Old November 8th, 2012, 04:58 PM
JohnNgSF
Join Date: Feb 2007
Posts: 89
Need Help with Laptop Not Responding and Freezing - moved by Jintan

Many many thanks to Jintan and AnnMarie in the past with resolving my virus problems.

Now, my newest laptop is freezing up and my applications not responding. I am running Vista Home Premium 64 bit on a Dell XPS M1330 Laptop.

Windows Explorer or Firefox or AVG freezes after about 3 minutes. When I reboot, it automatically runs chkdsk and usually finds several errors. Windows load up again, but still freezes (and not respond).

I appreciate all that CyberTechHelp does.
Old November 9th, 2012, 12:25 AM
Mastersplinter's Avatar
Mastersplinter
Senior Member
Join Date: Apr 2012
Posts: 133
Sounds like you may simply need to re-seat your hard-drive.

Remove the hard-drive cover on your machine remove hard-drive

plug hard-drive back in make sure that it is in there firmly.

Power the machine back up and test.
Old November 9th, 2012, 08:16 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
The problem still persists. It appears that I have no problems when booting in safe mode.
Old November 10th, 2012, 05:44 PM
Mastersplinter's Avatar
Mastersplinter
Senior Member
Join Date: Apr 2012
Posts: 133
Lets see what is going on with your machine please get me the following logs.

Download Autoruns unzip it run autoruns.exe allow it to finish save it to your desktop but when saving it save under file types by default it will be.arn I need you to change that to .txt and then post it here.

Also Please download MINITOOLBOX and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.
Old November 12th, 2012, 08:38 PM
JohnNgSF
Join Date: Feb 2007
Posts: 89
hi there,

I still need help. Thanks in advance
Old November 13th, 2012, 12:00 AM
Mastersplinter's Avatar
Mastersplinter
Senior Member
Join Date: Apr 2012
Posts: 133
Can you please provide the logs I requested.
Old November 13th, 2012, 12:33 AM
Jintan's Avatar
Jintan
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
I am moving this thread to the Malware Removal Forum.
Old November 13th, 2012, 12:36 AM
Jintan's Avatar
Jintan
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
JohnNgSF, let's take a look.

The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.


Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.


Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.


Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
Old November 13th, 2012, 03:29 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
Thanks for the rescue Jintan.

OTL logfile created on: 11/12/2012 5:41:10 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\John Ng\Documents\Downloads\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.28 Gb Available Physical Memory | 82.23% Memory free
8.15 Gb Paging File | 7.57 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.16 Gb Total Space | 329.12 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.48 Gb Free Space | 43.18% Space Free | Partition Type: NTFS

Computer Name: XPSM1330 | User Name: John Ng | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/12 17:40:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John Ng\Documents\Downloads\Downloads\OTL.exe
PRC - [2012/10/31 18:44:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/08 19:30:42 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_4_402_287.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/31 18:44:28 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 19:30:41 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_40 2_287.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/26 21:09:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/12/15 10:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/12/15 10:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/12/15 10:40:06 | 000,319,384 | R--- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/12/18 10:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/12/18 01:58:44 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/05/18 21:46:40 | 000,122,880 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/05/18 21:46:36 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/08 20:53:53 | 000,711,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/31 18:44:29 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/28 15:46:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/08 19:30:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/13 15:55:18 | 000,248,248 | R--- | M] (Western Digital) [Disabled | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/08/19 09:08:42 | 000,246,400 | ---- | M] (F5 Networks) [Disabled | Stopped] -- C:\Windows\SysWOW64\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/07/14 09:44:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/13 06:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/08 20:53:54 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/28 15:46:36 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/21 02:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/13 02:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 05:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/17 16:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/09/22 23:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/25 13:18:51 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/01/25 13:18:47 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/04/10 21:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/12/18 01:58:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/18 01:57:12 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/25 05:23:08 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/16 03:08:48 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/18 14:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/18 21:46:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/05/06 20:51:50 | 000,125,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/05/06 20:51:32 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/05/05 21:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 04:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 04:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 04:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 04:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 04:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/01/20 18:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 00:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 13:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2006/11/06 17:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/06 15:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/06 15:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/01 23:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2005/06/03 13:06:43 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV - [2012/10/30 11:52:26 | 000,505,720 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/28 15:46:36 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2008/06/17 09:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50trie7

