Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help to remove ib.adnxs.com popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help to remove ib.adnxs.com popups

Unread postby riley532 » September 13th, 2012, 8:55 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Riley at 20:40:23 on 2012-09-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8125.5796 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbucoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tether\TBService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\WORDsearch 8\ZipScript.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Riley\Desktop\OTL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Facebook Update] "C:\Users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [ZipScript] C:\Program Files (x86)\WORDsearch 8\ZipScript.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
StartupFolder: C:\Users\Riley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: Free YouTube Download - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/device ... Loader.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A0CC991-5970-43DD-941B-0DB4CCE50932} : DhcpNameServer = 206.248.154.22 206.248.154.170
TCP: Interfaces\{28570AC8-7FF2-4B9E-A45F-9CAB59F821B6} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\2454C4C4636333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\25F6765627370234570702548736964756D656E647 : DhcpNameServer = 192.168.128.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\358656271647F6E602D456564796E67637 : DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\443374E4F53535944403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\74271616E637D616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}\86574637F6E6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.startsearcher.com/?q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.startsearcher.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Riley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cputemperature;cputemperature;C:\Windows\system32\Drivers\cputemperature.sys --> C:\Windows\system32\Drivers\cputemperature.sys [?]
R1 RapportCerberus_32029;RapportCerberus_32029;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-18 396816]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-8-21 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-8-21 61200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-6-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-18 60928]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-8-21 870200]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-18 673088]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2011-3-29 50416]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-18 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-30 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-6-15 130976]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-30 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-20 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
.
=============== Created Last 30 ================
.
2012-09-13 21:32:31 -------- d-----w- C:\Users\Riley\AppData\Local\ZipScript 8
2012-09-13 19:52:16 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-09-13 19:36:36 -------- d-----w- C:\Users\Riley\AppData\Roaming\Malwarebytes
2012-09-13 19:36:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-13 19:36:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-13 19:36:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-13 15:06:08 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 15:06:08 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 15:06:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 15:06:03 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 15:06:02 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 15:06:02 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 15:06:02 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-04 14:12:39 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-09-04 14:12:12 413696 ----a-r- C:\Users\Riley\AppData\Roaming\Microsoft\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2012-09-04 14:12:11 69632 ----a-r- C:\Users\Riley\AppData\Roaming\Microsoft\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2012-09-04 14:12:11 413696 ----a-r- C:\Users\Riley\AppData\Roaming\Microsoft\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2012-09-04 14:12:11 413696 ----a-r- C:\Users\Riley\AppData\Roaming\Microsoft\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\ARPPRODUCTICON.exe
2012-09-04 14:12:03 -------- d-----w- C:\ProgramData\Research In Motion
2012-09-04 14:11:32 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-09-03 15:24:04 -------- d-----w- C:\ProgramData\{57C74E1D-2F54-4E57-A0AC-537AA84A5318}
2012-09-03 15:19:02 -------- d-----w- C:\ProgramData\wsc
2012-09-03 15:19:01 -------- d-----w- C:\Program Files (x86)\WSfonts
2012-09-03 15:18:58 -------- d-----w- C:\Users\Riley\AppData\Local\WORDsearch 8
2012-09-03 15:18:58 -------- d-----w- C:\ProgramData\WORDsearch
2012-09-03 15:18:58 -------- d-----w- C:\Program Files (x86)\WORDsearch 8
2012-09-03 15:18:58 -------- d-----w- C:\Program Files (x86)\Common Files\WORDsearch
2012-08-27 03:04:15 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-25 23:29:40 -------- d-----w- C:\Users\Riley\AppData\Local\{5BF47DD6-8F62-49A0-8AEA-FE49A695E338}
2012-08-25 23:19:30 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-08-24 20:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
==================== Find3M ====================
.
2012-09-10 14:45:22 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 14:45:22 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 22:59:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-07-28 17:43:04 1095592 ----a-w- C:\ProgramData\SPLF7AD.tmp
2012-07-26 08:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2007-03-11 23:31:30 3164160 ----a-w- C:\Program Files (x86)\BIBLEA.exe
2007-03-10 17:42:34 48128 ----a-w- C:\Program Files (x86)\folder.exe
2001-02-10 09:16:30 38400 ----a-w- C:\Program Files (x86)\OTBMK.EXE
2001-02-10 09:16:30 38400 ----a-w- C:\Program Files (x86)\NTBMK.EXE
.
============= FINISH: 20:41:06.93 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 24/08/2010 12:15:34 PM
System Uptime: 13/09/2012 8:22:38 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0874P6
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 199.525 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Tether Ethernet Adapter
Device ID: ROOT\ROOT&QRKIS\0000
Manufacturer: Tether
Name: Tether Ethernet Adapter
PNP Device ID: ROOT\ROOT&QRKIS\0000
Service: qrkis
.
==== System Restore Points ===================
.
RP235: 26/07/2012 9:09:10 PM - Scheduled Checkpoint
RP236: 06/08/2012 11:38:16 AM - Scheduled Checkpoint
RP237: 20/08/2012 10:32:22 PM - Scheduled Checkpoint
RP238: 26/08/2012 9:56:16 PM - Windows Update
RP239: 03/09/2012 1:29:25 PM - Scheduled Checkpoint
RP240: 13/09/2012 11:52:43 AM - Windows Update
.
==== Installed Programs ======================
.
Accelerometer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Alarm
Anki
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
µTorrent
Audacity 2.0
Audio MP3 Sound Recorder
AVG PC Tuneup 2011
AVG Security Toolbar
Aya AVI WMV DVD FLV RM MKV MP4 Video Splitter Cutter V1.3.5
Bible Database 5.1
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
BS.Player FREE
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CNET TechTracker
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
DivX Setup
Dropbox
Easy Video Splitter 1.28
eReg
eXPert PDF 6
Facebook Video Calling 1.2.0.159
Focus MP3 Recorder Splitter 3.4
Free Audio CD Burner version 1.4.7
Free FLV Converter V 7.1.0
Free M4a to MP3 Converter 7.0
Free YouTube Download version 3.0.22.221
Free YouTube to MP3 Converter version 3.10.17.221
Futuremark SystemInfo
Genie Backup Assistant
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
HydraVision
iLivid
Intel(R) Management Engine Components
InterActual Player
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 26
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
PDF Viewer for Windows 7
project dogwaffle
Project64 1.6
PS_AIO_06_C4700_SW_Min
QuickTime
Rapport
Realtek Ethernet Controller Driver
Roxio Burn
Scan
Screen VidShot
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Skins
Skype™ 5.10
StarCraft II
swMSM
Tether 1.4.3.7
The Extractor
The Holy Bible KJV Ver.8
TimeLeft
Toolbox
TweakNow RegCleaner
TweakNow RegCleaner 2011
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VideoFileDownload
Virtual DJ Home - Atomix Productions
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
WeatherEye
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WORDsearch 8 POSB NT Edition
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
13/09/2012 8:24:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
13/09/2012 8:09:18 PM, Error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
13/09/2012 7:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
13/09/2012 7:48:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
13/09/2012 7:26:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
13/09/2012 7:25:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
13/09/2012 7:25:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/09/2012 7:25:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/09/2012 7:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/09/2012 7:24:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/09/2012 7:24:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
13/09/2012 7:24:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 cputemperature discache RapportKE64 spldr Wanarpv6
13/09/2012 7:24:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/09/2012 9:31:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
10/09/2012 9:31:46 AM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



