site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > [Malware] Malawarebytes keeps popping up saying successfully blo

Search Topic:
 Uniqs:
3771		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


PleaseHelp11

@charter.com

[Malware] Malawarebytes keeps popping up saying successfully blo

I have the malawarebytes Anti-Malaware and it keeps popping up messages saying "Malaware has successfully blocked access to a potentially dangerous website."
Then it gives me an ip address along with the error.

Internet also doesn't work. When I search on google and I click on search sites, it redirects to one of the ip's from the error message.
For example, 206.161.121.2.

I don't know what information you want me to post. I did full system scan saying my files were infected and I removed them. But when I did a scan again, they would show and the messages keep popping up. I pasted a log from a recent scan I did.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7697

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

9/12/2011 3:10:20 AM
mbam-log-2011-09-12 (03-10-20).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 322901
Time elapsed: 46 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files (x86)\livingplay games\lplaytl.dll (PUP.LivingPlay) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\livingplay games\lplaytl.dll (PUP.LivingPlay) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3537728809-1944075535-3184066097-1000\$R2WR7X2.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\Users\apoorva\AppData\Local\Temp\temporary internet files\Content.IE5\3RMCGF21\setuplivingplay.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

Firefox won't open but internet explorer will.
Any help would be great.
to forum · permalink · 2012-02-16 14:10:47 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Re: [Malware] Malawarebytes keeps popping up saying successfully

....keep going, we need the rest: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

the contents of MalwareByte's (step 2)
the contents of OTL.txt (Step 3)
the contents of Extras.txt (Step 3)
the contents of checkup.txt (Step 4)
the contents of the Online AntiVirus Scan log(Step 5)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-02-16 15:32:36 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to PleaseHelp11
Your Malware Bytes is out of date. Please update to the current version, run it and post the new log in this thread.

Also, do the following:

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-02-16 16:52:30 ·


PleaseHelp11

@charter.com

reply to lilhurricane

Ran another scan without rebooting this time because I have already rebooted ten times and the same files are still infected.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
apoorva :: APOORVA-PC [administrator]

Protection: Enabled

2/16/2012 2:58:28 PM
mbam-log-2012-02-16 (14-58-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190566
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> 5748 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

OTL logfile created on: 2/16/2012 3:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\apoorva\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 40.42% Memory free
11.82 Gb Paging File | 8.09 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 478.00 Gb Free Space | 82.21% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: APOORVA-PC | User Name: apoorva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/16 15:07:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\apoorva\Downloads\OTL.exe
PRC - [2012/02/16 12:49:43 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\apoorva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VY2DHX25\NPE.exe
PRC - [2012/01/22 08:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/01/22 08:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/11 08:48:47 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/05 05:16:10 | 002,816,328 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/27 05:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/07/26 17:23:20 | 000,397,992 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/05/15 16:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2011/05/03 09:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/17 09:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/03 10:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/19 17:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/01/10 03:03:33 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 10:13:09 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 10:12:10 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5146ed6dcbec6f5cafc972c011e13663\IAStorUtil.ni.dll
MOD - [2011/10/13 10:12:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll
MOD - [2011/10/13 10:08:18 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 10:07:57 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 10:07:44 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 10:07:39 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 10:07:36 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 10:07:28 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 10:07:24 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 10:07:21 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 10:07:20 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 10:07:13 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/21 07:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 07:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 05:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 05:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 05:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 05:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 03:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 03:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2011/05/03 09:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 09:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2012/02/16 14:45:59 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2011/01/25 03:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/17 13:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 13:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 13:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 14:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/22 08:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/01/10 19:42:43 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/07/27 05:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/02/16 14:46:00 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2012/02/16 14:46:00 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2012/02/16 14:45:59 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2012/02/16 12:51:08 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\SMR250.SYS -- (SMR250)
DRV:64bit: - [2012/02/10 17:21:37 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 12:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/13 02:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 20:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 03:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/12/10 15:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 15:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 04:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 14:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/06 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/04 04:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/04 02:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 13:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 17:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/21 08:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/12 09:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/16 11:24:56 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.004\ex64.sys -- (NAVEX15)
DRV - [2012/02/16 11:24:56 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.004\eng64.sys -- (NAVENG)
DRV - [2012/02/15 21:50:02 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/07 13:23:23 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/04 14:28:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120215.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = »g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/08/30 15:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/16 02:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/16 11:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/16 12:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/16 02:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 22:49:50 | 000,000,000 | ---D | M]