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://email.bankorient.com/owa
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50trie7
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes\{303EA1FE-1488-4F29-9069-EAD797D0B41E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms }&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0BF3B A11-150F-4863-8FE1-ADAC1CF14B3C&apn_sauid=85077691-479F-4165-A10D-D7DAE128D726
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes\{9151B845-A181-4FC0-8570-5152098BE75B}: "URL" = http://search.avg.com/route/?d=4dd95948&v={searchTer ms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B9ABEF81-429F-418D-B72D-A73B9C861607}&mid=7109599fda7b47d6860dd16d6a54bb14-175006bff59443d07c3fa0c52c3c7d4856d9ca16&lang=en&d s=AVG&pr=fr&d=2012-06-05 19:46:21&v={searchTerms}
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktop-chromesbox-en-us&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_ui d=0BF3BA11-150F-4863-8FE1-ADAC1CF14B3C&apn_ptnrs=&apn_sauid=85077691-479F-4165-A10D-D7DAE128D726&apn_dtid=OSJ000&&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_40 2_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_40 2_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dl l ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John Ng\AppData\Local\Facebook\Video\Skype\npFacebookVi deoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John Ng\AppData\Local\Google\Update\\npGoogle Update3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John Ng\AppData\Local\Google\Update\\npGoogle Update3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 18:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/31 18:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\WeightWatchers Browser\components [2012/07/12 20:49:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\WeightWatchers Browser\plugins [2012/08/20 17:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 18:44:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/31 18:44:22 | 000,000,000 | ---D | M]

[2009/07/20 20:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Extensions
[2009/07/20 20:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Extensions\mozswing@moz swing.org
[2012/10/22 18:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\extensions
[2010/05/25 18:53:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/11 18:02:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\extensions\avg@toolbar(106)
[2012/09/01 13:59:31 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\extensions\toolbar@ask.com
[2009/07/20 18:32:46 | 000,004,261 | ---- | M] () -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\searchplugins\aim-search.xml
[2009/10/10 16:06:21 | 000,001,746 | ---- | M] () -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\searchplugins\aol-search.xml
[2012/09/01 13:59:31 | 000,002,299 | ---- | M] () -- C:\Users\John Ng\AppData\Roaming\Mozilla\Firefox\Profiles\f2cdom c0.default\searchplugins\askcom.xml
[2012/10/31 18:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/31 18:44:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/31 18:44:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/31 18:44:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/31 18:44:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/08 20:53:58 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/11 18:03:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 18:03:42 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\John Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\John Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\\
CHR - Extension: No name found = C:\Users\John Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\\
CHR - Extension: No name found = C:\Users\John Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\\
CHR - Extension: No name found = C:\Users\John Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-21-1321519697-982857085-2448459735-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Sharon Kay Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Sharon Kay Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab (Microsoft Terminal Services Client Control (redist))
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab (F5 Networks Group Policy Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F01EE506-0B2C-426F-BD17-F84F9D39B7C6}: DhcpNameServer =
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1d94f9ab-0e8d-11e2-b9cd-00242cb052e7}\Shell - "" = AutoRun
O33 - MountPoints2\{1d94f9ab-0e8d-11e2-b9cd-00242cb052e7}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O33 - MountPoints2\{d9bfc29b-de7b-11e1-acad-00242cb052e7}\Shell - "" = AutoRun
O33 - MountPoints2\{d9bfc29b-de7b-11e1-acad-00242cb052e7}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
Old November 13th, 2012, 03:30 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 12:27:29 | 000,000,000 | -HSD | C] -- C:\found.010
[2012/11/10 08:27:38 | 000,000,000 | -HSD | C] -- C:\found.009
[2012/11/10 01:18:13 | 000,000,000 | -HSD | C] -- C:\found.008
[2012/11/09 02:40:10 | 000,000,000 | -HSD | C] -- C:\found.007
[2012/11/09 02:00:32 | 000,000,000 | -HSD | C] -- C:\found.006
[2012/11/09 00:01:46 | 000,000,000 | -HSD | C] -- C:\found.005
[2012/11/08 21:59:50 | 000,000,000 | -HSD | C] -- C:\found.004
[2012/11/08 21:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/11/07 23:18:18 | 000,000,000 | -HSD | C] -- C:\found.003
[2012/11/07 21:35:46 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/11/07 20:58:12 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/11/07 20:19:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/10/31 18:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/17 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\John Ng\AppData\Roaming\AVG2013
[2012/10/17 18:07:50 | 000,000,000 | ---D | C] -- C:\Users\John Ng\AppData\Roaming\TuneUp Software
[2012/10/17 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2009/07/21 18:34:35 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\John Ng\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/11/12 17:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 13:28:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 13:27:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 13:27:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 13:27:06 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000UA.job
[2012/11/10 08:32:59 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/10 01:22:38 | 440,988,240 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/10 00:04:59 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001UA.job
[2012/11/09 02:52:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/08 23:36:59 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001UA.job
[2012/11/08 23:36:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000UA.job
[2012/11/08 23:30:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/08 20:55:42 | 000,707,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/08 20:55:42 | 000,607,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/08 20:55:42 | 000,105,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/08 20:53:54 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/07 23:11:47 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 20:37:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000Core.job
[2012/11/06 19:05:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001Core.job
[2012/11/06 12:11:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000Core.job
[2012/11/05 08:37:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001Core.job
[2012/10/28 15:46:36 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/10/26 07:38:16 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/23 10:19:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/10/21 12:22:26 | 000,002,651 | ---- | M] () -- C:\Users\John Ng\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2012/10/17 18:07:51 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/17 22:43:26 | 000,000,071 | ---- | C] () -- C:\Users\John Ng\AppData\Roaming\mbam.context.scan
[2009/09/20 17:25:05 | 000,019,968 | ---- | C] () -- C:\Users\John Ng\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 21:16:15 | 000,000,760 | ---- | C] () -- C:\Users\John Ng\AppData\Roaming\setup_ldm.iss
[2009/08/09 21:33:29 | 000,005,972 | ---- | C] () -- C:\Users\John Ng\AppData\Local\d3d9caps.dat
[2009/08/01 13:14:26 | 000,000,000 | ---- | C] () -- C:\Users\John Ng\command
[2009/07/22 00:09:29 | 000,000,375 | ---- | C] () -- C:\Users\John Ng\Documents - Shortcut.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
Old November 13th, 2012, 03:32 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
OTL Extras logfile created on: 11/12/2012 5:41:10 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\John Ng\Documents\Downloads\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.28 Gb Available Physical Memory | 82.23% Memory free
8.15 Gb Paging File | 7.57 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.16 Gb Total Space | 329.12 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.48 Gb Free Space | 43.18% Space Free | Partition Type: NTFS

Computer Name: XPSM1330 | User Name: John Ng | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 84 A8 F7 8F 3F 55 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0AC20ED2-10C0-42A2-813D-51F83362C849}" = rport=139 | protocol=6 | dir=out | app=system |
"{0D7656C0-910A-4893-8293-B023A6380778}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0F5A0515-0FAA-4FDC-A299-BE1729D0C803}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1ECC03D8-8277-4F46-A44A-64EE1A5786DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{210D66B4-89A0-442F-BDDA-ED445A0767E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{21A017BD-951B-4F0F-95A5-C830F2772873}" = rport=138 | protocol=17 | dir=out | app=system |
"{25D142FC-F197-417C-97DE-029673452BC3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2C6647B7-6D72-4921-805D-2EF875C3E317}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EAC0EB5-E280-48BC-9196-707363FE646B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32DFBF16-48DC-45EA-B1D0-197237C8A25F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34D28B3F-BD70-40BF-9F61-4C53EB30AF41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47C2EC73-990B-4C5C-85FF-DD5971CA0CF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5005C15D-BFE9-4DAE-9EE9-A4DF87685482}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D38DF5E-782F-46F6-8825-33783F300E34}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F7C5B8E-8F9C-4F28-A399-765D56083F9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{6E30EF44-1503-4E99-A499-8D67FBBD38C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{91CEF813-A40C-407E-B007-882E6951EC7A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95A92346-4D20-40FC-8F82-BE040570CEE6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C1B61F9-0486-4DDC-B571-816006BFCFB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C0C333EE-13AA-42C6-A50A-78C68A67224A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E01B5C16-F660-4AB3-94CC-4BE254779BE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{03487E00-B77C-42CE-91A8-8DEFBB1CFE7B}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{0C88BECE-C741-4F46-9DD6-F6043B7E785C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1248420749\ee\aoldesktop.exe |
"{0CC1D2D4-D717-4B29-A0E2-626318EF0141}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1003BDAF-2CAA-4B5B-BB68-1E5C6BA85B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{108B468B-654E-47B3-98F8-671AD67BD767}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{126B64DD-5F32-4858-A9D1-90BD1F191BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{13451705-E84D-4C51-A014-202F77398E03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15947A9F-23FC-451C-A8EA-40C51853F413}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15FAA19C-3776-4ECE-A411-78341EA0F816}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A6702A1-12E4-4199-A69F-7B796EFC868A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{1D25496F-72A2-4AA9-B825-63E910AA3FDB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1E485ACA-6C8B-47A6-9FE4-85B019223369}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{205B6D23-7F2D-4144-AEBB-CBE03420FE23}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{257AE8DF-2671-4D1A-8F78-A336D0DB51E6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{327C5D54-AE03-44D4-8558-40656AB15ADC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1248420749\ee\aolsoftware.exe |
"{33A8541C-534F-4C3E-AEA4-4F3FD4FAEB82}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{384026DB-022E-4C0E-8375-704221FE3355}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{3AC1C67F-151B-4BD5-B7E1-4FB4407E6054}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3FFBEE45-9391-4C7D-AC46-82B436C73945}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1248420749\ee\aoldesktop.exe |
"{4D3A1C74-0B91-430D-B70A-F003827D51AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4E170C51-54E9-4E63-A4F7-8C09B108BA77}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{54157E26-6EBD-4CE7-853C-D874712B1A79}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{5651DEC9-698A-4964-B45E-C7BAA2A80050}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{5C3AAA20-9C7A-424F-8403-33610CBE6377}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{601868F4-AFE7-44FA-BFD6-A8B2B8761781}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6367F0BC-EC97-4086-B0C8-1E914FADC9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{661CC17A-B84B-45D0-8AA1-6E8CAF954F57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{6B241D2C-976C-4C69-8E8B-A0316F4F2F44}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F233BB1-A871-481E-A665-BC3A7A296493}" = dir=in | app=c:\users\john ng\appdata\local\facebook\video\skype\facebookvide ocalling.exe |
"{6F501558-1722-43B0-A81C-C26498A8BB45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{741FC83B-8EEA-4862-9F07-50F48F65FD97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{744D2ACE-3A2C-41B2-ADC3-56689C812ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{767AEA5E-D8E0-4021-B98A-0A01ABC9AD13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB3F165-F099-44A4-BC83-DD98A5DD0169}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{7E405DC3-BA17-44ED-9948-44CC6E3EFB7C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{810B606A-B55D-44FB-99BC-6259E7C14994}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{820221B3-6035-49D6-8E0A-F3A0033196B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8443009C-BECF-4BA2-8806-C497C7C9615E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{931BCC5B-13C8-4010-9DFF-8809C3D39C06}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{96C1BCDC-5887-4071-9626-9CE1B8DBDC9F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1248420749\ee\aolsoftware.exe |
"{99A0105D-9083-4445-8496-17FF7A581136}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A57EEFFB-7654-4BB5-9601-6E178F0D8278}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A966DF2F-077E-4D1E-AFD7-D4D7539126F5}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine. exe |
"{ABEB40EE-7096-45FC-B31F-5C5A2128E63C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{AE151E41-01BD-4545-95DD-1B9B0DA506C0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{B80DC227-02A1-4C50-825D-4175569A2016}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{B8A84702-8F92-4FFD-A1AE-BCCCE84BBC4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BDAB37E9-6EB3-42BA-8795-5E4D6538EEA0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{BF67D91C-5B1C-4BAF-A750-D801F18DB18D}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{C1DC87AC-6EF8-4AE2-A424-D59AF30809DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{C24ACFC4-7A2C-446E-B22F-1C151F8CC233}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C5825125-E1E6-4AAE-8DB8-7AEE9D18DBD6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{CBF1E6DE-98BD-42F7-BB5E-5A15BD21D31D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{CDBD176D-6DE7-46B8-86C9-2CB0C6767EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{CF0D9225-B418-4952-B686-4D0B6E45461A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{D0061FAF-1D0F-471B-85AE-33DBF8770E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{D45298DA-0BF9-406D-8809-022AE8A3F9C8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{D9D36DB5-185C-47B9-93E0-91EA4CD15F10}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DC28DECE-4D2B-4AA4-B407-749CBAA01377}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{DE8D9A4F-2420-4188-9308-FA14A443D70C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E16BE384-F3A1-4B40-BD29-51495B457A6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4015559-6016-4C1A-9D40-6286D22E5CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E696E800-6145-4BE1-A15C-4CD9CA01FA52}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F4A284C1-C573-4352-B793-167E66BEC699}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{F50F139F-768D-440B-A664-605B86BC31A8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FEA075E7-572F-47F7-93E7-21993FE53223}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{0DE75CFC-684D-46B1-83D9-8965DAC80963}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{81F7D40A-A11E-49FB-B868-3FFA02DAA2E3}C:\users\john ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape. exe" = protocol=6 | dir=in | app=c:\users\john ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{83D12B1D-74B0-4147-9938-81BC5C72ADF2}C:\users\sharon kay ng\appdata\local\facebook\video\skype\facebookvide ocalling.exe" = protocol=6 | dir=in | app=c:\users\sharon kay ng\appdata\local\facebook\video\skype\facebookvide ocalling.exe |
"TCP Query User{8D81972F-6DAD-4C70-B5DA-876BBDC04D88}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{B17CC109-5741-4F0A-9E1D-66A2B8ACFA8D}C:\users\sharon kay ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape. exe" = protocol=6 | dir=in | app=c:\users\sharon kay ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D59E950E-F8F0-4CB5-A26D-97EAFA275924}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{DF0A2A7E-BE4A-4E3D-9B85-CA039A4AA580}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{072A5047-3C93-47E2-80B6-69877412C750}C:\users\john ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape. exe" = protocol=17 | dir=in | app=c:\users\john ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{1814C070-B1F0-4347-B40E-05E22BB94633}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{96B5D5DB-733B-4680-9A2C-CF2A0199E7B0}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{A7BE586A-3A4F-40F2-A399-91FC6705A72A}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{B25B6130-F9BA-44D2-A17B-3EE42B93F830}C:\users\sharon kay ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape. exe" = protocol=17 | dir=in | app=c:\users\sharon kay ng\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{CBBE83AC-B2C2-40D2-80AE-518447129AD7}C:\users\sharon kay ng\appdata\local\facebook\video\skype\facebookvide ocalling.exe" = protocol=17 | dir=in | app=c:\users\sharon kay ng\appdata\local\facebook\video\skype\facebookvide ocalling.exe |
"UDP Query User{FED0C8F7-AF7F-4800-8AED-4F32B18CEFEA}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5563A0F6-CF81-451E-87AD-A50075BCA9B7}" = QuickSet
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{687837C0-B56B-441F-8E84-1CAB98EDA0C4}" = AVG 2013
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC39CC32-E144-42E4-9A59-53C20B408BDE}" = WD SmartWare
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AVG" = AVG 2013
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OEM002" = Laptop Integrated Webcam Driver (
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25349513-852F-470D-AB31-9B42100C926B}" = ActiveLink Connect
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4496E9B5-56AF-4A9C-BC02-BCBF63824224}" = WeightWatchers Connections 2010 Portal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}" = F5 Networks VPN Client for Windows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar for Internet Explorer
"AOL Toolbar for Firefox" = AOL Toolbar for Firefox
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FLV Player" = FLV Player 2.0 (build 25)
"GoToAssist" = GoToAssist
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Rapport_msi" = Rapport
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1321519697-982857085-2448459735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2012 4:36:50 AM | Computer Name = XPSM1330 | Source = ESENT | ID = 489
Description = Windows (2524) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications \Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 11/10/2012 4:36:50 AM | Computer Name = XPSM1330 | Source = ESENT | ID = 455
Description = Windows (2524) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log.

Error - 11/10/2012 4:37:00 AM | Computer Name = XPSM1330 | Source = ESENT | ID = 489
Description = Windows (2524) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications \Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 11/10/2012 4:37:00 AM | Computer Name = XPSM1330 | Source = ESENT | ID = 455
Description = Windows (2524) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log.

Error - 11/10/2012 4:37:00 AM | Computer Name = XPSM1330 | Source = Windows Search Service | ID = 9000
Description =

Error - 11/10/2012 4:37:01 AM | Computer Name = XPSM1330 | Source = Windows Search Service | ID = 1006
Description =

Error - 11/10/2012 5:22:56 AM | Computer Name = XPSM1330 | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2012 12:32:03 PM | Computer Name = XPSM1330 | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2012 4:32:12 PM | Computer Name = XPSM1330 | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2012 9:38:35 PM | Computer Name = XPSM1330 | Source = EventSystem | ID = 4609
Description =

Error - 11/12/2012 9:38:57 PM | Computer Name = XPSM1330 | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 9/14/2012 2:28:32 AM | Computer Name = XPSM1330 | Source = WLAN-Tray | ID = 0
Description = 23:28:32, Thu, Sep 13, 12 Error - Unable to decode string, error 87

Error - 11/7/2012 11:16:19 PM | Computer Name = XPSM1330 | Source = WLAN-Tray | ID = 0
Description = 19:16:19, Wed, Nov 07, 12 Error - Unable to gain access to user store

Error - 11/7/2012 11:30:37 PM | Computer Name = XPSM1330 | Source = WLAN-Tray | ID = 0
Description = 19:30:36, Wed, Nov 07, 12 Error - Unable to gain access to user store

Error - 11/8/2012 3:03:57 AM | Computer Name = XPSM1330 | Source = WLAN-Tray | ID = 0
Description = 23:03:56, Wed, Nov 07, 12 Error - Unable to gain access to user store

[ Dell Events ]
Error - 10/2/2010 12:26:10 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/27/2010 8:55:32 PM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/27/2010 8:55:32 PM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/17/2011 1:11:49 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/17/2011 1:11:49 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/25/2011 12:17:36 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/25/2011 12:17:36 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/5/2011 1:02:38 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/5/2011 1:02:38 AM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/13/2011 9:26:53 PM | Computer Name = XPSM1330 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/20/2012 4:07:09 AM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 1:09:18 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 2:41:03 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 4:30:22 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 6:00:10 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 1:32:22 AM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 12:03:23 AM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 1:03:15 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 1:57:52 AM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 1:46:01 PM | Computer Name = XPSM1330 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/8/2010 7:13:55 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/12/2010 2:27:12 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6482
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/20/2010 2:09:53 AM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/16/2012 6:50:48 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1563
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 10/21/2012 6:12:58 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2060
seconds with 420 seconds of active time. This session ended with a crash.

Error - 10/21/2012 6:31:43 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1081
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 10/21/2012 8:08:26 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5793
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 10/22/2012 3:21:13 PM | Computer Name = XPSM1330 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1367
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/10/2012 5:16:12 PM | Computer Name = XPSM1330 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/10/2012 5:16:12 PM | Computer Name = XPSM1330 | Source = Service Control Manager | ID = 7026
Description =

Error - 11/12/2012 9:37:42 PM | Computer Name = XPSM1330 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:46 PM on 11/10/2012 was unexpected.

Error - 11/12/2012 9:38:07 PM | Computer Name = XPSM1330 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11/12/2012 9:38:27 PM | Computer Name = XPSM1330 | Source = DCOM | ID = 10005
Description =

Error - 11/12/2012 9:38:35 PM | Computer Name = XPSM1330 | Source = DCOM | ID = 10005
Description =

Error - 11/12/2012 9:38:40 PM | Computer Name = XPSM1330 | Source = DCOM | ID = 10005
Description =

Error - 11/12/2012 9:38:44 PM | Computer Name = XPSM1330 | Source = DCOM | ID = 10005
Description =

Error - 11/12/2012 9:38:57 PM | Computer Name = XPSM1330 | Source = Service Control Manager | ID = 7001
Description =

Error - 11/12/2012 9:38:57 PM | Computer Name = XPSM1330 | Source = Service Control Manager | ID = 7026
Description =

< End of report >
Old November 13th, 2012, 04:10 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
GMER - http://www.gmer.net
Rootkit scan 2012-11-12 19:09:35
Windows 6.0.6002 Service Pack 2
Running: 9o0ht6uz.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\00242cb052e7
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Paramet ers\Keys\00242cb052e7 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
Old November 13th, 2012, 04:29 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 19:14:50
19:14:50.426 OS Version: Windows x64 6.0.6002 Service Pack 2
19:14:50.426 Number of processors: 2 586 0x1706
19:14:50.426 ComputerName: XPSM1330 UserName: John Ng
19:14:51.830 Initialize success
19:18:39.856 AVAST engine defs: 12111201
19:19:01.352 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:19:01.352 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:19:01.384 Disk 0 MBR read successfully
19:19:01.384 Disk 0 MBR scan
19:19:01.399 Disk 0 Windows VISTA default MBR code
19:19:01.399 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
19:19:01.415 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 208896
19:19:01.415 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 458915 MB offset 31666176
19:19:01.430 Disk 0 Partition - 00 0F Extended LBA 2562 MB offset 971524096
19:19:01.462 Disk 0 Partition 4 00 DD MSDOS5.0 2561 MB offset 971526144
19:19:01.508 Disk 0 scanning C:\Windows\system32\drivers
19:19:12.382 Service scanning
19:19:39.323 Modules scanning
19:19:39.323 Disk 0 trace - called modules:
19:19:39.370 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:19:39.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004706650]
19:19:39.385 3 CLASSPNP.SYS[fffffa6000d49c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004595050]
19:19:41.008 AVAST engine scan C:\Windows
19:19:44.174 AVAST engine scan C:\Windows\system32
19:22:51.234 AVAST engine scan C:\Windows\system32\drivers
19:23:04.853 AVAST engine scan C:\Users\John Ng
19:28:31.033 Disk 0 MBR has been saved successfully to "C:\Users\John Ng\Desktop\MBR.dat"
19:28:31.080 The log file has been saved successfully to "C:\Users\John Ng\Desktop\aswMBR, November 12, 2012.txt"
Old November 13th, 2012, 04:38 AM
Jintan's Avatar
Jintan
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
Some stuff to change, but right off the logs show a lot of saved remnants from drive checks. Has check disk been running at bootup there lately?

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after:

chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A check of your disk will run. When that finishes, it will create a checkhd.txt log on your desktop. Post those contents back here please. The check disk will take a while to run, so please be patient.
Old November 13th, 2012, 05:05 AM
JohnNgSF
Join Date: Feb 2007
Posts: 89
Thanks for the quick reply Jintan.

I can't paste as instructed.