[color=#FF0000]
riley532
Banned Member
 
Posts: 16
Joined: September 13th, 2012, 8:30 pm
Advertisement
Register to Remove

Re: help to remove ib.adnxs.com popups

Unread postby riley532 » September 13th, 2012, 9:05 pm

Additionally Kapersky TDSSKiller REport, Nothing found

OTL.txt file

OTL scan "OTL.Txt"

OTL logfile created on: 13/09/2012 8:34:30 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Riley\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.93 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 73.73% Memory free
15.87 Gb Paging File | 13.60 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 199.53 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: RILEYSLAPTOP | User Name: Riley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Riley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Tether\TBService.exe ()
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\WORDsearch 8\ZipScript.exe (WORDsearch Corp.)
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe ()
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe (Lexmark International, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUcfg.dll ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbudrec.dll ()
MOD - C:\Program Files (x86)\TimeLeft3\trayclock.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (dlbu_device) -- C:\Windows\SysNative\dlbucoms.exe ( )
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Tether) -- C:\Program Files (x86)\Tether\TBService.exe ()
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (dlbu_device) -- C:\Windows\SysWOW64\dlbucoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (cputemperature) -- C:\Windows\SysNative\drivers\cputemperature.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (qrkis) -- C:\Windows\SysNative\drivers\qrkis.sys (Tether)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (RapportCerberus_32029) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{1D7F21CB-DA20-444F-B02E-4F76B3912009}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2535290
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {8546F2CB-75FD-4663-9F68-E4D76630F80E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE - HKLM\..\SearchScopes\{8546F2CB-75FD-4663-9F68-E4D76630F80E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 0A 1D 70 0E 63 CD 01 [binary data]
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IE
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes\{552419DF-F7FA-4E3D-AF96-CB65BA9BA4A5}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_en
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B6D98A4E-2863-48F6-AB51-695032DA7F76}&mid=42c7745226764e2fbd37424052aac868-88095c05894c11c0fa9dbe48c01b365f72a4f205&lang=en&ds=AVG&pr=fr&d=2011-10-16 14:42:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Internet Search"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.search.order.1: "Internet Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.startsearcher.com"
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: foxfilter@inspiredeffect.net:7.6.4
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.11
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: plugin@startsearcher.com:1.3
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: pbupload@photobucket.com:1.3.3
FF - prefs.js..extensions.enabledAddons: en-CA@dictionaries.addons.mozilla.org:2.0.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.2
FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Riley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/13 10:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/15 00:31:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/15 00:31:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/19 02:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 21:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/13 20:09:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2012/04/25 18:38:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2012/04/18 11:53:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:07:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/13 20:09:19 | 000,000,000 | ---D | M]

[2010/08/25 11:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Extensions
[2012/08/25 18:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions
[2012/08/25 18:19:53 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/13 21:28:26 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/08/24 12:39:28 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6}
[2010/11/02 23:10:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/03 09:27:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/17 10:50:29 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\DeviceDetection@logitech.com
[2012/07/25 21:19:05 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/03/22 08:25:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\engine@conduit.com
[2012/02/11 22:35:46 | 000,000,000 | ---D | M] ("FoxFilter") -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\foxfilter@inspiredeffect.net
[2012/07/10 20:10:39 | 000,000,000 | ---D | M] (InternetSearch) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\plugin@startsearcher.com
[2012/07/10 20:10:30 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\plugin@videofiledownload.com
[2011/02/16 23:14:48 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\tineye@ideeinc.com
[2012/07/15 09:30:35 | 000,025,950 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\pbupload@photobucket.com.xpi
[2012/06/15 21:37:05 | 000,154,252 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
[2011/05/04 17:33:14 | 000,005,214 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\foxfilter@inspiredeffect.net\content\html\expirationNotice.htm
[2011/05/04 17:35:10 | 000,001,755 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\extensions\foxfilter@inspiredeffect.net\content\js\expirationNotice.js
[2010/08/25 13:50:51 | 000,001,819 | ---- | M] () -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\searchplugins\bing.xml
[2012/07/11 20:21:36 | 000,000,324 | ---- | M] () -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\0ik16r9a.default\searchplugins\search.xml
[2012/05/04 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/25 06:32:51 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/07/03 21:09:33 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/19 17:07:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/19 02:46:38 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/25 07:53:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/25 07:53:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: TinEye Reverse Image Search (old version) = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkehhkdbdbaggkkapkcaoanffomhgjl\1.0.1_0\