[2011/09/05 13:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apoorva\AppData\Roaming\Mozilla\Extensions
[2012/02/16 02:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\j7mzfjop.default\extensions
[2012/02/11 20:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/11 15:22:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 04:21:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 04:21:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4425245E-106E-4F4F-BEF7-ED311700C3EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/13 15:23:46 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 18:21:07 | 000,000,158 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/16 14:46:00 | 000,065,736 | ---- | C] (Prevx) -- C:\windows\SysNative\drivers\pxrts.sys
[2012/02/16 14:46:00 | 000,062,976 | ---- | C] (Prevx) -- C:\windows\SysWow64\PxSecure.dll
[2012/02/16 14:46:00 | 000,036,384 | ---- | C] (Prevx) -- C:\windows\SysNative\drivers\pxscan.sys
[2012/02/16 14:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2012/02/16 14:45:59 | 000,024,024 | ---- | C] (Prevx) -- C:\windows\SysNative\drivers\pxkbf.sys
[2012/02/16 14:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2012/02/16 14:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2012/02/16 12:51:08 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR250.SYS
[2012/02/16 12:50:14 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\NPE
[2012/02/16 12:44:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
[2012/02/16 11:27:45 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/16 11:27:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/16 11:27:42 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/02/16 11:27:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/16 11:27:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/16 11:27:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/16 11:27:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/02/16 11:27:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/02/16 11:27:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/16 11:27:39 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/02/16 11:27:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/02/16 02:57:52 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/15 03:03:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/13 21:20:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/02/13 21:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/02/12 05:38:14 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\ElevatedDiagnostics
[2012/02/10 17:41:10 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\CrashDumps
[2012/02/10 17:21:31 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnets.sys
[2012/02/10 17:21:30 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys
[2012/02/10 17:21:30 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys
[2012/02/10 17:21:30 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.sys
[2012/02/10 17:21:30 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys
[2012/02/10 17:21:30 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys
[2012/02/10 17:21:30 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys
[2012/02/10 17:21:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1305000.091
[2012/02/09 02:45:44 | 000,000,000 | ---D | C] -- C:\Users\apoorva\Documents\RCT3
[2012/02/09 02:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2012/02/09 02:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2012/02/04 14:03:58 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/04 14:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/04 14:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/04 14:03:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2012/02/04 14:03:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/04 14:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/01/29 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/20 23:18:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/01/19 20:52:00 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Roaming\Reallusion
[2012/01/19 20:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2 C:\Users\apoorva\Documents\*.tmp files -> C:\Users\apoorva\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/16 14:57:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 14:46:00 | 000,065,736 | ---- | M] (Prevx) -- C:\windows\SysNative\drivers\pxrts.sys
[2012/02/16 14:46:00 | 000,062,976 | ---- | M] (Prevx) -- C:\windows\SysWow64\PxSecure.dll
[2012/02/16 14:46:00 | 000,036,384 | ---- | M] (Prevx) -- C:\windows\SysNative\drivers\pxscan.sys
[2012/02/16 14:45:59 | 000,024,024 | ---- | M] (Prevx) -- C:\windows\SysNative\drivers\pxkbf.sys
[2012/02/16 12:51:46 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 12:51:46 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 12:51:11 | 000,000,020 | ---- | M] () -- C:\windows\SysNative\drivers\SMR250.dat
[2012/02/16 12:51:08 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR250.SYS
[2012/02/16 12:50:37 | 000,727,246 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/16 12:50:37 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/16 12:50:37 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/16 12:44:44 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 12:44:04 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/02/16 12:43:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/16 12:43:48 | 463,867,903 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 11:29:15 | 002,028,055 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/16 02:57:37 | 496,046,767 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/16 02:54:09 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/15 01:40:35 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for apoorva.job
[2012/02/14 18:26:44 | 000,227,211 | ---- | M] () -- C:\Users\apoorva\Documents\Application.pdf
[2012/02/14 17:30:19 | 000,222,960 | ---- | M] () -- C:\Users\apoorva\Documents\Application Dental Auxiliary Employment LH.pdf
[2012/02/12 21:15:55 | 000,001,364 | ---- | M] () -- C:\Users\apoorva\Desktop\Norton Installation Files.lnk
[2012/02/12 21:08:19 | 000,004,110 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/02/10 17:55:10 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 17:54:07 | 000,004,782 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.023
[2012/02/10 17:21:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/10 17:21:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/10 17:21:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/09 16:49:37 | 000,003,584 | ---- | M] () -- C:\Users\apoorva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 02:46:03 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/02/09 02:46:00 | 000,001,730 | ---- | M] () -- C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2012/01/30 22:35:54 | 000,138,856 | ---- | M] () -- C:\Users\apoorva\Documents\ber2.jpg
[2012/01/30 22:33:43 | 000,065,232 | ---- | M] () -- C:\Users\apoorva\Documents\Ber1.JPG
[2012/01/29 23:29:43 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2 C:\Users\apoorva\Documents\*.tmp files -> C:\Users\apoorva\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/16 12:51:09 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\SMR250.dat
[2012/02/16 02:57:37 | 496,046,767 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/14 18:26:44 | 000,227,211 | ---- | C] () -- C:\Users\apoorva\Documents\Application.pdf
[2012/02/14 17:30:18 | 000,222,960 | ---- | C] () -- C:\Users\apoorva\Documents\Application Dental Auxiliary Employment LH.pdf
[2012/02/13 21:20:21 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/13 21:20:18 | 000,000,506 | ---- | C] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/02/10 17:54:07 | 002,028,055 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/10 17:54:07 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.023
[2012/02/10 17:21:31 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat
[2012/02/10 17:21:30 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.cat
[2012/02/10 17:21:30 | 000,007,468 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.cat
[2012/02/10 17:21:30 | 000,007,462 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat
[2012/02/10 17:21:30 | 000,007,460 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.cat
[2012/02/10 17:21:30 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat
[2012/02/10 17:21:30 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.cat
[2012/02/10 17:21:30 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa.inf
[2012/02/10 17:21:30 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds.inf
[2012/02/10 17:21:30 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet.inf
[2012/02/10 17:21:30 | 000,001,438 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf
[2012/02/10 17:21:30 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf
[2012/02/10 17:21:30 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.inf
[2012/02/10 17:21:30 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.inf
[2012/02/10 17:21:11 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symvtcer.dat
[2012/02/10 17:21:11 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/02/09 16:49:37 | 000,003,584 | ---- | C] () -- C:\Users\apoorva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 02:46:03 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/02/09 02:46:00 | 000,001,730 | ---- | C] () -- C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2012/02/08 18:49:25 | 000,004,110 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/02/04 14:03:58 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/04 14:03:58 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/04 14:03:54 | 000,002,514 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/30 22:35:54 | 000,138,856 | ---- | C] () -- C:\Users\apoorva\Documents\ber2.jpg
[2012/01/30 22:33:41 | 000,065,232 | ---- | C] () -- C:\Users\apoorva\Documents\Ber1.JPG
[2012/01/29 23:29:43 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/09 22:35:40 | 000,002,338 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\348rjt26h557qv22x5ijt0g570827c50o5862
[2012/01/09 22:35:40 | 000,002,338 | -HS- | C] () -- C:\ProgramData\348rjt26h557qv22x5ijt0g570827c50o5862
[2011/12/20 21:23:34 | 000,003,026 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\haovjf5o7svv5bmg4pnw8h044d3j
[2011/12/20 21:23:34 | 000,003,026 | -HS- | C] () -- C:\ProgramData\haovjf5o7svv5bmg4pnw8h044d3j
[2011/12/20 10:26:54 | 000,014,532 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\3a43nk4r53b600
[2011/12/20 10:26:54 | 000,014,532 | -HS- | C] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/17 03:06:11 | 000,016,290 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\j3ts80y4md0okb
[2011/12/17 03:06:11 | 000,016,290 | -HS- | C] () -- C:\ProgramData\j3ts80y4md0okb
[2011/12/16 19:56:06 | 000,001,952 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\107800w0y031r522s003l0wci2a4
[2011/12/16 19:56:06 | 000,001,952 | -HS- | C] () -- C:\ProgramData\107800w0y031r522s003l0wci2a4
[2011/12/10 16:36:10 | 000,003,404 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\238265v6n322a423v050j2plu8g0
[2011/12/10 16:36:10 | 000,003,404 | -HS- | C] () -- C:\ProgramData\238265v6n322a423v050j2plu8g0
[2011/12/05 00:43:38 | 000,015,084 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\l7kn76s0ek4shv
[2011/12/05 00:43:38 | 000,015,084 | -HS- | C] () -- C:\ProgramData\l7kn76s0ek4shv
[2011/11/25 21:42:51 | 000,000,000 | ---- | C] () -- C:\Users\apoorva\AppData\Local\{8C929C7A-EE61-4F96-B3A4-E4C7708EA7E5}
[2011/11/23 09:33:27 | 000,000,112 | ---- | C] () -- C:\ProgramData\uS2bYt038.dat
[2011/09/02 19:26:31 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/13 01:27:26 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/13 01:27:25 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/13 01:27:25 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/13 01:27:00 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/06/13 01:26:55 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/06/13 01:26:55 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/06/13 01:26:55 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/13 01:26:55 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/06/13 01:26:55 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/06/13 01:26:55 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/06/12 22:59:21 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/06/12 22:54:47 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/04/26 03:25:40 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
to forum · permalink · 2012-02-16 18:02:10 ·


