Hi pgmigg,
The programs my wife installed are two games by Big Fish Games called Drawn the Painted Tower and Drawn 2 Dark Flight.
I didn't have any problems executing your instructions but in step 1 the Game booster was not on the list of programs.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.orgDatabase version: v2012.06.25.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
TWE :: TWE-PC [administrator]
25/06/2012 16:32:19
mbam-log-2012-06-25 (16-32-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228940
Time elapsed: 2 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Detected: 10
C:\Users\TWE\Downloads\SoftonicDownloader_for_samsung-kies.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Users\TWE\Downloads\XvidSetup (1).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\TWE\Downloads\XvidSetup (2).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\TWE\Downloads\XvidSetup (3).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\TWE\Downloads\XvidSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
(end)
SystemLook 30.07.11 by jpshortstuff
Log created at 16:48 on 25/06/2012 by TWE
Administrator - Elevation successful
========== filefind ==========
Searching for "*IObit*"
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_store.iobit.com_0.localstorage --a---- 8192 bytes [20:05 15/06/2012] [20:05 15/06/2012] 1F1F709E5F5D80B880C105ABA6622617
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_iobit.mybrowserbar.com_0.localstorage --a---- 7168 bytes [15:53 22/06/2012] [15:53 22/06/2012] 6CC766C1AB5E8DB5B6DCA11FE4E1FE2F
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.iobit.com_0.localstorage --a---- 8192 bytes [08:47 05/06/2012] [20:05 15/06/2012] 84EC4AE4EE0D448EF9ECF2621707DC36
Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [12:44 20/01/2012] [12:44 20/01/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [13:33 20/01/2012] [13:33 20/01/2012] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage --a---- 9216 bytes [12:56 24/06/2012] [15:04 25/06/2012] 397DADD8EF84B7ACCED3E1A2BA0A084C
C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage --a---- 10240 bytes [12:56 24/06/2012] [15:23 25/06/2012] 22A30C4ED3E22F62C8EBAAF3BE194C3B
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [18:27 19/01/2012] [11:47 11/01/2012] AF98421711C6CFA73D6720C455D92DAC
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [18:27 19/01/2012] [11:47 11/01/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a---- 925 bytes [18:27 19/01/2012] [11:47 11/01/2012] EC559A6ABEC972452F52CFB3A2AA9F7E
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage --a---- 3072 bytes [14:03 20/05/2012] [14:03 20/05/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage --a---- 8192 bytes [10:28 25/05/2012] [07:32 08/06/2012] 05870736C570EBAA2817A3F72F7A2B6D
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage --a---- 10240 bytes [14:16 20/05/2012] [13:10 23/06/2012] 201530F09F8D7A2B01FD940DCBC98CAF
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage --a---- 15360 bytes [14:01 20/05/2012] [12:48 23/06/2012] 663329D8D903A7B48494D7628967CBAA
Searching for "*SystemCare*"
No files found.
Searching for "*Smart Defrag*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Smart Defrag 2.lnk --a---- 1154 bytes [18:31 16/07/2011] [15:40 11/09/2011] 3A7256C0658AB2C856ED2C770B4C1835
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Smart Defrag Home Page.url --a---- 68 bytes [18:31 16/07/2011] [15:40 11/09/2011] 348A2180564B90ECD4BA45F68AC1CDCF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Uninstall Smart Defrag 2.lnk --a---- 1139 bytes [18:31 16/07/2011] [15:40 11/09/2011] CB8DA78A16F057A1A9C83CD7DADCD258
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Smart Defrag 2.lnk --a---- 1154 bytes [18:31 16/07/2011] [15:40 11/09/2011] 3A7256C0658AB2C856ED2C770B4C1835
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Smart Defrag Home Page.url --a---- 68 bytes [18:31 16/07/2011] [15:40 11/09/2011] 348A2180564B90ECD4BA45F68AC1CDCF
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Uninstall Smart Defrag 2.lnk --a---- 1139 bytes [18:31 16/07/2011] [15:40 11/09/2011] CB8DA78A16F057A1A9C83CD7DADCD258
Searching for "*GameBooster*"
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit\Game Booster\GameBooster.exe --a---- 4119896 bytes [18:31 16/07/2011] [13:51 15/06/2011] E29440BB2B5E6444DD46B82CB919CBEF
C:\_OTL\MovedFiles\06232012_123944\C_ProgramData\IObit\Game Booster\GameBooster.ini --a---- 4232 bytes [18:31 16/07/2011] [11:25 23/06/2012] E89E1F8A591F0C4C3C2C22B1B1481683
========== folderfind ==========
Searching for "*Conduit*"
C:\_OTL\MovedFiles\06242012_134857\C_Program Files (x86)\Conduit d------ [18:27 19/01/2012]
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\Local\Conduit d------ [18:27 19/01/2012]
C:\_OTL\MovedFiles\06242012_134857\C_Users\TWE\AppData\LocalLow\Conduit d------ [18:27 19/01/2012]
Searching for "*IObit*"
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit d------ [15:42 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit\IObit Malware Fighter d------ [18:31 16/07/2011]