O1 HOSTS File: ([2012/09/13 20:10:41 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLBUCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLBUtime.DLL ()
O4:64bit: - HKLM..\Run: [dlbumon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbumon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000..\Run: [Facebook Update] C:\Users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000..\Run: [ZipScript] C:\Program Files (x86)\WORDsearch 8\ZipScript.exe (WORDsearch Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKU\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Riley\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/device ... Loader.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A0CC991-5970-43DD-941B-0DB4CCE50932}: DhcpNameServer = 206.248.154.22 206.248.154.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28570AC8-7FF2-4B9E-A45F-9CAB59F821B6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D168AB-C84D-4A8C-A1EB-E23B40848AE0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{94e4c814-ab10-11df-93b8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94e4c814-ab10-11df-93b8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 20:33:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Riley\Desktop\OTL.exe
[2012/09/13 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Local\ZipScript 8
[2012/09/13 14:52:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/09/13 14:36:36 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Roaming\Malwarebytes
[2012/09/13 14:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/13 14:36:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/13 14:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/13 13:31:39 | 000,000,000 | ---D | C] -- C:\Users\Riley\Documents\WORDsearch Backups
[2012/09/13 11:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 10:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/13 10:06:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 10:06:04 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/13 10:06:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/13 10:06:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 10:07:24 | 000,000,000 | ---D | C] -- C:\Users\Riley\Desktop\Weather & Climate
[2012/09/04 09:12:39 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012/09/04 09:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/09/04 09:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012/09/03 10:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{57C74E1D-2F54-4E57-A0AC-537AA84A5318}
[2012/09/03 10:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\wsc
[2012/09/03 10:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSfonts
[2012/09/03 10:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORDsearch 8
[2012/09/03 10:18:58 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Local\WORDsearch 8
[2012/09/03 10:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WORDsearch 8
[2012/09/03 10:18:58 | 000,000,000 | ---D | C] -- C:\Users\Riley\Documents\WORDsearch
[2012/09/03 10:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WORDsearch
[2012/09/03 10:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WORDsearch
[2012/08/25 18:29:40 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Local\{5BF47DD6-8F62-49A0-8AEA-FE49A695E338}
[2012/08/25 18:19:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/25 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/25 17:56:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/25 17:56:40 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/25 17:56:40 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/25 17:56:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/25 17:56:40 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/25 17:56:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/25 17:56:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/25 17:56:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/25 17:56:36 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/25 17:56:36 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/25 17:56:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/25 17:56:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/25 17:56:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/25 17:56:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/25 17:56:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/25 17:56:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/25 17:56:30 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/25 17:56:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/11/02 23:24:45 | 003,164,160 | ---- | C] (Home) -- C:\Program Files (x86)\BIBLEA.exe
[2010/10/28 21:29:18 | 001,286,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Riley\wlsetup-web.exe
[2010/10/28 21:14:53 | 000,367,942 | ---- | C] (Conduit) -- C:\Users\Riley\Brothersoftdownloader_for_Windows_Live_Messenger.exe
[2010/10/23 19:22:55 | 004,677,528 | ---- | C] (Yuna Software) -- C:\Users\Riley\MsgPlusLive-490.exe
[2010/10/21 17:27:56 | 007,462,536 | ---- | C] (AVG ) -- C:\Users\Riley\avg_pct_stf_all_2011_22_c5.exe
[2010/10/18 10:25:35 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Users\Riley\avg_free_stb_all_2011_1136_upgrade.exe
[2010/09/18 03:05:43 | 000,850,200 | ---- | C] (DivX, Inc. ) -- C:\Users\Riley\DivXInstaller.exe
[2010/09/18 02:58:02 | 000,652,794 | ---- | C] (Xvid team ) -- C:\Users\Riley\Xvid-1.2.2-07062009.exe
[2010/08/25 14:27:40 | 097,713,960 | ---- | C] (Apple Inc.) -- C:\Users\Riley\iTunes64Setup.exe
[2010/08/25 14:16:18 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Riley\wmpfirefoxplugin.exe
[2010/05/09 12:41:58 | 000,321,328 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Riley\utorrent.exe
[2010/05/06 17:31:11 | 001,193,338 | ---- | C] (Escsoft ) -- C:\Users\Riley\iDump_Setup.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Riley\*.tmp files -> C:\Users\Riley\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 20:40:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Riley\Desktop\dds.scr
[2012/09/13 20:33:50 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Riley\Desktop\OTL.exe
[2012/09/13 20:30:38 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 20:30:38 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 20:29:51 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/13 20:29:51 | 000,629,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/13 20:29:51 | 000,111,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/13 20:27:48 | 094,776,099 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/13 20:25:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 20:24:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 20:23:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/09/13 20:23:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 20:23:03 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/13 20:10:41 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/13 20:00:15 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\GBM - Easy Layout Backup Job-Full.job
[2012/09/13 19:11:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1800031923-557482588-2345233677-1000UA.job
[2012/09/13 18:29:32 | 000,000,134 | ---- | M] () -- C:\Users\Riley\Desktop\MalWare Removal • View topic - help to remove ib.adnxs.com pop up advertising.URL
[2012/09/13 10:07:17 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/10 09:45:22 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/10 09:45:22 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/04 09:13:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/09/04 09:12:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/09/04 09:12:12 | 000,002,253 | ---- | M] () -- C:\Users\Riley\Desktop\BlackBerry Desktop Software.lnk
[2012/09/04 07:52:44 | 000,431,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/03 10:24:04 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\WORDsearch 8.lnk
[2012/08/31 17:59:48 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/08/30 23:20:12 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1800031923-557482588-2345233677-1000Core.job
[2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Riley\*.tmp files -> C:\Users\Riley\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 18:29:32 | 000,000,134 | ---- | C] () -- C:\Users\Riley\Desktop\MalWare Removal • View topic - help to remove ib.adnxs.com pop up advertising.URL
[2012/09/04 09:13:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012/09/04 09:12:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012/09/04 09:12:12 | 000,002,253 | ---- | C] () -- C:\Users\Riley\Desktop\BlackBerry Desktop Software.lnk
[2012/09/03 10:24:04 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\WORDsearch 8.lnk
[2011/08/21 00:58:02 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuserv.dll
[2011/08/21 00:58:02 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuusb1.dll
[2011/08/21 00:58:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuhbn3.dll
[2011/08/21 00:58:02 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbucomc.dll
[2011/08/21 00:58:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbupmui.dll
[2011/08/21 00:58:02 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbulmpm.dll
[2011/08/21 00:58:02 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbucoms.exe
[2011/08/21 00:58:02 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\dlbuutil.dll
[2011/08/21 00:58:02 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbucomm.dll
[2011/08/21 00:58:02 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuinpa.dll
[2011/08/21 00:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuiesc.dll
[2011/08/21 00:58:02 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuih.exe
[2011/08/21 00:58:02 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbucfg.exe
[2011/08/21 00:58:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBUhcp.dll
[2011/08/21 00:58:02 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBUinst.dll
[2011/08/21 00:58:02 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuppls.exe
[2011/08/21 00:58:02 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlbuinsb.dll
[2011/08/21 00:58:02 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbuprox.dll
[2011/08/21 00:58:02 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\dlbuins.dll
[2011/08/21 00:58:02 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\dlbujswr.dll
[2011/08/21 00:58:02 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlbuinsr.dll
[2011/08/21 00:58:02 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbupplc.dll
[2011/08/21 00:58:02 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlbucub.dll
[2011/08/21 00:58:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlbucu.dll
[2011/08/21 00:58:02 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\DLBUcfg.dll
[2011/08/21 00:58:02 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlbucur.dll
[2011/04/26 02:06:12 | 000,000,565 | ---- | C] () -- C:\Windows\Spidey.ini
[2011/03/05 22:27:28 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/02/16 12:56:30 | 002,469,055 | ---- | C] () -- C:\Users\Riley\extractor_setup_1.4.3.exe
[2011/02/07 02:13:03 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/26 17:15:37 | 000,174,467 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/12/26 17:15:37 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/11/02 23:24:46 | 004,768,592 | ---- | C] () -- C:\Program Files (x86)\OLDTSMS.ASC
[2010/11/02 23:24:46 | 003,461,990 | ---- | C] () -- C:\Program Files (x86)\OLDTSMT.ASC
[2010/11/02 23:24:46 | 001,997,995 | ---- | C] () -- C:\Program Files (x86)\NAVE.DAT
[2010/11/02 23:24:46 | 001,790,966 | ---- | C] () -- C:\Program Files (x86)\NWTSMTS.ASC
[2010/11/02 23:24:46 | 001,475,985 | ---- | C] () -- C:\Program Files (x86)\strongheb.asc
[2010/11/02 23:24:46 | 001,231,396 | ---- | C] () -- C:\Program Files (x86)\TORRY.DAT
[2010/11/02 23:24:46 | 001,048,574 | ---- | C] () -- C:\Program Files (x86)\stronggrk.asc
[2010/11/02 23:24:46 | 001,035,398 | ---- | C] () -- C:\Program Files (x86)\NWTSMT.ASC
[2010/11/02 23:24:46 | 000,483,405 | ---- | C] () -- C:\Program Files (x86)\PSMHC.rtf
[2010/11/02 23:24:46 | 000,228,292 | ---- | C] () -- C:\Program Files (x86)\MTMHC.rtf
[2010/11/02 23:24:46 | 000,148,314 | ---- | C] () -- C:\Program Files (x86)\LUMHC.rtf
[2010/11/02 23:24:46 | 000,135,425 | ---- | C] () -- C:\Program Files (x86)\NUMHC.rtf
[2010/11/02 23:24:46 | 000,132,913 | ---- | C] () -- C:\Program Files (x86)\PRMHC.rtf
[2010/11/02 23:24:46 | 000,114,352 | ---- | C] () -- C:\Program Files (x86)\ROMHC.rtf
[2010/11/02 23:24:46 | 000,112,542 | ---- | C] () -- C:\Program Files (x86)\REMHC.rtf
[2010/11/02 23:24:46 | 000,098,922 | ---- | C] () -- C:\Program Files (x86)\NAVES.IDX
[2010/11/02 23:24:46 | 000,085,224 | ---- | C] () -- C:\Program Files (x86)\LEMHC.rtf
[2010/11/02 23:24:46 | 000,084,546 | ---- | C] () -- C:\Program Files (x86)\MRMHC.rtf
[2010/11/02 23:24:46 | 000,076,549 | ---- | C] () -- C:\Program Files (x86)\JOSMHC.rtf
[2010/11/02 23:24:46 | 000,074,881 | ---- | C] () -- C:\Program Files (x86)\kjvpref.rtf
[2010/11/02 23:24:46 | 000,071,084 | ---- | C] () -- C:\Program Files (x86)\JUDMHC.rtf
[2010/11/02 23:24:46 | 000,054,171 | ---- | C] () -- C:\Program Files (x86)\ZECMHC.rtf
[2010/11/02 23:24:46 | 000,048,128 | ---- | C] ( ) -- C:\Program Files (x86)\folder.exe
[2010/11/02 23:24:46 | 000,041,448 | ---- | C] () -- C:\Program Files (x86)\SOMHC.rtf
[2010/11/02 23:24:46 | 000,039,261 | ---- | C] () -- C:\Program Files (x86)\1CHMHC.rtf
[2010/11/02 23:24:46 | 000,038,400 | ---- | C] () -- C:\Program Files (x86)\OTBMK.EXE
[2010/11/02 23:24:46 | 000,038,400 | ---- | C] () -- C:\Program Files (x86)\NTBMK.EXE
[2010/11/02 23:24:46 | 000,034,883 | ---- | C] () -- C:\Program Files (x86)\NEMHC.rtf
[2010/11/02 23:24:46 | 000,027,061 | ---- | C] () -- C:\Program Files (x86)\PHPMHC.rtf
[2010/11/02 23:24:46 | 000,023,134 | ---- | C] () -- C:\Program Files (x86)\MICMHC.rtf
[2010/11/02 23:24:46 | 000,019,451 | ---- | C] () -- C:\Program Files (x86)\JONMHC.rtf
[2010/11/02 23:24:46 | 000,018,758 | ---- | C] () -- C:\Program Files (x86)\MALMHC.rtf
[2010/11/02 23:24:46 | 000,018,640 | ---- | C] () -- C:\Program Files (x86)\RUMHC.rtf
[2010/11/02 23:24:46 | 000,016,807 | ---- | C] () -- C:\Program Files (x86)\TITMHC.rtf
[2010/11/02 23:24:46 | 000,015,602 | ---- | C] () -- C:\Program Files (x86)\LAMHC.rtf
[2010/11/02 23:24:46 | 000,015,286 | ---- | C] () -- C:\Program Files (x86)\TORRY.IDX
[2010/11/02 23:24:46 | 000,014,250 | ---- | C] () -- C:\Program Files (x86)\JUDEMHC.rtf
[2010/11/02 23:24:46 | 000,009,307 | ---- | C] () -- C:\Program Files (x86)\PHMMHC.rtf
[2010/11/02 23:24:46 | 000,009,119 | ---- | C] () -- C:\Program Files (x86)\NAMHC.rtf
[2010/11/02 23:24:46 | 000,006,466 | ---- | C] () -- C:\Program Files (x86)\OBMHC.rtf
[2010/11/02 23:24:46 | 000,005,550 | ---- | C] () -- C:\Program Files (x86)\WEIGHT.rtf
[2010/11/02 23:24:46 | 000,003,043 | ---- | C] () -- C:\Program Files (x86)\OT.VRB
[2010/11/02 23:24:46 | 000,000,185 | ---- | C] () -- C:\Program Files (x86)\Newfold.fld
[2010/11/02 23:24:46 | 000,000,136 | ---- | C] () -- C:\Program Files (x86)\webfold.ini
[2010/11/02 23:24:46 | 000,000,095 | ---- | C] () -- C:\Program Files (x86)\OCREATE.BMK
[2010/11/02 23:24:46 | 000,000,095 | ---- | C] () -- C:\Program Files (x86)\NBORN.BMK
[2010/11/02 23:24:45 | 002,693,106 | ---- | C] () -- C:\Program Files (x86)\EASTON.DAT
[2010/11/02 23:24:45 | 000,324,006 | ---- | C] () -- C:\Program Files (x86)\GEMHC.rtf
[2010/11/02 23:24:45 | 000,231,693 | ---- | C] () -- C:\Program Files (x86)\ISAMHC.rtf
[2010/11/02 23:24:45 | 000,176,867 | ---- | C] () -- C:\Program Files (x86)\EXMHC.rtf
[2010/11/02 23:24:45 | 000,172,882 | ---- | C] () -- C:\Program Files (x86)\ACMHC.rtf
[2010/11/02 23:24:45 | 000,157,444 | ---- | C] () -- C:\Program Files (x86)\JOHMHC.rtf
[2010/11/02 23:24:45 | 000,144,139 | ---- | C] () -- C:\Program Files (x86)\JERMHC.rtf
[2010/11/02 23:24:45 | 000,143,677 | ---- | C] () -- C:\Program Files (x86)\JOBMHC.rtf
[2010/11/02 23:24:45 | 000,125,779 | ---- | C] () -- C:\Program Files (x86)\DEMHC.rtf
[2010/11/02 23:24:45 | 000,101,179 | ---- | C] () -- C:\Program Files (x86)\1SAMHC.rtf
[2010/11/02 23:24:45 | 000,095,389 | ---- | C] () -- C:\Program Files (x86)\EZEMHC.rtf
[2010/11/02 23:24:45 | 000,088,843 | ---- | C] () -- C:\Program Files (x86)\1COMHC.rtf
[2010/11/02 23:24:45 | 000,086,738 | ---- | C] () -- C:\Program Files (x86)\BNDIC.DAT
[2010/11/02 23:24:45 | 000,086,440 | ---- | C] () -- C:\Program Files (x86)\2KIMHC.rtf
[2010/11/02 23:24:45 | 000,083,126 | ---- | C] () -- C:\Program Files (x86)\HEBMHC.rtf
[2010/11/02 23:24:45 | 000,082,237 | ---- | C] () -- C:\Program Files (x86)\1KIMHC.rtf
[2010/11/02 23:24:45 | 000,074,251 | ---- | C] () -- C:\Program Files (x86)\EASTON.IDX
[2010/11/02 23:24:45 | 000,070,126 | ---- | C] () -- C:\Program Files (x86)\2SAMHC.rtf
[2010/11/02 23:24:45 | 000,062,284 | ---- | C] () -- C:\Program Files (x86)\2CHMHC.rtf
[2010/11/02 23:24:45 | 000,053,221 | ---- | C] () -- C:\Program Files (x86)\2COMHC.rtf
[2010/11/02 23:24:45 | 000,049,993 | ---- | C] () -- C:\Program Files (x86)\DAMHC.rtf
[2010/11/02 23:24:45 | 000,047,094 | ---- | C] () -- C:\Program Files (x86)\GAMHC.rtf
[2010/11/02 23:24:45 | 000,046,037 | ---- | C] () -- C:\Program Files (x86)\ECMHC.rtf
[2010/11/02 23:24:45 | 000,044,702 | ---- | C] () -- C:\Program Files (x86)\HOMHC.rtf
[2010/11/02 23:24:45 | 000,040,958 | ---- | C] () -- C:\Program Files (x86)\EPHMHC.rtf
[2010/11/02 23:24:45 | 000,040,180 | ---- | C] () -- C:\Program Files (x86)\1JOMHC.rtf
[2010/11/02 23:24:45 | 000,036,217 | ---- | C] () -- C:\Program Files (x86)\DICTION.DAT
[2010/11/02 23:24:45 | 000,034,569 | ---- | C] () -- C:\Program Files (x86)\1PEMHC.rtf
[2010/11/02 23:24:45 | 000,034,527 | ---- | C] () -- C:\Program Files (x86)\JASMHC.rtf
[2010/11/02 23:24:45 | 000,026,893 | ---- | C] () -- C:\Program Files (x86)\ESMHC.rtf
[2010/11/02 23:24:45 | 000,026,205 | ---- | C] () -- C:\Program Files (x86)\1TIMHC.rtf
[2010/11/02 23:24:45 | 000,025,368 | ---- | C] () -- C:\Program Files (x86)\COLMHC.rtf
[2010/11/02 23:24:45 | 000,024,839 | ---- | C] () -- C:\Program Files (x86)\EZRMHC.rtf
[2010/11/02 23:24:45 | 000,024,145 | ---- | C] () -- C:\Program Files (x86)\AMMHC.rtf
[2010/11/02 23:24:45 | 000,024,026 | ---- | C] () -- C:\Program Files (x86)\1THMHC.rtf
[2010/11/02 23:24:45 | 000,021,843 | ---- | C] () -- C:\Program Files (x86)\2TIMHC.rtf
[2010/11/02 23:24:45 | 000,021,047 | ---- | C] () -- C:\Program Files (x86)\2PEMHC.rtf
[2010/11/02 23:24:45 | 000,019,603 | ---- | C] () -- C:\Program Files (x86)\2THMHC.rtf
[2010/11/02 23:24:45 | 000,015,103 | ---- | C] () -- C:\Program Files (x86)\HABMHC.rtf
[2010/11/02 23:24:45 | 000,011,716 | ---- | C] () -- C:\Program Files (x86)\HAGMHC.rtf
[2010/11/02 23:24:45 | 000,011,653 | ---- | C] () -- C:\Program Files (x86)\JOEMHC.rtf
[2010/11/02 23:24:45 | 000,011,388 | ---- | C] () -- C:\Program Files (x86)\ZEPMHC.rtf
[2010/11/02 23:24:45 | 000,007,620 | ---- | C] () -- C:\Program Files (x86)\2JOMHC.rtf
[2010/11/02 23:24:45 | 000,007,200 | ---- | C] () -- C:\Program Files (x86)\3JOMHC.rtf
[2010/11/02 23:24:45 | 000,007,070 | ---- | C] () -- C:\Program Files (x86)\CALENDR.rtf
[2010/11/02 23:24:45 | 000,005,330 | ---- | C] () -- C:\Program Files (x86)\DROP.WAV
[2010/11/02 23:24:45 | 000,002,607 | ---- | C] () -- C:\Program Files (x86)\Help.rtf
[2010/11/02 23:24:45 | 000,001,648 | ---- | C] () -- C:\Program Files (x86)\General.fld
[2010/11/02 23:24:45 | 000,000,980 | ---- | C] () -- C:\Program Files (x86)\BIBLEA.INI
[2010/10/17 13:03:21 | 000,027,649 | ---- | C] () -- C:\Users\Riley\N1NRS.torrent
[2010/09/18 02:58:20 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/18 02:58:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/31 00:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/17 03:32:23 | 010,734,058 | ---- | C] () -- C:\Users\Riley\swfdec.zip
[2010/06/15 19:35:44 | 277,794,671 | ---- | C] () -- C:\Users\Riley\iPod2,1_3.1.2_7D11_Restore.ipsw
[2010/05/09 12:07:12 | 001,295,892 | ---- | C] () -- C:\Users\Riley\extractor_setup.exe
[2010/05/06 04:34:30 | 263,275,211 | ---- | C] () -- C:\Users\Riley\iPod2,1_3.1.3_7E18_Restore.ipsw
[2010/05/06 04:29:42 | 000,180,224 | ---- | C] () -- C:\Users\Riley\QTCF.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
riley532
Banned Member
 
Posts: 16
Joined: September 13th, 2012, 8:30 pm

Re: help to remove ib.adnxs.com popups

Unread postby riley532 » September 13th, 2012, 9:08 pm

More scan reports, this one is the "extras.txt" file from the OLT scan

OTL File "Extras"

OTL Extras logfile created on: 13/09/2012 8:34:30 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Riley\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.93 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 73.73% Memory free
15.87 Gb Paging File | 13.60 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 199.53 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: RILEYSLAPTOP | User Name: Riley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF259AC-A9E6-4D4C-B0CB-ACE3EADC2E4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D500D79-39DD-42E1-8F8E-49CA6E450EFE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{22042B80-36FE-4458-8477-A0D5C8CF0C6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{237BBAAA-5370-41E3-8FD6-C87222EE654B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2788A2CE-EEBC-4489-A7AE-695753D37EB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{352FF333-52BD-456F-9A60-629582EF77D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{514647DD-C72B-45CD-B493-8054557C4E7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{52CE985D-2591-4D3C-ADCA-74C7EB84418A}" = lport=138 | protocol=17 | dir=in | app=system |
"{650DC92C-5229-402F-AD7A-6043A0EA8E08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68E21402-A943-4911-BADC-16FA7A592682}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C00E053-6849-428F-9417-FB7EF84E8912}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D4BBC9D-3C04-4AF9-8794-6B6E170AD46F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{7AE28442-1C5D-4AB0-A71B-891FDD8A524C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8162F275-1C2C-475F-801C-7AC2D3121FA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8587FB16-0062-4209-BA7C-4904B6ED5E60}" = rport=445 | protocol=6 | dir=out | app=system |
"{85D62576-E1C2-4091-B033-64EEDD3DCE85}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8B03DEC9-5163-4840-8E71-A28812E61FD5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92ED6452-B004-4F76-8AD7-60F0ECBCB8F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{94E3051B-E36E-47C1-8B8D-584DD60D8E99}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DEC7F95-3F27-4941-85E3-98CE4E273023}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{9F81BC9B-5544-4A71-BEAD-564D2A85C46C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{A6C17FDB-F6BE-4470-BBCC-A9B59943C74E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B0A8B7FC-FEFA-4423-9100-72E29F7D01FA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{B1C72875-1D05-4633-A17A-05DC19608C95}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B9D43E8B-96C3-4337-A8A1-E6E21A16B38E}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF9A2CCE-26A1-48A4-B7FC-2E55B3BE881C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C45B31D6-F771-4946-8B34-8B0F703772E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7BB1A3B-0BC0-4EB6-B46F-F955169ADB1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD5931E0-A5C2-4009-822A-707291154613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D07E4BDB-B74E-4C36-86BC-3067D08F50E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1D5378A-959E-4D37-AD43-189CED8788F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E64735DD-FEF3-49A3-B623-C0C3D0CD5CA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1FE29BC-EB65-48D4-AACB-DB00613ED89B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5093A05-593C-4EEF-8E23-3B19D65A3E11}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9249DEE-2490-46E2-807D-09EFA204CFB0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{F95C630C-23A3-4684-8AA5-843E51C23A45}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C844AB-57E1-4457-A5E6-B360BD355703}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{07200EA9-E7AB-43B2-83E1-E77A40A6CFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07E80E2B-2B81-4BF0-86FA-8DAE2CC32B9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09B1396D-6392-4127-BAC7-A3C08938E01E}" = protocol=17 | dir=in | app=c:\windows\system32\dlbucoms.exe |
"{0B3EA1A4-2B59-4ACD-A31F-20D80A8981F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0D99CCF2-CD69-4219-9430-0B508F07969F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D9CC229-6ED9-4564-9C99-20F39948E127}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F3A40A0-07AF-43B9-A9D8-E219D917ED3B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{12856A0F-79FA-4911-A655-5359169EDDD7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 942\dlbumon.exe |
"{133638F8-BB54-487B-8201-8BD1760ECD2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{156B73CE-3EF5-4A16-8026-16E0BBD4FDAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18A3E992-BD24-4650-AA9A-FB6A16631F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{1939B13D-E859-47FD-A026-7B4566C876F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D4275D7-0F17-458E-AF02-EC86891FBA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21346181-B247-4E78-A825-B0C6AA75E268}" = protocol=6 | dir=in | app=c:\windows\system32\dlbucoms.exe |
"{29536C4C-2D4E-477D-B2F9-DF6174121C36}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2BB92FD4-B13E-477A-B984-9AA7132519C7}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 942\dlbumon.exe |
"{35767B7B-0B9D-4A9C-BBB4-723634DC3F92}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dlbupswx.exe |
"{3AB13166-089A-4FAB-9AF2-044801EECA6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BC6A20D-2BBE-49BE-A275-2D7C112529A3}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{3CB14719-5E7A-4BE5-95D2-6708233E2014}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3CE7B050-4F59-4CC5-9F16-412BAC539B74}" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D4FD768-2EF0-49C7-A85E-5DA316673E4D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dlbupswx.exe |
"{3E64FF24-A250-445E-9115-FA16DAE0A8BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3FFD9A14-FC9D-498F-BB43-0FFCC56F3C9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FDD7375-6ACE-4CCA-85C8-BB20489D7F71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{535C0814-6BF3-4AAA-8190-7379EC768F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{53962309-DEF2-4606-BE21-D7D422A5A27C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54F0545D-4D88-4701-AA74-B62071E178DD}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbucoms.exe |
"{576D4982-AF1D-4C6A-B3EB-E6C717CA4A73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59A1B18B-842D-4F6B-8358-F43B77E8D28E}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{60B55E73-5F61-45CE-936F-5D39174891D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{673DC3CA-20CE-49AA-A21E-D760F6CFBF80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DFBA37B-DA10-4E72-8AA6-9745D68C5983}" = dir=in | app=c:\users\riley\appdata\local\temp\7zs11c2\setup\hpznui40.exe |
"{774DC098-E041-4995-BAC3-AD99EA0B522F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{789CE1B1-EBE1-44D8-A578-3719E559BC35}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{7E985DEF-56CD-408F-987C-BAA2D97E98B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7F1418F2-CA2D-4CA5-80CF-91AC5ADFED75}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F679FD7-8E9F-450D-AB8B-35939AD07908}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{812B7394-5EF4-451D-AD40-5D6490B15368}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{83A65720-6151-45C7-B998-DE67F4E84998}" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"{85086005-85E0-4C2D-A978-80F0EC0AA0CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8F186BE8-B912-49F7-BD69-E44FF5E164EA}" = dir=in | app=c:\users\riley\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9A24147D-810E-46E3-9CDC-68666E5FEDDD}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{A9B533D6-9554-4D7C-A308-DB85FC731820}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B9A8AA4F-1A32-426A-A7B1-968B23CE43A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9F28AEF-51BE-417A-8299-849AAB19E468}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFCAC998-2E43-459B-AE2B-E2F3BA92FC6B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C37D726E-85D5-4F3D-B706-30F534283D26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C56A02B3-9487-4D7C-8951-D5FC575EDC68}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{C6711EF9-F956-4E45-8327-84CAB0196BEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C71D00F3-C0A6-46F0-9433-3EF9CEF5792B}" = protocol=6 | dir=out | app=system |
"{C833A415-F1FE-410B-A7D7-6A1932C8781C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C837E19D-0781-48A2-8ADC-F1FFD45E6D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{CCF49B91-49B3-4F5A-AE8B-C3DEA655C8C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbucoms.exe |
"{CCFF10FA-E5FA-4EC4-8DD2-2E6A0DDF96AF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CD08C63D-854D-4003-9BD0-FD7C17D8DA44}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D3DC7882-80BA-48EE-95B1-F5FD94895BB0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D65F3EEC-6232-4C9C-A2F3-38AD76609CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D94AD32F-68FE-4E41-92E9-1A013E782AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D95DE34B-0714-4793-9672-A0A4C83A10AC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{D97C053B-AA15-4EF6-AC03-68FC92DFD287}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB5F411C-6F26-46A7-9508-7FEC549B4FC4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DBD05C56-DAD3-4BDB-8DB2-CBBC56019699}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{E5EB095E-351A-41E1-8906-26A4060CEB6A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E6C4EEB1-E49F-4F7C-8C4D-1A07CA647C8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDE030BB-1052-4B89-AF6C-8557617BFDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 942\dlbuaiox.exe |
"{F048BAA3-A11A-4B4A-BCBC-F0C194DDA8F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3865D1A-BD0D-4D0F-B26B-15153713355D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{F412D304-CD6C-4552-9206-A44538778749}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 942\dlbuaiox.exe |
"{F8E432CE-3F0A-4A84-8A21-ACE7DFBD4FFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9FBE3A0-AB03-4527-BDA5-96AA63EAF632}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{FB150AE1-9A10-4589-8FBA-F70B11F720E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCA96F8D-72C3-45F0-B7AD-07FA3E7C0EBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{FFC783D7-D86C-4C78-AD69-57F561A14EAD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"TCP Query User{1A645055-0EB5-485E-8DC2-E6F7A3A8909E}C:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{28C67349-42F6-4714-90DC-06E3F2F723FB}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{30A9CC74-465D-4553-9F28-796CE88EF3CC}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{32490D85-FB61-474D-B89E-6B4BD1B04A56}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{4071F044-84B7-45BA-9022-4DEE0B148CEB}C:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe |
"TCP Query User{4DB3CE95-376F-4AFE-B8B0-5DAC10D3A970}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{523F873B-5EBD-4CBC-B879-B37EAB76B073}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{569A101E-D2C9-4B95-9AC0-0ACEA154F79A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{57F809EA-B266-455C-87B2-3F32BADAB784}C:\program files (x86)\mozilla firefox 4.0 beta 12\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\plugin-container.exe |
"TCP Query User{6B6E2D46-C39F-4FF6-8989-6A4D54A76DF9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{73DE1917-3D50-427A-8205-A8ACF9D38938}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{7BB44AB0-3704-4DDE-9655-B7164EB0C8ED}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7DFA3D23-7F4B-4339-BDE6-D1ECEC7CACB7}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{91DE1168-FB72-468F-9019-DBAFD4C7953D}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{96B52C7A-BD0B-48C7-8B43-4A04BE16ED86}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{C113D850-77EF-4C5F-8E03-2D7C3ED181B5}C:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe |
"TCP Query User{C5ECD634-2A49-4507-A3D4-CBD19ED4A7E9}C:\users\riley\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\riley\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{DF8B9D22-8F1F-4C1F-BD8B-8556107B1418}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{FA701343-B31D-4F91-B494-C0499291F7B0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FEF9FCA5-7CEC-4B44-929B-2E967C5CAD68}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0F59E4CA-CB5A-4485-ADBB-CD1B98D84483}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1FCF4DCD-D745-4F03-AECB-AD95605E7C49}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{230F85B7-EC7C-4C8D-9DE7-D35A9D48D288}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{231751B7-20D7-4023-B84C-7516B43BD7A4}C:\program files (x86)\mozilla firefox 4.0 beta 12\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\plugin-container.exe |
"UDP Query User{2F99135D-28E0-4831-8A28-059697D41319}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{301D836F-CB5A-4A9D-A7B4-27BE40D92E1C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{347ABA59-6C57-482B-B7B9-E0F749269815}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{3E263D36-86D7-4381-8C73-E0F51DDC88D4}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{44601A4C-0C80-4185-B742-08A30F9AE76D}C:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5CE82A7E-3256-4A83-B6F1-41AEFB80A4E7}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{69F8D2F6-32F9-40A5-B7BD-6AE35600C17E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6B4AFFE7-AFF6-4F15-B5BB-23071C60D80D}C:\users\riley\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\riley\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{7193B9AB-5273-4378-9C2D-35C47EB5A0F1}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{804A423C-B39C-4FED-8C37-D4B5FF62101B}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{88427DFC-9AFC-4453-A218-349CD79C8B0C}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{88D266D8-7FCD-4BA6-B550-ED289D4A1396}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{DBA676F5-2E8B-44FD-AB4E-0CE7E7889ABC}C:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe |
"UDP Query User{DC0950E7-2047-4316-96B5-90BF1CF9312B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DC6360D3-6CF8-4F71-B493-ED155CDA1455}C:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 12\firefox.exe |
"UDP Query User{FA0E9229-0DA1-4317-82E5-6C730007ECA9}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AA05F911-A572-07CE-C205-EEF94562BF87}" = ATI AVIVO64 Codecs
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDAA17FB-9CDD-AA3B-ED37-FA6F0C052123}" = ATI Catalyst Install Manager
"0E26EBDDB36C0E4C591F22C7EE263FB6BC041FE3" = Windows Driver Package - Broadcom Corporation Bluetooth (02/06/2012 6.5.1.2310)
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"4AAFCA4E47F455BA6EB4FE93C32821F59F5873E3" = Windows Driver Package - Broadcom Corporation Bluetooth (02/07/2012 6.5.1.2312)
"524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614" = Windows Driver Package - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"6A044848DB955BAB41313E7878DE4E2C68715F24" = Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600)
"73EBF284DDB186EC3E526FEE77E2325097703596" = Windows Driver Package - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"765E3A42F1EB7BB642F073A20918B588DC4D1193" = Windows Driver Package - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"77474885D7AEC63818C38D3CD3F18591895E994E" = Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (02/06/2012 6.5.1.2310)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"DW WLAN Card Utility" = DW WLAN Card Utility
"E2D6F2D66494484DBE706872D7EFADC4C894EF0F" = Windows Driver Package - Broadcom Corporation Bluetooth (02/07/2012 6.5.1.2312)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Dell Support Center
"SP6" = Logitech SetPoint 6.15
"SynTPDeinstKey" = Dell Touchpad
"TThrottle: Temperature Throttle_is1" = TThrottle (32/64 Bit): Temperature Throttle by eFMer V 3.1.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015D576B-F9CF-245E-2A67-13A22C49595D}" = CCC Help Portuguese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08DF75DF-FCA1-936E-6537-8B2355477A8A}" = CCC Help Spanish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{2863C12B-2A02-4258-8495-6220605B2E5C}_is1" = Tether 1.4.3.7
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2F12DD77-33BC-B9AA-7FCF-316920EB20B6}" = CCC Help Hungarian
"{2F2E45E2-5A38-616D-B747-6F8483074987}" = CCC Help French
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32CD223A-FF52-43CF-9E24-F7618CD77891}" = WORDsearch 8 POSB NT Edition
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{335519D8-37B0-2C1A-8731-24BFA0AF0A82}" = CCC Help Norwegian
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A3152B9-70FA-8B91-44AC-3DB75A675344}" = CCC Help Russian
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F154E12-4E97-D0AB-27E2-874CFEFFE30A}" = CCC Help Finnish
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{54BAC286-63B1-C3D7-5371-10CE6B280D23}" = CCC Help Turkish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6DFAA-3FE8-0F59-02EC-8AEA5CE0659B}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734C758F-E295-C25A-085A-37210AAFD459}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E31556D-C40E-D7EE-8936-6F442A063F68}" = CCC Help Swedish
"{A24CCFF4-1094-A1C6-756E-BD75FDA697F4}" = CCC Help Danish
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A34A8A48-44EC-1B46-EC9A-C0687C8AB505}" = HydraVision
"{A43190B6-D326-2870-22A5-F2416062ABA3}" = CCC Help German
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 6
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF39A4BD-9088-D509-206B-024E5576D25C}" = CCC Help Korean
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B5C2819F-BC4E-E31A-C2CE-A617A99A7EA0}" = CCC Help Czech
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BCFF03A6-BADE-2C15-A90E-E8D0E26B8E6C}" = CCC Help Chinese Standard
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C2AF3BC5-ED8A-39A5-BDC6-6B514D7B8E18}" = CCC Help Japanese
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D876ED97-4876-ECE9-F988-D11B91CA84BB}" = CCC Help Polish
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF150064-07EC-F3E1-7E24-8B76493F6C2D}" = CCC Help Thai
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E3EB956C-C221-8F52-2063-CBF40AD8B558}" = CCC Help Italian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2C01F5-FF07-21E7-4D80-E41486A5204E}" = CCC Help Chinese Traditional
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alarm_is1" = Alarm
"Anki" = Anki
"Audacity_is1" = Audacity 2.0
"Audio MP3 Sound Recorder" = Audio MP3 Sound Recorder
"AVG Secure Search" = AVG Security Toolbar
"Aya AVI WMV DVD FLV RM MKV MP4 Video Splitter Cutter_is1" = Aya AVI WMV DVD FLV RM MKV MP4 Video Splitter Cutter V1.3.5
"Bible Database_is1" = Bible Database 5.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"BSPlayerf" = BS.Player FREE
"CamStudio" = CamStudio
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Focus MP3 Recorder Splitter_is1" = Focus MP3 Recorder Splitter 3.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 7.1.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GoToAssist" = GoToAssist 8.0.0.514
"iLivid" = iLivid
"InterActual Player" = InterActual Player
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Viewer for Windows_is1" = PDF Viewer for Windows 7
"Rapport_msi" = Rapport
"Screen VidShot_is1" = Screen VidShot
"ST5UNST #1" = The Holy Bible KJV Ver.8
"ST5UNST #2" = project dogwaffle
"StarCraft II" = StarCraft II
"The Extractor1.4.2" = The Extractor
"The Extractor1.4.2.2" = The Extractor
"The Extractor1.4.3" = The Extractor
"TIMELEFT3_is1" = TimeLeft
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"vfd-ob" = VideoFileDownload
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 2.0.1
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WORDsearch 8 POSB NT Edition" = WORDsearch 8 POSB NT Edition
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1800031923-557482588-2345233677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Dropbox" = Dropbox
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"WeatherEye" = WeatherEye

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/09/2012 3:24:25 PM | Computer Name = RileysLaptop | Source = SignInAssistant | ID = 0
Description =

Error - 13/09/2012 3:24:28 PM | Computer Name = RileysLaptop | Source = SignInAssistant | ID = 0
Description =

Error - 13/09/2012 3:24:54 PM | Computer Name = RileysLaptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1984 Start
Time: 01cd91e538905ab6 Termination Time: 15 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: a27f34d0-fdd8-11e1-8264-f04da246af75

Error - 13/09/2012 4:49:25 PM | Computer Name = RileysLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 13/09/2012 4:49:26 PM | Computer Name = RileysLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 13/09/2012 7:36:49 PM | Computer Name = RileysLaptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 13/09/2012 8:17:08 PM | Computer Name = RileysLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: bcmwltry.exe, version: 5.60.48.18, time
stamp: 0x4b1e7b37 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000007ff00409d78 Faulting process id: 0x7b4 Faulting
application start time: 0x01cd920e3a62e170 Faulting application path: C:\Program
Files\Dell\DW WLAN Card\bcmwltry.exe Faulting module path: unknown Report Id: 84ad97a4-fe01-11e1-be9d-f04da246af75

Error - 13/09/2012 8:50:05 PM | Computer Name = RileysLaptop | Source = System Restore | ID = 8193
Description =

Error - 13/09/2012 8:50:18 PM | Computer Name = RileysLaptop | Source = System Restore | ID = 8193
Description =

Error - 13/09/2012 8:50:43 PM | Computer Name = RileysLaptop | Source = System Restore | ID = 8193
Description =

[ Broadcom Wireless LAN Events ]
Error - 24/07/2012 3:53:55 PM | Computer Name = RileysLaptop | Source = WLAN-Tray | ID = 0
Description = 14:53:55, Tue, Jul 24, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 13/09/2012 8:48:08 PM | Computer Name = RileysLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/09/2012 8:48:08 PM | Computer Name = RileysLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/09/2012 8:48:08 PM | Computer Name = RileysLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/09/2012 8:50:05 PM | Computer Name = RileysLaptop | Source = DCOM | ID = 10005
Description =

Error - 13/09/2012 8:54:45 PM | Computer Name = RileysLaptop | Source = DCOM | ID = 10016
Description =

Error - 13/09/2012 9:09:18 PM | Computer Name = RileysLaptop | Source = Service Control Manager | ID = 7034
Description = The Rapport Management Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 13/09/2012 9:09:52 PM | Computer Name = RileysLaptop | Source = BROWSER | ID = 8032
Description =

Error - 13/09/2012 9:13:52 PM | Computer Name = RileysLaptop | Source = DCOM | ID = 10016
Description =

Error - 13/09/2012 9:24:29 PM | Computer Name = RileysLaptop | Source = DCOM | ID = 10016
Description =

Error - 13/09/2012 9:39:17 PM | Computer Name = RileysLaptop | Source = BROWSER | ID = 8032
Description =


< End of report >





Using viewtopic.php?f=12&t=59659&start=0
as a guide here are several scan reports. If it is of any relevance, this occurred today sometime between 10 and 6 hours ago.

This is needed as quickly as possible as I am in two online courses at my university and I need my computer to be back in full force as soon as possible.

Cheers!
riley532
Banned Member
 
Posts: 16
Joined: September 13th, 2012, 8:30 pm

Re: help to remove ib.adnxs.com popups

Unread postby NonSuch » September 14th, 2012, 4:24 am

You have posted multiple replies to your own topic. Unfortunately, this leaves us with no choice but to close this topic.

May I draw your attention to THIS topic, which you should have read before posting for help.

THIS is the section that tells you why you should not reply to your own topic.

This topic will now be closed

If you still require help, please open a new thread in the Malware Removal forum, post the logs asked for in the first topic I linked to and wait for assistance.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 134 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware