow64\iolo.ini [2012/05/22 09:44:40 | 000,000,408 | ---- | C] () -- C:\windows\SysNative\iolo.ini [2012/05/21 15:06:21 | 000,013,296 | ---- | C] () -- C:\Users\Heidi\Desktop\ComboFix - Shortcut.lnk [2012/05/21 10:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/05/21 10:16:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/05/21 10:16:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/05/21 10:16:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/05/21 10:16:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/05/19 21:47:43 | 000,001,420 | ---- | C] () -- C:\Users\Heidi\Desktop\dds - Shortcut.lnk [2012/05/19 21:05:23 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/19 19:48:35 | 000,001,181 | ---- | C] () -- C:\Users\Heidi\Desktop\System Checkup.lnk [2012/05/19 18:50:44 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/06 22:56:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/06 22:36:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\qtcf.dll [2012/04/27 10:54:27 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2012/04/25 22:21:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/04/09 17:07:15 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/02/25 14:54:22 | 000,012,288 | ---- | C] () -- C:\Users\Heidi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/17 17:40:20 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dll [2011/12/11 18:42:34 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/12/11 18:41:12 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011/12/11 18:41:08 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011/12/11 18:41:07 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini [2011/12/11 18:41:07 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011/12/11 18:41:07 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011/12/11 18:41:07 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011/12/11 17:37:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/12/11 17:34:34 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2011/12/11 17:25:28 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011/07/13 20:55:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll < End of report > Extras: OTL Extras logfile created on: 5/22/2012 10:55:10 AM - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Heidi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 59.47% Memory free 6.95 Gb Paging File | 5.06 Gb Available in Paging File | 72.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 397.18 Gb Free Space | 88.06% Space Free | Partition Type: NTFS Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05F84DF3-DEFD-46FB-8F84-EC782E94926B}" = lport=137 | protocol=17 | dir=in | app=system | "{0C6731DD-56B6-48CB-B633-70C4BF44C514}" = rport=138 | protocol=17 | dir=out | app=system | "{1E36481F-CCF3-4FCC-8D01-ABAF3EA68169}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20C15834-5601-41BA-8F89-7C4C129A67EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2646D797-09EB-49B9-95C7-6249B3E5E197}" = rport=10243 | protocol=6 | dir=out | app=system | "{293FFA49-1F1D-456E-83B7-CDA483CD8E0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{381D2E82-758B-446E-84A0-81C420A45FF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3C50C43A-CDA6-4D84-AB76-D60982BAB8E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40DAD2E7-6D4B-478E-9490-50D50F2ABF64}" = rport=137 | protocol=17 | dir=out | app=system | "{41CC7108-A6F7-47B4-B86A-F31BB1DCCB3D}" = lport=138 | protocol=17 | dir=in | app=system | "{4C07DBBF-09CA-4F2E-B3E8-55D1E7266A9A}" = lport=10243 | protocol=6 | dir=in | app=system | "{52ED581A-3F7F-41E0-AFF0-A57C14A33993}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{63852D49-0364-41EF-98DE-E4D04A0AADD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{69BBD8B7-752E-43B8-9996-1C986625372E}" = rport=139 | protocol=6 | dir=out | app=system | "{76C6FD71-C3B2-4617-8F7F-B0E79B941E72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B46DECC-03EA-45AD-B262-3393875C29CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7C7824A5-194F-4949-B4E1-0BA160F06A95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A032BA69-C89C-48F7-918D-AAA92852CE9A}" = rport=445 | protocol=6 | dir=out | app=system | "{A5639321-C803-40CB-A450-470B4F3AFC2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DB2C8026-5E66-4471-AA0C-DBEED0D3CF5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DB51AC25-0A34-4992-AB1E-E68ED299AC4A}" = lport=139 | protocol=6 | dir=in | app=system | "{EFD1C6FF-3ED2-4216-85F3-46FBCB452B45}" = lport=2869 | protocol=6 | dir=in | app=system | "{F4425406-9562-4FE9-ADC7-0317E3F61782}" = lport=445 | protocol=6 | dir=in | app=system | "{FF4BC7C8-FC08-4009-B923-95E517E98EF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{114559CD-FAE5-488D-88DD-9863A1F04DF8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{17C9BC3A-48BF-48A2-A74F-0E9D3837CC37}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{18CC3F73-9A6A-4C81-9A75-C6CBD7069BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{231729AD-8F38-4B7C-929C-88AE389FE98D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2B4C939D-DE6A-46BD-B5D3-F1F2ACB7C5E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2CC9AB6F-7BB7-4769-A5F0-56027DDBE9E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{386E2AEE-9E7D-4635-BC0C-7995F21E61B9}" = protocol=6 | dir=out | app=system | "{400C3ED3-5351-4ADE-B952-B00C3210392B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{41909D90-E317-4CA5-92DD-D25B74D3363B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{435C6B14-66F8-4787-AA63-5403F1FB9987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{45344FF5-DCB1-465E-80E2-DED6FEE2F109}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{45C1FDEA-4A00-4499-9EF8-FF5FCA5CA846}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{482E0C19-63E4-41BD-9DE1-447F92C7F3AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{49C1545A-0692-4BD6-BAD9-E7CDB8FF0578}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5DDCBBE0-D113-4401-B8C7-FACE29369A83}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{63A01BE8-20C7-4B62-B49C-2D4175A2F9E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6B41B16D-D8AE-4AE5-907E-FCA97E62879A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{79199F07-84ED-4ADB-8209-418023B8DDF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7E54F907-6545-4810-AA7A-BCF54B2A6B91}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{824DBC16-8EFB-49ED-B35F-AB85C7125A53}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8ADAEEC9-11BB-4BAA-AF2A-D0BDCF85A3F8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8CA31A81-70D5-4CDC-83BD-C76401012DC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CF241D5-F85B-4BFF-8370-211CA00A069F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A6C7B653-3C37-44A8-8798-CA8B6206C625}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AC748626-B1CD-41EF-89AD-CCA0E09E8DE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1FF43F1-1C3C-4FDE-A386-F55AD968824D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C66E8847-0BE7-43F1-9AF9-D30396D8CE26}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{CD34E98F-F15A-467B-B508-337031AE62B3}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "{CDFC76B2-ACF2-481B-8742-193BBCB025AE}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | "{D329E69B-BDDA-4B86-9163-21779CC31037}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7159E95-0F4D-46BB-9774-BE12C057CA3F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D94B3EB7-E2B9-44EB-95B2-5FCB02EBEFAF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E7718215-E352-482E-998B-4BD389BB083E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EA42A399-9D4A-4E79-942A-B6846B199497}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8EA4B6D-813D-4167-B9DF-DD69370C61BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FB5FBEED-0593-4598-9BA2-AFF9C3A96A66}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | "{FED6D5D4-E87A-44F3-9E68-428497E2C547}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{1297C7EE-42F7-44EB-9A67-3991BF0D99B1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{4D787311-3497-4810-A148-D6E865609689}C:\users\chelsea\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chelsea\appdata\roaming\spotify\spotify.exe | "TCP Query User{88DD0DC0-AE9E-451D-A9ED-001E73A37E67}C:\users\chelsea\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chelsea\appdata\roaming\spotify\spotify.exe | "TCP Query User{EE4BED08-9DEC-4CB1-A00A-F45726A44016}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{77E3CA41-9F2E-4002-944F-FD9833A42AAF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{82F867D8-F7B4-46A4-A096-4D3AE5871DB0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{87DFC060-B554-4276-A326-AE53F8CA6692}C:\users\chelsea\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chelsea\appdata\roaming\spotify\spotify.exe | "UDP Query User{F8A4442D-7DA9-4224-A546-37E1ABDB75F1}C:\users\chelsea\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chelsea\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{183292C5-5F6B-A5D5-50E8-97AC1BF1EA18}" = AMD Catalyst Install Manager "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{3CDD044C-70DD-6275-488B-67695A2616A8}" = AMD AVIVO64 Codecs "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D4627D4B-E3E5-B7ED-68CD-AE400B05E22F}" = AMD Media Foundation Decoders "{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EBCB2E77-396F-2A4D-0AED-5D3709FF3AE5}" = ccc-utility64 "{F3C0A3DE-C927-95F0-85B2-19BCF27698E8}" = AMD Fuel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Dell Support Center" = Dell Support Center "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{025951D6-A0AE-9CBE-7D93-A45FF838736A}" = CCC Help Norwegian "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{16FB82E9-1208-81F4-22BC-A4D57367D42A}" = CCC Help Polish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AD32757-4B94-1A7C-AC10-C05DC5F12121}" = CCC Help Finnish "{1D7653C8-63CF-5717-3F65-79317727E64D}" = Catalyst Control Center Profiles Mobile "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2220B74A-8F67-2E6D-8F00-08068479101E}" = CCC Help Dutch "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation "{28139736-EB4B-0406-BF5C-B607A5A6912F}" = CCC Help Korean "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration "{2AE5650F-9FBF-A048-9B3B-039F7D681EEC}" = Catalyst Control Center InstallProxy "{2B4E3318-B04B-32FD-E68E-0836B628CF0B}" = Catalyst Control Center Graphics Previews Common "{2D3C5C1C-352E-C942-B9C8-68DDA42F6983}" = CCC Help Portuguese "{2F2FDC0B-A4E7-1EBB-91C3-B0C49943793B}" = CCC Help Spanish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage "{42B0407C-7A58-24AC-5352-3F3229AD886B}" = CCC Help Chinese Traditional "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A25E35A-9025-90A3-AE2F-C3711F1A4233}" = CCC Help Danish "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D05FE31-B45D-3CC7-EC55-56B1F1D13760}" = CCC Help Hungarian "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{821E3745-8275-6FD7-04E9-1F7FBC392DDD}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FEA5690-C23C-7873-89CB-A2D6A0818D0B}" = CCC Help Japanese "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{9027AE90-8FD3-5520-20D4-D33BE2FC71C9}" = AMD VISION Engine Control Center "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9B1F9129-0667-418E-7051-C005C472359A}" = CCC Help French "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0329934-5FE2-F341-5EB9-960154093EAA}" = CCC Help Russian "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A5D24600-DD2C-1EE5-7EFE-61F13153DD29}" = CCC Help Swedish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding "{AFF57A60-FA41-1102-6643-D183DB80779D}" = CCC Help English "{B5EBBA47-C7CB-0556-7A76-3F8A7A3C8663}" = CCC Help Italian "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8A6CA2A-18E4-36E9-7EB7-C920FDB96C7D}" = CCC Help Greek "{CE1B6AD5-3841-BD60-550A-380F2CBBFD79}" = CCC Help Czech "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBC79257-1A1B-7145-D5E7-807B521EADD0}" = CCC Help Thai "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E40FFD57-E1B2-6216-1B40-8A8FA37D5D27}" = Catalyst Control Center Localization All "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E626BC5A-8AD0-4960-AEA0-8C3BD5C9867B}" = calibre "{EB25124D-732E-2BC7-351E-227E544C74E9}" = CCC Help Chinese Standard "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F15D3C58-F2A4-8B94-0CD9-3A449C60B895}" = CCC Help Turkish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Advanced Audio FX Engine" = Advanced Audio FX Engine "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Dell Webcam Central" = Dell Webcam Central "DivX Setup" = DivX Setup "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.0 "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "WT089409" = Bejeweled 2 Deluxe "WT089410" = Blackhawk Striker 2 "WT089411" = Build-a-lot 2 "WT089412" = Cake Mania "WT089413" = Chuzzle Deluxe "WT089414" = Diner Dash 2 Restaurant Rescue "WT089415" = Dora's World Adventure "WT089418" = FATE "WT089420" = Jewel Quest "WT089422" = Jewel Quest Solitaire 2 "WT089426" = Poker Superstars III "WT089430" = Virtual Villagers 4 - The Tree of Life "WT089433" = Polar Golfer "WT089434" = Escape Whisper Valley "WT089440" = Namco All-Stars PAC-MAN "WT089443" = Bounce Symphony "WT089444" = Final Drive Nitro "WT089445" = Penguins! "WT089446" = Wedding Dash - Ready, Aim, Love! "WT089448" = Zuma Deluxe "WT089450" = Farm Frenzy "WT089452" = Plants vs. Zombies - Game of the Year "WT089499" = Final Drive Fury "WT089503" = Samantha Swift "WT089507" = Luxor "WT089508" = Polar Bowler ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1367393647-3819637459-4209849266-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/8/2012 4:55:07 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/8/2012 4:55:07 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7847 Error - 5/8/2012 4:55:07 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7847 Error - 5/8/2012 4:55:08 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/8/2012 4:55:08 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9001 Error - 5/8/2012 4:55:08 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9001 Error - 5/8/2012 7:15:48 PM | Computer Name = Heidi-PC | Source = WinMgmt | ID = 10 Description = Error - 5/8/2012 7:26:23 PM | Computer Name = Heidi-PC | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 304: The server's response was not valid. The server was not following the defined protocol. Resume the job, and then Background Intelligent Transfer Service (BITS) will try again. Error - 5/9/2012 10:41:05 AM | Computer Name = Heidi-PC | Source = WinMgmt | ID = 10 Description = Error - 5/9/2012 11:54:58 AM | Computer Name = Heidi-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 2/17/2012 8:38:18 PM | Computer Name = Heidi-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ iolo Applications Events ] Error - 5/19/2012 9:00:44 PM | Computer Name = Heidi-PC | Source = System Shield | ID = 12 Description = [ System Events ] Error - 4/26/2012 7:55:14 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10010 Description = Error - 4/26/2012 8:12:49 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 4/26/2012 8:13:50 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 4/26/2012 8:14:21 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 4/26/2012 8:15:27 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7034 Description = The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2012 12:56:08 AM | Computer Name = Heidi-PC | Source = DCOM | ID = 10010 Description = Error - 4/27/2012 10:33:49 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 4/27/2012 10:34:38 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 4/27/2012 10:35:09 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 4/27/2012 11:07:17 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.