C:\_OTL\MovedFiles\06232012_123944\C_ProgramData\IObit d------ [15:44 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\Default\AppData\Roaming\IObit d------ [08:24 04/06/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\Mcx1-TWE-PC\AppData\Roaming\IObit d------ [13:46 21/08/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit d------ [15:42 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit\IObit Malware Fighter d------ [18:31 16/07/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit\IObit Uninstaller d------ [18:09 17/06/2012]
C:\_OTL\MovedFiles\06232012_123944\C_Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:12 01/04/2012]
Searching for "*SystemCare*"
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit\Advanced SystemCare 4 d------ [15:42 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit\Advanced SystemCare 5 d------ [15:37 01/04/2012]
C:\_OTL\MovedFiles\06232012_123944\C_ProgramData\IObit\Advanced SystemCare V4 d------ [15:44 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_ProgramData\IObit\Advanced SystemCare V5 d------ [15:37 01/04/2012]
C:\_OTL\MovedFiles\06232012_123944\C_Users\Default\AppData\Roaming\IObit\Advanced SystemCare V4 d------ [08:24 04/06/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\Mcx1-TWE-PC\AppData\Roaming\IObit\Advanced SystemCare V4 d------ [13:46 21/08/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit\Advanced SystemCare V4 d------ [15:42 20/04/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [15:36 01/04/2012]
C:\_OTL\MovedFiles\06232012_123944\C_Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:12 01/04/2012]
Searching for "*Smart Defrag*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 d------ [18:31 16/07/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 d------ [18:31 16/07/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Program Files (x86)\IObit\Smart Defrag 2 d------ [18:31 16/07/2011]
C:\_OTL\MovedFiles\06232012_123944\C_Users\TWE\AppData\Roaming\IObit\Smart Defrag 2 d------ [18:31 16/07/2011]
Searching for "*GameBooster*"
No folders found.
========== Regfind ==========
Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2446710~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2446710-x64.cab_temp\244BA2FC-A078-4B14-AD2A-5A77D4871A48\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2478662~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2478662-x64.cab_temp\82E99EE1-B062-49DF-BD6E-599A4E24EDBB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2488113~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\989657EF-47B0-4C53-B968-43E64C78CBBC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2446710~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2446710-x64.cab_temp\244BA2FC-A078-4B14-AD2A-5A77D4871A48\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2478662~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2478662-x64.cab_temp\82E99EE1-B062-49DF-BD6E-599A4E24EDBB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2488113~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2607576-x64.cab_temp\53294827-8E11-4FE6-917B-5C924483CC9A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2446710~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2446710-x64.cab_temp\244BA2FC-A078-4B14-AD2A-5A77D4871A48\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2478662~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2478662-x64.cab_temp\82E99EE1-B062-49DF-BD6E-599A4E24EDBB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2488113~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2488113~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2607576-x64.cab_temp\53294827-8E11-4FE6-917B-5C924483CC9A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2446710_SP1~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2446710-x64.cab_temp\244BA2FC-A078-4B14-AD2A-5A77D4871A48\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2446710~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2446710-x64.cab_temp\244BA2FC-A078-4B14-AD2A-5A77D4871A48\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2478662_SP1~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2478662-x64.cab_temp\82E99EE1-B062-49DF-BD6E-599A4E24EDBB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2478662~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2478662-x64.cab_temp\82E99EE1-B062-49DF-BD6E-599A4E24EDBB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2488113_RTM~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2488113_SP1~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2488113~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2488113-x64.cab_temp\253270B0-9FFB-4F41-B713-7057B13229D7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_RTM~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2607576-x64.cab_temp\53294827-8E11-4FE6-917B-5C924483CC9A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_SP1~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2607576-x64.cab_temp\53294827-8E11-4FE6-917B-5C924483CC9A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 4\SecurityHoles_Download\temp\windows6.1-kb2607576-x64.cab_temp\53294827-8E11-4FE6-917B-5C924483CC9A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\989657EF-47B0-4C53-B968-43E64C78CBBC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\989657EF-47B0-4C53-B968-43E64C78CBBC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
Searching for "Smart Defrag"
No data found.
Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"A977DA8BAD2856347A0DDAD3FC5CC5FF"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"A977DA8BAD2856347A0DDAD3FC5CC5FF"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
Searching for "GameBooster"
No data found.
-= EOF =-
OTL logfile created on: 6/25/2012 5:07:52 PM - Run 3
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\TWE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 64.31% Memory free
7.73 Gb Paging File | 6.08 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 319.57 Gb Free Space | 70.86% Space Free | Partition Type: NTFS
Computer Name: TWE-PC | User Name: TWE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/06/22 17:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\TWE\Desktop\OTL.exe
PRC - [2012/06/18 18:44:31 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/05 09:26:06 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\TWE\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/04 07:07:40 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/01/04 07:07:30 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/22 10:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/13 19:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 19:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 19:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 19:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/11/01 23:02:12 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/07/01 21:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 21:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 21:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ========== MOD - [2012/06/24 13:54:49 | 000,115,137 | ---- | M] () -- C:\Users\TWE\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
MOD - [2012/06/24 13:54:24 | 000,112,318 | ---- | M] () -- C:\Users\TWE\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2012/06/18 18:44:31 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/15 07:14:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 22:35:30 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/14 22:35:16 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/14 22:35:12 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/14 22:35:06 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/14 22:35:04 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/06/14 22:22:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 22:22:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 22:21:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/05 09:26:06 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/05/10 09:04:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012/05/10 08:56:43 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\367837cb7f83c9e52f09278f4e6c3ccd\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 08:56:34 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/10 08:54:19 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 07:46:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 07:46:42 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 07:46:42 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 07:46:41 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 07:46:41 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/10 07:46:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/10 07:45:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 07:45:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 07:45:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 07:45:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 07:45:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 21:26:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 21:23:55 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/09 21:23:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/09 21:23:44 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/09 21:23:39 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/01/04 07:07:40 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/16 10:37:48 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/02/16 13:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2011/01/13 19:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 19:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 19:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 19:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 19:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 19:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 19:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 19:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 19:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 19:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/11/20 05:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/01 23:02:12 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/30 10:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/03/05 17:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:
64bit: - [2010/03/05 17:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:
64bit: - [2010/03/05 17:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:
64bit: - [2010/01/23 03:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/12/29 21:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:
64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/05 09:26:06 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/01/13 19:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/23 16:39:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/04 08:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 08:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/07/01 21:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/07/01 21:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:
64bit: - [2012/04/10 20:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:
64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:
64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:
64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:
64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:
64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:
64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:
64bit: - [2011/10/27 02:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:
64bit: - [2011/10/27 02:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:
64bit: - [2011/10/27 02:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:
64bit: - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:
64bit: - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:
64bit: - [2011/10/27 02:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:
64bit: - [2011/10/27 02:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:
64bit: - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:
64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:
64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/05/07 20:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:
64bit: - [2010/05/07 11:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2010/04/08 21:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:
64bit: - [2010/03/31 04:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:
64bit: - [2010/03/31 04:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:
64bit: - [2010/03/31 04:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:
64bit: - [2010/03/31 04:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:
64bit: - [2010/03/31 04:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:
64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2010/03/18 07:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:
64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/01/23 03:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:
64bit: - [2010/01/23 02:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2009/12/22 18:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:
64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:
64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:
64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{F29800FF-99A2-4B70-847E-083AAE212520}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{49B7F2CE-FDF9-41CA-9C51-A4D3F7E44427}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.com/USCON/2IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://dell.uk.msn.com/IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 37 00 41 0B 52 CD 01 [binary data]
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\..\SearchScopes\{3AA8C0BC-DB80-44AB-A3FC-8A4C52CC8237}: "URL" =
http://uk.search.yahoo.com/search?fr=ch ... =642886&p={searchTerms}
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TWE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\TWE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TWE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TWE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 09:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/24 12:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/05 09:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/05 09:23:17 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url =
http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2786678
CHR - default_search_provider: suggest_url =
http://search.conduit.com/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TWE\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TWE\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TWE\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\TWE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\TWE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TWE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: WiseConvert 2.2 = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd\2.3.9.0_0\
CHR - Extension: Christmas Mahjong = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\
CHR - Extension: Halloween Mahjong = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielpieklegnicibpoklcphmbonpbdknd\1.0.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Zombie Pandemic = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\
CHR - Extension: AVG Do Not Track = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Marc Ecko = C:\Users\TWE\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:
64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:
64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1198342920-2546925730-1615197809-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mcx1-TWE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\TWE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:
64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:
64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77}
http://www.dell.com/support/troubleshoo ... /pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADFB36DF-143C-4071-BE54-F19A29810210}: DhcpNameServer = 192.168.0.1
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f876407-c640-11e0-aa4c-c0cb38bf9380}\Shell - "" = AutoRun
O33 - MountPoints2\{1f876407-c640-11e0-aa4c-c0cb38bf9380}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2012/06/25 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\Malwarebytes
[2012/06/25 16:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 16:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 16:29:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 16:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 16:23:31 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TWE\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/25 16:08:37 | 000,110,080 | ---- | C] (Thomas Hoen - T-Tools) -- C:\Users\TWE\Desktop\BitRemover.exe
[2012/06/25 09:25:45 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/06/23 07:54:32 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 07:54:32 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 07:54:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 07:54:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 07:54:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 07:54:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 07:53:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 07:53:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 17:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/22 17:07:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\TWE\Desktop\OTL.exe
[2012/06/21 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
[2012/06/21 17:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
[2012/06/21 17:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drawn - The Painted Tower
[2012/06/21 16:43:26 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2012/06/21 16:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2012/06/21 16:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drawn - Dark Flight
[2012/06/21 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\SparkTrust
[2012/06/21 15:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2012/06/18 18:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/18 17:15:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/06/18 15:34:21 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\ERS G-Studio
[2012/06/18 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PuppetShow - Mystery of Joyville
[2012/06/18 15:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuppetShow - Mystery of Joyville
[2012/06/18 15:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PuppetShow - Mystery of Joyville
[2012/06/15 21:52:57 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/15 21:52:57 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/14 13:31:00 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 13:31:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 13:30:52 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/14 13:30:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 13:30:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 13:30:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 13:30:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 13:30:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 13:30:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 13:30:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 13:30:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 13:30:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 13:29:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 13:29:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 13:29:56 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 13:29:50 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 13:29:44 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 13:29:43 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 09:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 12:44:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/10 09:16:41 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\FixCleaner
[2012/06/10 09:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/06/10 09:16:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/06/05 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\WildTangent
[2012/06/05 09:26:11 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Local\AVG Secure Search
[2012/06/05 09:13:23 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\SpeedyPC Software
[2012/06/05 09:13:23 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Roaming\DriverCure
[2012/06/05 09:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/31 07:46:00 | 000,000,000 | ---D | C] -- C:\Users\TWE\AppData\Local\Ideazon,_Inc
========== Files - Modified Within 30 Days ========== [2012/06/25 16:52:30 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 16:52:30 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 16:50:47 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 16:50:47 | 000,629,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 16:50:47 | 000,111,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 16:48:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1198342920-2546925730-1615197809-1001UA.job
[2012/06/25 16:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 16:44:00 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 16:29:32 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 16:25:10 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TWE\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/25 16:08:31 | 000,110,080 | ---- | M] (Thomas Hoen - T-Tools) -- C:\Users\TWE\Desktop\BitRemover.exe
[2012/06/25 09:53:46 | 100,686,497 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/22 17:22:52 | 000,165,376 | ---- | M] () -- C:\Users\TWE\Desktop\SystemLook_x64.exe
[2012/06/22 17:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\TWE\Desktop\OTL.exe
[2012/06/18 18:29:32 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012/06/15 21:52:57 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/15 21:52:57 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/15 07:12:04 | 000,348,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 22:18:21 | 000,007,607 | ---- | M] () -- C:\Users\TWE\AppData\Local\Resmon.ResmonCfg
[2012/06/05 09:34:46 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/06/05 09:24:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/06/05 08:50:52 | 000,001,049 | ---- | M] () -- C:\Users\TWE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
========== Files Created - No Company Name ========== [2012/06/25 16:29:32 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:22:50 | 000,165,376 | ---- | C] () -- C:\Users\TWE\Desktop\SystemLook_x64.exe
[2012/06/14 22:18:21 | 000,007,607 | ---- | C] () -- C:\Users\TWE\AppData\Local\Resmon.ResmonCfg
[2012/05/27 13:25:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/01 17:26:33 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/21 17:19:10 | 000,000,042 | ---- | C] () -- C:\Users\TWE\jagex_cl_runescape_LIVE.dat
[2012/03/21 17:19:10 | 000,000,024 | ---- | C] () -- C:\Users\TWE\random.dat
[2011/11/28 08:51:24 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/28 08:51:24 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/08/21 14:46:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/12 15:22:55 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/07/07 20:59:36 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011/07/07 20:59:36 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/12/23 18:06:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/23 17:46:10 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/23 16:28:19 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
< End of report >