PleaseHelp11

@charter.com

OTL Extras logfile created on: 2/16/2012 3:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\apoorva\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 40.42% Memory free
11.82 Gb Paging File | 8.09 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 478.00 Gb Free Space | 82.21% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: APOORVA-PC | User Name: apoorva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PCSI" = Prevx
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Perks Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"bflixtoolbar" = BFlix Toolbar
"Crossrider" = Crossrider Web Apps
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Giraffic" = Veoh Giraffic Video Accelerator
"GoToAssist" = GoToAssist Corporate
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 15.0" = RealPlayer
"Roller Coaster Tycoon" = Roller Coaster Tycoon (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StartNow Toolbar" = StartNow Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/6/2012 11:17:07 AM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5039

Error - 2/6/2012 11:17:07 AM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

Error - 2/6/2012 11:17:08 AM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2012 11:17:08 AM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6131

Error - 2/6/2012 11:17:08 AM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6131

Error - 2/7/2012 4:01:58 PM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2012 4:01:58 PM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1576

Error - 2/7/2012 4:01:58 PM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1576

Error - 2/7/2012 4:01:59 PM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2012 4:01:59 PM | Computer Name = apoorva-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2886

[ Dell Events ]
Error - 8/30/2011 5:52:46 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/30/2011 8:43:14 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/30/2011 8:43:14 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 2:27:24 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 2:27:24 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 6:15:42 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 6:15:42 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 6:59:03 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 6:59:03 PM | Computer Name = apoorva-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 1/26/2012 3:57:54 PM | Computer Name = apoorva-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57770
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/11/2012 5:02:35 AM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 1/11/2012 5:02:35 AM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/11/2012 9:01:55 AM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/11/2012 9:02:25 AM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/12/2012 6:55:39 PM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/14/2012 8:30:19 PM | Computer Name = apoorva-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:29:47 PM on ?1/?14/?2012 was unexpected.

Error - 1/14/2012 8:31:09 PM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/14/2012 8:31:39 PM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/14/2012 9:00:07 PM | Computer Name = apoorva-PC | Source = Service Control Manager | ID = 7034
Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/23/2012 2:11:05 PM | Computer Name = apoorva-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 27
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

Scan Statistics:
Scan Time: 190 seconds
Scan Targets: Commonly infected areas
Counts:
Total items scanned: 27,239
- Files & Directories: 3,579
- Registry Entries: 815
- Processes & Start-up Items: 8,597
- Network & Browser Items: 14,239
- Other: 4
- Trusted Files: 1,314
- Skipped Files: 0

Total security risks detected: 46
Total items resolved: 46
Total items that require attention: 0

Resolved Threats:
46 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
46 Tracking Cookies
.fastclick.net - Deleted
.zedo.com - Deleted
statse.webtrendslive.com - Deleted
.tribalfusion.com - Deleted
.doubleclick.net - Deleted
ad.yieldmanager.com - Deleted
.atdmt.com - Deleted
.microsoftsto.112.2o7.net - Deleted
m.webtrends.com - Delete
to forum · permalink · 2012-02-16 18:02:59 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to PleaseHelp11
First:
Use Add/Remove Programs to uninstall the following:
BFlix Toolbar
StartNow Toolbar

Second:
Per my previous post, please run TDSSKiller and post the log in this thread.

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications

Third:
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-02-16 19:19:11 ·


PleaseHelp11

@charter.com

I uninstalled the two programs you wanted me to uninstall.

23:42:43.0219 8372 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
23:42:44.0042 8372 ============================================================
23:42:44.0042 8372 Current date / time: 2012/02/16 23:42:44.0042
23:42:44.0042 8372 SystemInfo:
23:42:44.0042 8372
23:42:44.0042 8372 OS Version: 6.1.7600 ServicePack: 0.0
23:42:44.0042 8372 Product type: Workstation
23:42:44.0042 8372 ComputerName: APOORVA-PC
23:42:44.0042 8372 UserName: apoorva
23:42:44.0042 8372 Windows directory: C:\windows
23:42:44.0042 8372 System windows directory: C:\windows
23:42:44.0042 8372 Running under WOW64
23:42:44.0042 8372 Processor architecture: Intel x64
23:42:44.0042 8372 Number of processors: 4
23:42:44.0042 8372 Page size: 0x1000
23:42:44.0042 8372 Boot type: Normal boot
23:42:44.0042 8372 ============================================================
23:42:44.0668 8372 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:42:44.0672 8372 \Device\Harddisk0\DR0:
23:42:44.0673 8372 MBR used
23:42:44.0673 8372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:42:44.0673 8372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
23:42:44.0703 8372 Initialize success
23:42:44.0704 8372 ============================================================
23:42:58.0039 4488 ============================================================
23:42:58.0039 4488 Scan started
23:42:58.0039 4488 Mode: Manual;
23:42:58.0039 4488 ============================================================
23:42:59.0034 4488 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
23:42:59.0037 4488 1394ohci - ok
23:42:59.0093 4488 ACPI (794ff35015209b9d44f1360c42c9776d) C:\windows\system32\DRIVERS\ACPI.sys
23:42:59.0097 4488 ACPI - ok
23:42:59.0134 4488 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
23:42:59.0135 4488 AcpiPmi - ok
23:42:59.0280 4488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
23:42:59.0285 4488 adp94xx - ok
23:42:59.0404 4488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
23:42:59.0408 4488 adpahci - ok
23:42:59.0519 4488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
23:42:59.0521 4488 adpu320 - ok
23:42:59.0652 4488 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
23:42:59.0657 4488 AFD - ok
23:42:59.0764 4488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
23:42:59.0766 4488 agp440 - ok
23:42:59.0889 4488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
23:42:59.0890 4488 aliide - ok
23:43:00.0006 4488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
23:43:00.0007 4488 amdide - ok
23:43:00.0138 4488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
23:43:00.0140 4488 AmdK8 - ok
23:43:00.0285 4488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:43:00.0288 4488 AmdPPM - ok
23:43:00.0479 4488 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
23:43:00.0481 4488 amdsata - ok
23:43:00.0581 4488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
23:43:00.0584 4488 amdsbs - ok
23:43:00.0686 4488 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
23:43:00.0687 4488 amdxata - ok
23:43:00.0749 4488 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
23:43:00.0753 4488 ApfiltrService - ok
23:43:00.0862 4488 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
23:43:00.0864 4488 AppID - ok
23:43:01.0023 4488 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
23:43:01.0025 4488 arc - ok
23:43:01.0044 4488 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
23:43:01.0045 4488 arcsas - ok
23:43:01.0082 4488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:43:01.0083 4488 AsyncMac - ok
23:43:01.0155 4488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
23:43:01.0156 4488 atapi - ok
23:43:01.0293 4488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
23:43:01.0299 4488 b06bdrv - ok
23:43:01.0408 4488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:43:01.0412 4488 b57nd60a - ok
23:43:01.0508 4488 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:43:01.0509 4488 Beep - ok
23:43:01.0861 4488 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
23:43:01.0933 4488 BHDrvx64 - ok
23:43:02.0039 4488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:43:02.0041 4488 blbdrive - ok
23:43:02.0257 4488 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
23:43:02.0259 4488 bowser - ok
23:43:02.0358 4488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:43:02.0360 4488 BrFiltLo - ok
23:43:02.0426 4488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:43:02.0427 4488 BrFiltUp - ok
23:43:02.0524 4488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:43:02.0528 4488 Brserid - ok
23:43:02.0560 4488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:43:02.0562 4488 BrSerWdm - ok
23:43:02.0657 4488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:43:02.0658 4488 BrUsbMdm - ok
23:43:02.0765 4488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:43:02.0766 4488 BrUsbSer - ok
23:43:02.0891 4488 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
23:43:02.0892 4488 BthEnum - ok
23:43:03.0017 4488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
23:43:03.0018 4488 BTHMODEM - ok
23:43:03.0087 4488 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
23:43:03.0088 4488 BthPan - ok
23:43:03.0184 4488 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
23:43:03.0190 4488 BTHPORT - ok
23:43:03.0527 4488 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
23:43:03.0528 4488 BTHUSB - ok
23:43:03.0611 4488 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
23:43:03.0613 4488 btmaux - ok
23:43:03.0634 4488 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
23:43:03.0638 4488 btmhsf - ok
23:43:03.0808 4488 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
23:43:03.0811 4488 ccSet_NIS - ok
23:43:03.0864 4488 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:43:03.0866 4488 cdfs - ok
23:43:03.0915 4488 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
23:43:03.0917 4488 cdrom - ok
23:43:03.0970 4488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
23:43:03.0971 4488 circlass - ok
23:43:04.0014 4488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:43:04.0019 4488 CLFS - ok
23:43:04.0109 4488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:43:04.0110 4488 CmBatt - ok
23:43:04.0135 4488 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
23:43:04.0136 4488 cmdide - ok
23:43:04.0176 4488 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
23:43:04.0182 4488 CNG - ok
23:43:04.0330 4488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
23:43:04.0331 4488 Compbatt - ok
23:43:04.0379 4488 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
23:43:04.0381 4488 CompositeBus - ok
23:43:04.0423 4488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
23:43:04.0424 4488 crcdisk - ok
23:43:04.0488 4488 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\windows\system32\DRIVERS\CtClsFlt.sys
23:43:04.0491 4488 CtClsFlt - ok
23:43:04.0551 4488 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
23:43:04.0553 4488 DfsC - ok
23:43:04.0590 4488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:43:04.0592 4488 discache - ok
23:43:04.0805 4488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
23:43:04.0806 4488 Disk - ok
23:43:04.0900 4488 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
23:43:04.0902 4488 Dot4 - ok
23:43:04.0937 4488 Dot4Print (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys
23:43:04.0938 4488 Dot4Print - ok
23:43:04.0975 4488 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
23:43:04.0977 4488 dot4usb - ok
23:43:05.0317 4488 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:43:05.0318 4488 drmkaud - ok
23:43:05.0718 4488 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
23:43:05.0727 4488 DXGKrnl - ok
23:43:06.0367 4488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
23:43:06.0424 4488 ebdrv - ok
23:43:06.0554 4488 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:43:06.0559 4488 eeCtrl - ok
23:43:06.0727 4488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
23:43:06.0733 4488 elxstor - ok
23:43:06.0840 4488 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:43:06.0843 4488 EraserUtilRebootDrv - ok
23:43:06.0947 4488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
23:43:06.0949 4488 ErrDev - ok
23:43:07.0045 4488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:43:07.0048 4488 exfat - ok
23:43:07.0108 4488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:43:07.0111 4488 fastfat - ok
23:43:07.0200 4488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
23:43:07.0203 4488 fdc - ok
23:43:07.0276 4488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:43:07.0279 4488 FileInfo - ok
23:43:07.0387 4488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:43:07.0388 4488 Filetrace - ok
23:43:07.0499 4488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
23:43:07.0500 4488 flpydisk - ok
23:43:07.0604 4488 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
23:43:07.0607 4488 FltMgr - ok
23:43:07.0714 4488 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:43:07.0716 4488 FsDepends - ok
23:43:07.0825 4488 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
23:43:07.0827 4488 Fs_Rec - ok
23:43:07.0947 4488 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
23:43:07.0951 4488 fvevol - ok
23:43:07.0996 4488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
23:43:07.0997 4488 gagp30kx - ok
23:43:08.0082 4488 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:43:08.0083 4488 GEARAspiWDM - ok
23:43:08.0286 4488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:43:08.0287 4488 hcw85cir - ok
23:43:08.0331 4488 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
23:43:08.0335 4488 HdAudAddService - ok
23:43:08.0371 4488 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:43:08.0373 4488 HDAudBus - ok
23:43:08.0398 4488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
23:43:08.0399 4488 HidBatt - ok
23:43:08.0417 4488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
23:43:08.0419 4488 HidBth - ok
23:43:08.0440 4488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
23:43:08.0442 4488 HidIr - ok
23:43:08.0527 4488 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
23:43:08.0529 4488 HidUsb - ok
23:43:08.0569 4488 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
23:43:08.0570 4488 HpSAMD - ok
23:43:08.0628 4488 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
23:43:08.0636 4488 HTTP - ok
23:43:08.0662 4488 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
23:43:08.0664 4488 hwpolicy - ok
23:43:08.0706 4488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:43:08.0707 4488 i8042prt - ok
23:43:08.0757 4488 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
23:43:08.0760 4488 iaStor - ok
23:43:08.0824 4488 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
23:43:08.0829 4488 iaStorV - ok
23:43:08.0887 4488 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
23:43:08.0888 4488 iBtFltCoex - ok
23:43:09.0057 4488 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120215.002\IDSvia64.sys
23:43:09.0063 4488 IDSVia64 - ok
23:43:09.0382 4488 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
23:43:09.0611 4488 igfx - ok
23:43:09.0649 4488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
23:43:09.0650 4488 iirsp - ok
23:43:09.0708 4488 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
23:43:09.0712 4488 IntcDAud - ok
23:43:09.0753 4488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
23:43:09.0754 4488 intelide - ok
23:43:09.0795 4488 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:43:09.0796 4488 intelppm - ok
23:43:09.0822 4488 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:43:09.0824 4488 IpFilterDriver - ok
23:43:09.0841 4488 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
23:43:09.0843 4488 IPMIDRV - ok
23:43:09.0901 4488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:43:09.0903 4488 IPNAT - ok
23:43:09.0974 4488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:43:09.0975 4488 IRENUM - ok
23:43:09.0996 4488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
23:43:09.0998 4488 isapnp - ok
23:43:10.0022 4488 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
23:43:10.0026 4488 iScsiPrt - ok
23:43:10.0073 4488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:43:10.0074 4488 kbdclass - ok
23:43:10.0114 4488 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
23:43:10.0115 4488 kbdhid - ok
23:43:10.0166 4488 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
23:43:10.0168 4488 KSecDD - ok
23:43:10.0207 4488 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
23:43:10.0210 4488 KSecPkg - ok
23:43:10.0253 4488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:43:10.0254 4488 ksthunk - ok
23:43:10.0362 4488 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:43:10.0363 4488 lltdio - ok
23:43:10.0447 4488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
23:43:10.0449 4488 LSI_FC - ok
23:43:10.0467 4488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
23:43:10.0469 4488 LSI_SAS - ok
23:43:10.0510 4488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:43:10.0511 4488 LSI_SAS2 - ok
23:43:10.0551 4488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:43:10.0553 4488 LSI_SCSI - ok
23:43:10.0595 4488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:43:10.0597 4488 luafv - ok
23:43:10.0676 4488 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
23:43:10.0677 4488 MBAMProtector - ok
23:43:10.0724 4488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
23:43:10.0726 4488 megasas - ok
23:43:10.0747 4488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
23:43:10.0751 4488 MegaSR - ok
23:43:10.0801 4488 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
23:43:10.0802 4488 MEIx64 - ok
23:43:10.0846 4488 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:43:10.0847 4488 Modem - ok
23:43:10.0877 4488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:43:10.0878 4488 monitor - ok
23:43:10.0898 4488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:43:10.0899 4488 mouclass - ok
23:43:10.0932 4488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
23:43:10.0933 4488 mouhid - ok
23:43:10.0959 4488 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
23:43:10.0961 4488 mountmgr - ok
23:43:10.0987 4488 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
23:43:10.0990 4488 mpio - ok
23:43:11.0015 4488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:43:11.0016 4488 mpsdrv - ok
23:43:11.0042 4488 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
23:43:11.0044 4488 MRxDAV - ok
23:43:11.0106 4488 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
23:43:11.0108 4488 mrxsmb - ok
23:43:11.0135 4488 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:43:11.0138 4488 mrxsmb10 - ok
23:43:11.0198 4488 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:43:11.0205 4488 mrxsmb20 - ok
23:43:11.0221 4488 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\windows\system32\DRIVERS\msahci.sys
23:43:11.0222 4488 msahci - ok
23:43:11.0248 4488 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
23:43:11.0251 4488 msdsm - ok
23:43:11.0325 4488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:43:11.0326 4488 Msfs - ok
23:43:11.0346 4488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:43:11.0347 4488 mshidkmdf - ok
23:43:11.0397 4488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
23:43:11.0398 4488 msisadrv - ok
23:43:11.0452 4488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:43:11.0454 4488 MSKSSRV - ok
23:43:11.0478 4488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:43:11.0479 4488 MSPCLOCK - ok
23:43:11.0498 4488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:43:11.0499 4488 MSPQM - ok
23:43:11.0526 4488 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
23:43:11.0530 4488 MsRPC - ok
23:43:11.0551 4488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:43:11.0552 4488 mssmbios - ok
23:43:11.0568 4488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:43:11.0569 4488 MSTEE - ok
23:43:11.0585 4488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
23:43:11.0587 4488 MTConfig - ok
23:43:11.0623 4488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:43:11.0624 4488 Mup - ok
23:43:11.0680 4488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:43:11.0684 4488 NativeWifiP - ok
23:43:11.0846 4488 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.018\ENG64.SYS
23:43:11.0847 4488 NAVENG - ok
23:43:11.0901 4488 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.018\EX64.SYS
23:43:11.0911 4488 NAVEX15 - ok
23:43:11.0978 4488 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\windows\system32\drivers\ndis.sys
23:43:11.0991 4488 NDIS - ok
23:43:12.0050 4488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:43:12.0052 4488 NdisCap - ok
23:43:12.0080 4488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:43:12.0081 4488 NdisTapi - ok
23:43:12.0123 4488 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
23:43:12.0125 4488 Ndisuio - ok
23:43:12.0141 4488 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
23:43:12.0143 4488 NdisWan - ok
23:43:12.0167 4488 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
23:43:12.0168 4488 NDProxy - ok
23:43:12.0210 4488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:43:12.0211 4488 NetBIOS - ok
23:43:12.0241 4488 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
23:43:12.0244 4488 NetBT - ok
23:43:12.0450 4488 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
23:43:12.0620 4488 NETwNs64 - ok
23:43:12.0673 4488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
23:43:12.0675 4488 nfrd960 - ok
23:43:12.0741 4488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:43:12.0742 4488 Npfs - ok
23:43:12.0758 4488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:43:12.0759 4488 nsiproxy - ok
23:43:12.0823 4488 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
23:43:12.0853 4488 Ntfs - ok
23:43:12.0877 4488 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:43:12.0879 4488 Null - ok
23:43:12.0935 4488 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
23:43:12.0936 4488 nusb3hub - ok
23:43:12.0979 4488 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
23:43:12.0982 4488 nusb3xhc - ok
23:43:13.0039 4488 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
23:43:13.0041 4488 nvraid - ok
23:43:13.0073 4488 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
23:43:13.0076 4488 nvstor - ok
23:43:13.0099 4488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
23:43:13.0102 4488 nv_agp - ok
23:43:13.0120 4488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
23:43:13.0121 4488 ohci1394 - ok
23:43:13.0172 4488 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
23:43:13.0174 4488 Parport - ok
23:43:13.0193 4488 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
23:43:13.0195 4488 partmgr - ok
23:43:13.0221 4488 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
23:43:13.0223 4488 pci - ok
23:43:13.0246 4488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
23:43:13.0247 4488 pciide - ok
23:43:13.0265 4488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
23:43:13.0269 4488 pcmcia - ok
23:43:13.0291 4488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:43:13.0293 4488 pcw - ok
23:43:13.0316 4488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:43:13.0323 4488 PEAUTH - ok
23:43:13.0396 4488 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
23:43:13.0398 4488 PptpMiniport - ok
23:43:13.0424 4488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
23:43:13.0426 4488 Processor - ok
23:43:13.0471 4488 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
23:43:13.0474 4488 Psched - ok
23:43:13.0528 4488 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
23:43:13.0529 4488 PxHlpa64 - ok
23:43:13.0553 4488 pxkbf - ok
23:43:13.0562 4488 pxrts - ok
23:43:13.0570 4488 pxscan - ok
23:43:13.0621 4488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
23:43:13.0651 4488 ql2300 - ok
23:43:13.0692 4488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
23:43:13.0694 4488 ql40xx - ok
23:43:13.0723 4488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:43:13.0724 4488 QWAVEdrv - ok
23:43:13.0751 4488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:43:13.0752 4488 RasAcd - ok
23:43:13.0809 4488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:43:13.0810 4488 RasAgileVpn - ok
23:43:13.0834 4488 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
23:43:13.0835 4488 Rasl2tp - ok
23:43:13.0863 4488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:43:13.0864 4488 RasPppoe - ok
23:43:13.0920 4488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:43:13.0921 4488 RasSstp - ok
23:43:13.0940 4488 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
23:43:13.0944 4488 rdbss - ok
23:43:13.0971 4488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
23:43:13.0973 4488 rdpbus - ok
23:43:13.0991 4488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:43:13.0992 4488 RDPCDD - ok
23:43:14.0038 4488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:43:14.0039 4488 RDPENCDD - ok
23:43:14.0051 4488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:43:14.0052 4488 RDPREFMP - ok
23:43:14.0070 4488 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
23:43:14.0073 4488 RDPWD - ok
23:43:14.0115 4488 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
23:43:14.0118 4488 rdyboost - ok
23:43:14.0175 4488 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
23:43:14.0179 4488 RFCOMM - ok
23:43:14.0337 4488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:43:14.0338 4488 rspndr - ok
23:43:14.0399 4488 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
23:43:14.0400 4488 RSUSBSTOR - ok
23:43:14.0465 4488 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
23:43:14.0471 4488 RTL8167 - ok
23:43:14.0512 4488 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
23:43:14.0514 4488 sbp2port - ok
23:43:14.0538 4488 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
23:43:14.0539 4488 scfilter - ok
23:43:14.0583 4488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:43:14.0584 4488 secdrv - ok
23:43:14.0615 4488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
23:43:14.0616 4488 Serenum - ok
23:43:14.0632 4488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
23:43:14.0633 4488 Serial - ok
23:43:14.0648 4488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
23:43:14.0649 4488 sermouse - ok
23:43:14.0674 4488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
23:43:14.0676 4488 sffdisk - ok
23:43:14.0686 4488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
23:43:14.0687 4488 sffp_mmc - ok
23:43:14.0706 4488 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
23:43:14.0707 4488 sffp_sd - ok
23:43:14.0724 4488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
23:43:14.0725 4488 sfloppy - ok
23:43:14.0788 4488 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
23:43:14.0796 4488 Sftfs - ok
23:43:14.0827 4488 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
23:43:14.0831 4488 Sftplay - ok
23:43:14.0857 4488 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
23:43:14.0858 4488 Sftredir - ok
23:43:14.0883 4488 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
23:43:14.0885 4488 Sftvol - ok
23:43:14.0931 4488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:43:14.0932 4488 SiSRaid2 - ok
23:43:14.0952 4488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
23:43:14.0954 4488 SiSRaid4 - ok
23:43:14.0993 4488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:43:14.0995 4488 Smb - ok
23:43:15.0042 4488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:43:15.0043 4488 spldr - ok
23:43:15.0165 4488 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
23:43:15.0169 4488 SRTSP - ok
23:43:15.0189 4488 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
23:43:15.0190 4488 SRTSPX - ok
23:43:15.0229 4488 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
23:43:15.0234 4488 srv - ok
23:43:15.0313 4488 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
23:43:15.0322 4488 srv2 - ok
23:43:15.0343 4488 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
23:43:15.0346 4488 srvnet - ok
23:43:15.0423 4488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
23:43:15.0425 4488 stexstor - ok
23:43:15.0481 4488 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
23:43:15.0486 4488 STHDA - ok
23:43:15.0539 4488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:43:15.0540 4488 swenum - ok
23:43:15.0641 4488 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
23:43:15.0647 4488 SymDS - ok
23:43:15.0708 4488 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
23:43:15.0725 4488 SymEFA - ok
23:43:15.0799 4488 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
23:43:15.0802 4488 SymEvent - ok
23:43:15.0850 4488 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
23:43:15.0852 4488 SymIRON - ok
23:43:15.0876 4488 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
23:43:15.0880 4488 SymNetS - ok
23:43:15.0962 4488 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
23:43:15.0993 4488 Tcpip - ok
23:43:16.0040 4488 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
23:43:16.0050 4488 TCPIP6 - ok
23:43:16.0094 4488 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
23:43:16.0095 4488 tcpipreg - ok
23:43:16.0118 4488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:43:16.0119 4488 TDPIPE - ok
23:43:16.0133 4488 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
23:43:16.0135 4488 TDTCP - ok
23:43:16.0183 4488 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
23:43:16.0185 4488 tdx - ok
23:43:16.0202 4488 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
23:43:16.0203 4488 TermDD - ok
23:43:16.0252 4488 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
23:43:16.0254 4488 tssecsrv - ok
23:43:16.0305 4488 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
23:43:16.0307 4488 tunnel - ok
23:43:16.0374 4488 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
23:43:16.0374 4488 TurboB - ok
23:43:16.0403 4488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
23:43:16.0406 4488 uagp35 - ok
23:43:16.0430 4488 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
23:43:16.0435 4488 udfs - ok
23:43:16.0462 4488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
23:43:16.0464 4488 uliagpkx - ok
23:43:16.0486 4488 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
23:43:16.0489 4488 umbus - ok
23:43:16.0529 4488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
23:43:16.0542 4488 UmPass - ok
23:43:16.0649 4488 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
23:43:16.0651 4488 usbccgp - ok
23:43:16.0710 4488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
23:43:16.0712 4488 usbcir - ok
23:43:16.0733 4488 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
23:43:16.0735 4488 usbehci - ok
23:43:16.0790 4488 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
23:43:16.0795 4488 usbhub - ok
23:43:16.0829 4488 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
23:43:16.0830 4488 usbohci - ok
23:43:16.0866 4488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
23:43:16.0867 4488 usbprint - ok
23:43:16.0918 4488 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
23:43:16.0920 4488 usbscan - ok
23:43:16.0954 4488 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:43:16.0956 4488 USBSTOR - ok
23:43:16.0980 4488 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
23:43:16.0981 4488 usbuhci - ok
23:43:17.0034 4488 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
23:43:17.0036 4488 usbvideo - ok
23:43:17.0066 4488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
23:43:17.0067 4488 vdrvroot - ok
23:43:17.0115 4488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:43:17.0116 4488 vga - ok
23:43:17.0139 4488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:43:17.0140 4488 VgaSave - ok
23:43:17.0174 4488 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
23:43:17.0177 4488 vhdmp - ok
23:43:17.0230 4488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
23:43:17.0232 4488 viaide - ok
23:43:17.0280 4488 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
23:43:17.0282 4488 volmgr - ok
23:43:17.0305 4488 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
23:43:17.0309 4488 volmgrx - ok
23:43:17.0356 4488 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
23:43:17.0360 4488 volsnap - ok
23:43:17.0402 4488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
23:43:17.0404 4488 vsmraid - ok
23:43:17.0459 4488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:43:17.0460 4488 vwifibus - ok
23:43:17.0479 4488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:43:17.0480 4488 vwififlt - ok
23:43:17.0526 4488 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
23:43:17.0527 4488 vwifimp - ok
23:43:17.0552 4488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
23:43:17.0554 4488 WacomPen - ok
23:43:17.0609 4488 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
23:43:17.0611 4488 WANARP - ok
23:43:17.0631 4488 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
23:43:17.0632 4488 Wanarpv6 - ok
23:43:17.0674 4488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
23:43:17.0675 4488 Wd - ok
23:43:17.0734 4488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:43:17.0741 4488 Wdf01000 - ok
23:43:17.0786 4488 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
23:43:17.0787 4488 wdkmd - ok
23:43:17.0835 4488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:43:17.0836 4488 WfpLwf - ok
23:43:17.0889 4488 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
23:43:17.0892 4488 WimFltr - ok
23:43:17.0907 4488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:43:17.0908 4488 WIMMount - ok
23:43:17.0990 4488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
23:43:17.0991 4488 WmiAcpi - ok
23:43:18.0019 4488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:43:18.0020 4488 ws2ifsl - ok
23:43:18.0050 4488 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\windows\system32\drivers\WudfPf.sys
23:43:18.0052 4488 WudfPf - ok
23:43:18.0078 4488 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\windows\system32\DRIVERS\WUDFRd.sys
23:43:18.0081 4488 WUDFRd - ok
23:43:18.0130 4488 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
23:43:18.0135 4488 yukonw7 - ok
23:43:18.0189 4488 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
23:43:18.0214 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:43:18.0214 4488 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:43:18.0249 4488 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
23:43:18.0251 4488 \Device\Harddisk0\DR0\Partition0 - ok
23:43:18.0262 4488 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
23:43:18.0264 4488 \Device\Harddisk0\DR0\Partition1 - ok
23:43:18.0264 4488 ============================================================
23:43:18.0264 4488 Scan finished
23:43:18.0264 4488 ============================================================
23:43:18.0273 4984 Detected object count: 1
23:43:18.0273 4984 Actual detected object count: 1
23:44:00.0559 4984 \Device\Harddisk0\DR0\# - copied to quarantine
23:44:00.0559 4984 \Device\Harddisk0\DR0 - copied to quarantine
23:44:00.0623 4984 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:44:00.0627 4984 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:44:00.0632 4984 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:44:00.0639 4984 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:44:00.0654 4984 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:44:00.0666 4984 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:44:00.0668 4984 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:44:00.0669 4984 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:44:00.0671 4984 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:44:00.0674 4984 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:44:00.0678 4984 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:44:00.0680 4984 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:44:00.0683 4984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:44:00.0685 4984 \Device\Harddisk0\DR0 - ok
23:44:05.0822 4984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:45:04.0305 5316 Deinitialize success
to forum · permalink · 2012-02-17 02:11:19 ·


PleaseHelp11

@charter.com

OTL logfile created on: 2/17/2012 12:03:59 AM - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\apoorva\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.77 Gb Available Physical Memory | 63.81% Memory free
11.82 Gb Paging File | 9.41 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 478.27 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: APOORVA-PC | User Name: apoorva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/16 23:59:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\apoorva\Desktop\OTL.exe
PRC - [2012/01/22 08:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/01/22 08:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/11 08:48:47 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/05 05:16:10 | 002,816,328 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/26 17:23:20 | 000,397,992 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/05/30 09:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/05/15 16:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2011/05/03 09:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/17 09:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/03 10:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/19 17:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/01/10 03:03:33 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 10:13:09 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 10:12:10 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5146ed6dcbec6f5cafc972c011e13663\IAStorUtil.ni.dll
MOD - [2011/10/13 10:12:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll
MOD - [2011/10/13 10:08:18 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 10:07:57 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 10:07:44 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 10:07:39 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 10:07:36 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 10:07:28 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 10:07:24 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 10:07:21 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 10:07:20 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 10:07:13 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/21 07:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 07:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 05:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 05:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 05:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 05:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/30 09:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/05/30 09:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2011/05/30 09:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/05/26 03:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 03:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2011/05/03 09:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 09:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011/01/25 03:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/17 13:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 13:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 13:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 14:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/22 08:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/01/10 19:42:43 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/02/10 17:21:37 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 12:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/13 02:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 20:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 03:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/12/10 15:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 15:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 04:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 14:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/06 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/04 04:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/04 02:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 13:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 17:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/21 08:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/12 09:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/16 17:44:43 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.018\ex64.sys -- (NAVEX15)
DRV - [2012/02/16 17:44:43 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120216.018\eng64.sys -- (NAVENG)
DRV - [2012/02/15 21:50:02 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/07 13:23:23 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/04 14:28:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120215.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = »g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/08/30 15:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/16 02:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/16 11:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/16 23:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/16 02:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 22:49:50 | 000,000,000 | ---D | M]

[2011/09/05 13:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apoorva\AppData\Roaming\Mozilla\Extensions
[2012/02/16 02:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\j7mzfjop.default\extensions
[2012/02/11 20:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/11 15:22:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 04:21:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 04:21:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4425245E-106E-4F4F-BEF7-ED311700C3EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/13 15:23:46 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 18:21:07 | 000,000,158 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/16 23:59:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\apoorva\Desktop\OTL.exe
[2012/02/16 23:44:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 12:50:14 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\NPE
[2012/02/16 02:57:52 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/15 03:03:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/13 21:20:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/02/13 21:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/02/12 05:38:14 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\ElevatedDiagnostics
[2012/02/10 17:41:10 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Local\CrashDumps
[2012/02/10 17:21:31 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnets.sys
[2012/02/10 17:21:30 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys
[2012/02/10 17:21:30 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys
[2012/02/10 17:21:30 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.sys
[2012/02/10 17:21:30 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys
[2012/02/10 17:21:30 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys
[2012/02/10 17:21:30 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys
[2012/02/10 17:21:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1305000.091
[2012/02/09 02:45:44 | 000,000,000 | ---D | C] -- C:\Users\apoorva\Documents\RCT3
[2012/02/09 02:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2012/02/09 02:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2012/02/04 14:03:58 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/04 14:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/04 14:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/04 14:03:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2012/02/04 14:03:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/04 14:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/01/29 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/20 23:18:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/01/19 20:52:00 | 000,000,000 | ---D | C] -- C:\Users\apoorva\AppData\Roaming\Reallusion
[2012/01/19 20:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2 C:\Users\apoorva\Documents\*.tmp files -> C:\Users\apoorva\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/16 23:59:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\apoorva\Desktop\OTL.exe
[2012/02/16 23:57:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 23:53:25 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 23:53:25 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 23:50:23 | 000,727,246 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/16 23:50:23 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/16 23:50:23 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/16 23:46:40 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 23:45:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/16 23:45:48 | 463,867,903 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 17:16:09 | 543,998,735 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/16 15:16:09 | 000,869,194 | ---- | M] () -- C:\Users\apoorva\Desktop\SecurityCheck.exe
[2012/02/16 12:44:04 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/02/16 11:29:15 | 002,028,055 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/16 02:54:09 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/15 01:40:35 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for apoorva.job
[2012/02/14 18:26:44 | 000,227,211 | ---- | M] () -- C:\Users\apoorva\Documents\Application.pdf
[2012/02/14 17:30:19 | 000,222,960 | ---- | M] () -- C:\Users\apoorva\Documents\Application Dental Auxiliary Employment LH.pdf
[2012/02/12 21:15:55 | 000,001,364 | ---- | M] () -- C:\Users\apoorva\Desktop\Norton Installation Files.lnk
[2012/02/12 21:08:19 | 000,004,110 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/02/10 17:55:10 | 000,002,514 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 17:54:07 | 000,004,782 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.023
[2012/02/10 17:21:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/10 17:21:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/10 17:21:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/09 16:49:37 | 000,003,584 | ---- | M] () -- C:\Users\apoorva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 02:46:03 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/02/09 02:46:00 | 000,001,730 | ---- | M] () -- C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2012/01/30 22:35:54 | 000,138,856 | ---- | M] () -- C:\Users\apoorva\Documents\ber2.jpg
[2012/01/30 22:33:43 | 000,065,232 | ---- | M] () -- C:\Users\apoorva\Documents\Ber1.JPG
[2012/01/29 23:29:43 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2 C:\Users\apoorva\Documents\*.tmp files -> C:\Users\apoorva\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/16 15:16:01 | 000,869,194 | ---- | C] () -- C:\Users\apoorva\Desktop\SecurityCheck.exe
[2012/02/16 02:57:37 | 543,998,735 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/14 18:26:44 | 000,227,211 | ---- | C] () -- C:\Users\apoorva\Documents\Application.pdf
[2012/02/14 17:30:18 | 000,222,960 | ---- | C] () -- C:\Users\apoorva\Documents\Application Dental Auxiliary Employment LH.pdf
[2012/02/13 21:20:21 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/13 21:20:18 | 000,000,506 | ---- | C] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/02/10 17:54:07 | 002,028,055 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/10 17:54:07 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.023
[2012/02/10 17:21:31 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat
[2012/02/10 17:21:30 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.cat
[2012/02/10 17:21:30 | 000,007,468 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.cat
[2012/02/10 17:21:30 | 000,007,462 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat
[2012/02/10 17:21:30 | 000,007,460 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.cat
[2012/02/10 17:21:30 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat
[2012/02/10 17:21:30 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.cat
[2012/02/10 17:21:30 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa.inf
[2012/02/10 17:21:30 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds.inf
[2012/02/10 17:21:30 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet.inf
[2012/02/10 17:21:30 | 000,001,438 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf
[2012/02/10 17:21:30 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf
[2012/02/10 17:21:30 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.inf
[2012/02/10 17:21:30 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.inf
[2012/02/10 17:21:11 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symvtcer.dat
[2012/02/10 17:21:11 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/02/09 16:49:37 | 000,003,584 | ---- | C] () -- C:\Users\apoorva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 02:46:03 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
[2012/02/09 02:46:00 | 000,001,730 | ---- | C] () -- C:\Users\apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[2012/02/08 18:49:25 | 000,004,110 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/02/04 14:03:58 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/04 14:03:58 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/04 14:03:54 | 000,002,514 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/30 22:35:54 | 000,138,856 | ---- | C] () -- C:\Users\apoorva\Documents\ber2.jpg
[2012/01/30 22:33:41 | 000,065,232 | ---- | C] () -- C:\Users\apoorva\Documents\Ber1.JPG
[2012/01/29 23:29:43 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/09 22:35:40 | 000,002,338 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\348rjt26h557qv22x5ijt0g570827c50o5862
[2012/01/09 22:35:40 | 000,002,338 | -HS- | C] () -- C:\ProgramData\348rjt26h557qv22x5ijt0g570827c50o5862
[2011/12/20 21:23:34 | 000,003,026 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\haovjf5o7svv5bmg4pnw8h044d3j
[2011/12/20 21:23:34 | 000,003,026 | -HS- | C] () -- C:\ProgramData\haovjf5o7svv5bmg4pnw8h044d3j
[2011/12/20 10:26:54 | 000,014,532 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\3a43nk4r53b600
[2011/12/20 10:26:54 | 000,014,532 | -HS- | C] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/17 03:06:11 | 000,016,290 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\j3ts80y4md0okb
[2011/12/17 03:06:11 | 000,016,290 | -HS- | C] () -- C:\ProgramData\j3ts80y4md0okb
[2011/12/16 19:56:06 | 000,001,952 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\107800w0y031r522s003l0wci2a4
[2011/12/16 19:56:06 | 000,001,952 | -HS- | C] () -- C:\ProgramData\107800w0y031r522s003l0wci2a4
[2011/12/10 16:36:10 | 000,003,404 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\238265v6n322a423v050j2plu8g0
[2011/12/10 16:36:10 | 000,003,404 | -HS- | C] () -- C:\ProgramData\238265v6n322a423v050j2plu8g0
[2011/12/05 00:43:38 | 000,015,084 | -HS- | C] () -- C:\Users\apoorva\AppData\Local\l7kn76s0ek4shv
[2011/12/05 00:43:38 | 000,015,084 | -HS- | C] () -- C:\ProgramData\l7kn76s0ek4shv
[2011/11/25 21:42:51 | 000,000,000 | ---- | C] () -- C:\Users\apoorva\AppData\Local\{8C929C7A-EE61-4F96-B3A4-E4C7708EA7E5}
[2011/11/23 09:33:27 | 000,000,112 | ---- | C] () -- C:\ProgramData\uS2bYt038.dat
[2011/09/02 19:26:31 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/13 01:27:26 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/13 01:27:25 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/13 01:27:25 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/13 01:27:00 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/06/13 01:26:55 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/06/13 01:26:55 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/06/13 01:26:55 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/13 01:26:55 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/06/13 01:26:55 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/06/13 01:26:55 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/06/12 22:59:21 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/06/12 22:54:47 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/04/26 03:25:40 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/12/05 00:08:02 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\7C4E8
[2011/10/30 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\acccore
[2012/02/09 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\Atari
[2011/12/05 00:08:02 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\E86D4
[2011/11/22 23:29:22 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\eELL99gTZqjYCkV
[2011/09/01 02:34:55 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\Fingertapps
[2011/11/25 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\FZqjYCwkIrOt
[2011/09/18 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\IDT
[2011/11/22 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\IkkkIIVrlONtP0c
[2011/11/25 21:22:05 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\KQQQJ77dEK8RZhY
[2011/08/30 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\Leadertech
[2011/11/22 23:44:44 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\mGGG4aamH6sW7fL
[2011/09/05 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\OpenCandy
[2011/11/22 23:44:51 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\oSS22oobF3pG5QJ
[2011/09/01 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\PCDr
[2011/11/25 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\pHHH66sWK7fE9gZ
[2012/02/16 02:49:32 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\SoftGrid Client
[2011/11/22 23:45:00 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\T77ddEKK8
[2011/09/02 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\TP
[2011/11/22 23:50:34 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\ujUUCCekIBzONxA
[2011/11/22 23:41:39 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\vfEL8gTZqYwUr
[2011/11/22 23:29:21 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\x2iibbF3pnG
[2011/11/22 23:29:29 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\Y1uuvvS2obF3pGa
[2011/11/25 21:21:59 | 000,000,000 | ---D | M] -- C:\Users\apoorva\AppData\Roaming\ZammHH5sWJ7dLgZ
[2012/02/16 02:54:09 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/05 20:25:58 | 000,020,660 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/02/16 12:44:04 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
to forum · permalink · 2012-02-17 02:12:59 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to PleaseHelp11
Time for a reality check.

What problem(s), if any, are still unresolved?

to forum · permalink · 2012-02-17 11:34:45 ·
Forums > Broadband Tech > Security > Security Cleanup

Friday, 24-May 17:48:16 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics