Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: google redirect virus


(!)

vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
15-Jul-2012, 11:15 AM #1
google redirect virus
Hi
recently my computer started redirecting links on google searches, and this has been getting worse of the past few days. Internet explorer has also started running in the background even though i never use it. I ran Malwarebytes and it picked up something called Exploit.Drop.9 and said that it was successfully removed, but the redirect and IE in the background were unaffected. My OS is windows 7 SP1 64 bit.
Thanks in advanced for any help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:22 AM, on 7/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: Gaming support for ArcadeWeb - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ScanSoft] RunDLL32.exe "C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll",CPPDebug
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rob and Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Brother BPRSP.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: setup.exe
O4 - Global Startup: setup1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16289 bytes


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Rob and Amy at 11:06:31 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.3669 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102810&gct=hp
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Gaming support for ArcadeWeb: {9f531fb1-7c1f-4e1a-8c0c-e8d6177130e2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [<NO NAME>]
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ScanSoft] RunDLL32.exe "C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll",CPPDebug
uRun: [Google Update] "C:\Users\Rob and Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\ROBAND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BROTHE~1.LNK - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: talk4free.com\reg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8
TCP: Interfaces\{C106019A-733B-479D-A838-578228C4CB55} : DhcpNameServer = 8.8.8.8
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Gaming support for ArcadeWeb: {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
BHO-X64: Gaming support for ArcadeWeb - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102810&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-23 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-7-10 103472]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-23 656624]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-19 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-20 245760]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-19 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-15 15:34:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B5B5DB-F743-46C7-81F2-5C5CCBFB40BA}\mpengine.dll
2012-07-14 13:42:17 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 13:33:15 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5D8A9934-4F54-404B-B082-8B981091FC3B}
2012-07-14 13:33:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{8A7F3093-3BB1-42E5-BA26-EF97A26FF38D}
2012-07-14 12:01:42 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A28F399B-28F2-42FE-BE6C-D1423EFE7B70}
2012-07-14 11:57:30 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{39898E74-6880-4559-AAEC-4F59EED850B7}
2012-07-13 12:03:41 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CE17FFF4-3CF2-480D-B7BD-0F28E0F156B3}
2012-07-13 04:11:31 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{DD91969F-3DB0-481E-9872-A699167F4EE6}
2012-07-12 11:48:10 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B491DEEA-6F18-4FC5-8BD2-FE1AEB82B19F}
2012-07-12 11:47:57 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{675FC71A-FD2C-4FBA-810E-F361047620BF}
2012-07-12 04:39:09 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:44:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 11:39:45 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{FEDD4B7E-9079-4865-8BAA-024E223B2897}
2012-07-11 11:39:33 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{26C2020B-754E-4ABE-9CF5-C32C287E4BEC}
2012-07-10 11:50:39 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{9FEC1250-AC7A-4A2D-8527-7CEED62097C2}
2012-07-10 11:50:28 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{0AACD59D-4503-4662-92F6-C9A4F822B55F}
2012-07-08 11:42:10 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{53CAB3B6-D1EE-4484-97D3-717E466465DE}
2012-07-08 11:41:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{C62D9088-12A4-4F27-8993-346082BC673D}
2012-07-07 11:58:31 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{05D96F4F-1E37-4686-87B6-717008866D49}
2012-07-07 11:58:21 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{FE6E92CB-DCB1-45D2-ABEA-143E3AFDBCCF}
2012-07-06 11:30:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{DAF492BB-73F9-4EF8-932A-904FAF272FAE}
2012-07-06 11:30:12 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43D8C86C-B55A-427E-9472-808F39E63EDE}
2012-07-05 06:17:17 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{882BF0BC-42BE-4EBB-96A4-DAAE52ECBC33}
2012-07-05 06:17:03 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CE0F9943-BFCA-4D0C-8A21-60A4F6FEB842}
2012-07-04 12:16:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A81B948-71DC-47C0-9874-6029F18D24DC}\gapaengine.dll
2012-07-04 12:06:19 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{42AF3974-BEF6-4DFB-808F-EC0F6840FD4F}
2012-07-03 23:42:33 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{74F86EB0-326B-47B7-A0B8-CCD87341CB31}
2012-07-03 11:40:59 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{23BD8FCC-D2CA-4DEB-ABAB-B8E9AE0A2B1D}
2012-07-03 11:40:46 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{1BB8B8FA-F0CE-4C05-A0FF-7234B9B76816}
2012-07-02 11:29:39 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{192DF93F-A070-4177-8FA9-2ED93AC111FB}
2012-07-02 11:29:28 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{877D2944-F14A-42F5-86ED-21D1FCC68630}
2012-07-01 07:40:06 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{BDA2F858-D051-4ED4-AD54-EF86CF594D0D}
2012-07-01 07:39:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{456B9ED4-6510-4338-8DE5-5EC4EBC9D1B3}
2012-06-30 12:19:18 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{83D4416C-0548-4A44-B9A5-1C60050D4DDF}
2012-06-30 12:19:07 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{487E57D7-6FA0-4847-9AC0-31CC56E2B652}
2012-06-29 11:31:43 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{02EB1F74-7F53-43B6-BD16-19DAA1182428}
2012-06-29 11:31:22 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43EA8E64-17F5-41E5-8F2B-3942DE4EAA6F}
2012-06-28 23:30:53 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5C404E56-75A9-4C6D-939A-FA01047A1F50}
2012-06-28 23:30:40 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{40620214-136F-4B47-A6EE-C5E11DD030C4}
2012-06-28 11:30:07 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A3FFF3A0-B774-4DEF-A354-ACDD8B855138}
2012-06-28 11:29:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{6E93B2CD-9337-4850-B158-2303950F1501}
2012-06-27 11:34:38 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{1CD81F85-4F7C-4695-A57B-518338D3D909}
2012-06-27 11:34:27 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{8FCFFED0-FC37-49B0-A230-22CF46D1F0C0}
2012-06-27 04:45:58 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CBE1B353-C7C2-490E-BDF8-94CA8F81EE76}
2012-06-25 12:13:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{AD7A34CD-89B6-4577-9518-30A3E3699937}
2012-06-25 12:12:43 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B004B879-75F5-446A-A77A-5B135324E3D3}
2012-06-24 11:53:37 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{AC9E5B34-855D-41D0-B2A4-C0D31126756C}
2012-06-24 11:53:25 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{91580D28-3919-4F74-9D09-D8035A1B0090}
2012-06-23 20:50:30 -------- d-----w- C:\gPotato
2012-06-23 19:04:52 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\Deployment
2012-06-23 12:57:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{6DC0080C-8F75-4B7B-A023-FFC09E4950F0}
2012-06-23 12:57:22 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{87CF7DAA-431A-4087-AD05-E7A65D14F68A}
2012-06-22 22:46:16 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B117AC22-57BB-4A43-B8F5-4AC0B1CDCD21}
2012-06-22 22:46:06 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{F4FB8A67-479C-4BC6-85BB-69FD5D308F8D}
2012-06-22 10:52:14 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43351FBB-CD1A-4607-BE38-2F0CC92BA8EA}
2012-06-22 10:52:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A220C7F0-B99C-4E38-B751-2E361EDF0F32}
2012-06-21 11:30:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 11:30:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 11:30:02 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 11:30:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 11:26:54 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{841CF895-56A8-46B0-BB3B-C4D8FADDC848}
2012-06-21 11:26:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{77D6D850-AB40-4665-9AF9-5C3E9CF0F4F0}
2012-06-20 11:19:05 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5F9827B0-DECE-4B8F-BCFA-50960D38ACFC}
2012-06-18 12:29:55 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 12:29:55 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 11:20:14 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{0972DDD0-862C-4963-9AF6-E3E6E63D0BBE}
2012-06-17 11:37:57 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{7E0F8C43-F6D8-4B4F-8616-B5FF603FE54F}
2012-06-16 10:32:35 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{D184CD37-E341-4D95-9D23-3BBDD9C81180}
.
==================== Find3M ====================
.
2012-07-12 17:10:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 17:10:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-18 12:20:29 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-18 12:20:29 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:07:06.90 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by vampirehunter; 15-Jul-2012 at 01:44 PM..
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
15-Jul-2012, 10:05 PM #2
Hello vampirehunter and Welcome to Tech Support Guy!
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
  • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - windows 7



I am going through your logs and will reply with instructions soon.
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
16-Jul-2012, 06:45 PM #3
i appreciate the prompt response and thanks again in advance.
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
17-Jul-2012, 11:01 AM #4
Hi vampirehunter,


UAC Advice
  • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
  • The Operating System (Windows 7) in use comes with an inbuilt utility called User Account Control (UAC).
  • When prompted by this with anything I ask you to carry out please select the option Allow.


Uninstall Programs
  1. Go to Start > Control Panel > Programs and Features
  2. Right click on each instance of:
    • Coupon Printer for Windows
    • Search Toolbar

  3. Click Uninstall & then follow the prompts to remove it.


Upload File(s) for Scanning
Please go to VirusTotal or Jotti to upload a file for scanning.
  1. Click Choose File (For VirusTotal) or Browse... (For Jotti)
  2. Copy and paste the below file and path into the File name: box.
    Quote:
    C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll
  3. Click Open
  4. Click on Scan it! (For VirusTotal) or Submit file (For Jotti)
  5. Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
    Example of web address:
  6. Repeat for the below file(s):
    Quote:
    C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup1.exe


TDSSKiller Scan
  1. Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  2. Right-click on TDSSKiller.exe and select Run as administrator to launch it.
  3. Click on Change parameters
    • Check Detect TDLFS file system
    • Click OK
  4. Click on Start Scan, The scan will run.
  5. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  6. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  7. To find the log go to Start > Computer > C:
  8. Post the contents of that log in your next reply please.
    DO NOT TRY TO FIX ANYTHING AT THIS POINT


Please reply with:
  • Virustotal/Jotti results
  • TDSSKiller log
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
17-Jul-2012, 06:18 PM #5
https://www.virustotal.com/file/cd9b...is/1342566148/
https://www.virustotal.com/file/6789...is/1342566659/
https://www.virustotal.com/file/3008...is/1342566830/
https://www.virustotal.com/file/3008...is/1342566850/



18:15:04.0751 5856 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:15:05.0087 5856 ============================================================
18:15:05.0087 5856 Current date / time: 2012/07/17 18:15:05.0087
18:15:05.0087 5856 SystemInfo:
18:15:05.0087 5856
18:15:05.0087 5856 OS Version: 6.1.7601 ServicePack: 1.0
18:15:05.0087 5856 Product type: Workstation
18:15:05.0087 5856 ComputerName: FAMILYPC
18:15:05.0088 5856 UserName: Rob and Amy
18:15:05.0088 5856 Windows directory: C:\Windows
18:15:05.0088 5856 System windows directory: C:\Windows
18:15:05.0088 5856 Running under WOW64
18:15:05.0088 5856 Processor architecture: Intel x64
18:15:05.0088 5856 Number of processors: 4
18:15:05.0088 5856 Page size: 0x1000
18:15:05.0088 5856 Boot type: Normal boot
18:15:05.0088 5856 ============================================================
18:15:06.0303 5856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:15:06.0333 5856 ============================================================
18:15:06.0333 5856 \Device\Harddisk0\DR0:
18:15:06.0333 5856 MBR partitions:
18:15:06.0333 5856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:15:06.0333 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
18:15:06.0333 5856 ============================================================
18:15:06.0348 5856 C: <-> \Device\Harddisk0\DR0\Partition1
18:15:06.0348 5856 ============================================================
18:15:06.0348 5856 Initialize success
18:15:06.0348 5856 ============================================================
18:15:18.0777 4348 ============================================================
18:15:18.0777 4348 Scan started
18:15:18.0777 4348 Mode: Manual; TDLFS;
18:15:18.0777 4348 ============================================================
18:15:19.0334 4348 0173151342482347mcinstcleanup - ok
18:15:19.0405 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:15:19.0409 4348 1394ohci - ok
18:15:19.0526 4348 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:15:19.0528 4348 ACDaemon - ok
18:15:19.0561 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:15:19.0565 4348 ACPI - ok
18:15:19.0583 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:15:19.0584 4348 AcpiPmi - ok
18:15:19.0683 4348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:19.0684 4348 AdobeARMservice - ok
18:15:19.0813 4348 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:15:19.0816 4348 AdobeFlashPlayerUpdateSvc - ok
18:15:19.0873 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:19.0880 4348 adp94xx - ok
18:15:19.0904 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:19.0908 4348 adpahci - ok
18:15:19.0927 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:19.0929 4348 adpu320 - ok
18:15:19.0955 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:15:19.0957 4348 AeLookupSvc - ok
18:15:20.0007 4348 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:15:20.0009 4348 AERTFilters - ok
18:15:20.0049 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:15:20.0056 4348 AFD - ok
18:15:20.0087 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:15:20.0089 4348 agp440 - ok
18:15:20.0097 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:15:20.0097 4348 ALG - ok
18:15:20.0113 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:15:20.0113 4348 aliide - ok
18:15:20.0238 4348 ALSysIO - ok
18:15:20.0378 4348 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:15:20.0378 4348 AMD External Events Utility - ok
18:15:20.0394 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:15:20.0394 4348 amdide - ok
18:15:20.0440 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:20.0440 4348 AmdK8 - ok
18:15:20.0733 4348 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:15:20.0880 4348 amdkmdag - ok
18:15:20.0939 4348 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:15:20.0944 4348 amdkmdap - ok
18:15:20.0961 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:15:20.0962 4348 AmdPPM - ok
18:15:21.0024 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:15:21.0026 4348 amdsata - ok
18:15:21.0054 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:15:21.0058 4348 amdsbs - ok
18:15:21.0063 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:15:21.0064 4348 amdxata - ok
18:15:21.0144 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:15:21.0146 4348 AppID - ok
18:15:21.0173 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:15:21.0175 4348 AppIDSvc - ok
18:15:21.0207 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:15:21.0209 4348 Appinfo - ok
18:15:21.0352 4348 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:15:21.0353 4348 Apple Mobile Device - ok
18:15:21.0368 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:15:21.0371 4348 arc - ok
18:15:21.0389 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:15:21.0391 4348 arcsas - ok
18:15:21.0418 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:21.0419 4348 AsyncMac - ok
18:15:21.0431 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:15:21.0431 4348 atapi - ok
18:15:21.0485 4348 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
18:15:21.0488 4348 AtiHdmiService - ok
18:15:21.0760 4348 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:15:21.0791 4348 atikmdag - ok
18:15:21.0885 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:15:21.0885 4348 AudioEndpointBuilder - ok
18:15:21.0900 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:15:21.0900 4348 AudioSrv - ok
18:15:21.0963 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:15:21.0963 4348 AxInstSV - ok
18:15:22.0010 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:15:22.0010 4348 b06bdrv - ok
18:15:22.0041 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:15:22.0041 4348 b57nd60a - ok
18:15:22.0134 4348 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:15:22.0134 4348 BBSvc - ok
18:15:22.0166 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:15:22.0166 4348 BDESVC - ok
18:15:22.0181 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:15:22.0181 4348 Beep - ok
18:15:22.0242 4348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:15:22.0252 4348 BFE - ok
18:15:22.0306 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:15:22.0319 4348 BITS - ok
18:15:22.0343 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:15:22.0344 4348 blbdrive - ok
18:15:22.0412 4348 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:15:22.0416 4348 Bonjour Service - ok
18:15:22.0451 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:15:22.0453 4348 bowser - ok
18:15:22.0464 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:15:22.0465 4348 BrFiltLo - ok
18:15:22.0482 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:15:22.0483 4348 BrFiltUp - ok
18:15:22.0528 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:15:22.0530 4348 Browser - ok
18:15:22.0588 4348 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
18:15:22.0593 4348 BrSerIb - ok
18:15:22.0618 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:15:22.0622 4348 Brserid - ok
18:15:22.0637 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:15:22.0638 4348 BrSerWdm - ok
18:15:22.0649 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:15:22.0651 4348 BrUsbMdm - ok
18:15:22.0662 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:15:22.0664 4348 BrUsbSer - ok
18:15:22.0679 4348 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
18:15:22.0680 4348 BrUsbSIb - ok
18:15:22.0776 4348 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
18:15:22.0840 4348 BrYNSvc - ok
18:15:22.0858 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:22.0859 4348 BTHMODEM - ok
18:15:22.0893 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:15:22.0895 4348 bthserv - ok
18:15:22.0919 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:22.0921 4348 cdfs - ok
18:15:22.0963 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:22.0966 4348 cdrom - ok
18:15:22.0994 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:15:22.0996 4348 CertPropSvc - ok
18:15:23.0006 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:15:23.0008 4348 circlass - ok
18:15:23.0031 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:15:23.0037 4348 CLFS - ok
18:15:23.0112 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:23.0114 4348 clr_optimization_v2.0.50727_32 - ok
18:15:23.0162 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:15:23.0165 4348 clr_optimization_v2.0.50727_64 - ok
18:15:23.0236 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:23.0236 4348 clr_optimization_v4.0.30319_32 - ok
18:15:23.0251 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:15:23.0267 4348 clr_optimization_v4.0.30319_64 - ok
18:15:23.0282 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:23.0282 4348 CmBatt - ok
18:15:23.0314 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:15:23.0314 4348 cmdide - ok
18:15:23.0360 4348 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:15:23.0360 4348 CNG - ok
18:15:23.0376 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:23.0376 4348 Compbatt - ok
18:15:23.0438 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:15:23.0438 4348 CompositeBus - ok
18:15:23.0454 4348 COMSysApp - ok
18:15:23.0470 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:15:23.0470 4348 crcdisk - ok
18:15:23.0501 4348 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:15:23.0501 4348 CryptSvc - ok
18:15:23.0548 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:15:23.0563 4348 DcomLaunch - ok
18:15:23.0594 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:15:23.0594 4348 defragsvc - ok
18:15:23.0626 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:15:23.0626 4348 DfsC - ok
18:15:23.0657 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:15:23.0657 4348 Dhcp - ok
18:15:23.0672 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:15:23.0672 4348 discache - ok
18:15:23.0688 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:15:23.0688 4348 Disk - ok
18:15:23.0719 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:15:23.0719 4348 Dnscache - ok
18:15:23.0884 4348 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:15:23.0887 4348 DockLoginService - ok
18:15:23.0924 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:15:23.0929 4348 dot3svc - ok
18:15:23.0966 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:15:23.0968 4348 DPS - ok
18:15:24.0007 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:15:24.0008 4348 drmkaud - ok
18:15:24.0059 4348 dump_wmimmc - ok
18:15:24.0094 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:24.0102 4348 DXGKrnl - ok
18:15:24.0136 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:15:24.0139 4348 EapHost - ok
18:15:24.0225 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:15:24.0267 4348 ebdrv - ok
18:15:24.0402 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:15:24.0403 4348 EFS - ok
18:15:24.0489 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:15:24.0500 4348 ehRecvr - ok
18:15:24.0531 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:15:24.0534 4348 ehSched - ok
18:15:24.0586 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:15:24.0594 4348 elxstor - ok
18:15:24.0638 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:15:24.0639 4348 ErrDev - ok
18:15:24.0668 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:15:24.0673 4348 EventSystem - ok
18:15:24.0689 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:15:24.0692 4348 exfat - ok
18:15:24.0704 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:15:24.0706 4348 fastfat - ok
18:15:24.0736 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:15:24.0758 4348 Fax - ok
18:15:24.0774 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:15:24.0774 4348 fdc - ok
18:15:24.0789 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:15:24.0789 4348 fdPHost - ok
18:15:24.0805 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:15:24.0805 4348 FDResPub - ok
18:15:24.0820 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:15:24.0820 4348 FileInfo - ok
18:15:24.0820 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:15:24.0820 4348 Filetrace - ok
18:15:24.0867 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:24.0867 4348 flpydisk - ok
18:15:24.0883 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:15:24.0883 4348 FltMgr - ok
18:15:24.0930 4348 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
18:15:24.0930 4348 FlyUsb - ok
18:15:24.0992 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:15:25.0008 4348 FontCache - ok
18:15:25.0101 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:15:25.0101 4348 FontCache3.0.0.0 - ok
18:15:25.0117 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:15:25.0117 4348 FsDepends - ok
18:15:25.0148 4348 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
18:15:25.0148 4348 fssfltr - ok
18:15:25.0273 4348 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:15:25.0304 4348 fsssvc - ok
18:15:25.0445 4348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:25.0446 4348 Fs_Rec - ok
18:15:25.0494 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:15:25.0496 4348 fvevol - ok
18:15:25.0521 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:15:25.0523 4348 gagp30kx - ok
18:15:25.0584 4348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:15:25.0585 4348 GEARAspiWDM - ok
18:15:25.0631 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:15:25.0643 4348 gpsvc - ok
18:15:25.0731 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:15:25.0733 4348 gupdate - ok
18:15:25.0738 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:15:25.0739 4348 gupdatem - ok
18:15:25.0781 4348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:15:25.0784 4348 gusvc - ok
18:15:25.0800 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:15:25.0801 4348 hcw85cir - ok
18:15:25.0845 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:15:25.0848 4348 HDAudBus - ok
18:15:25.0871 4348 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:15:25.0873 4348 HECIx64 - ok
18:15:25.0892 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:15:25.0893 4348 HidBatt - ok
18:15:25.0906 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:25.0908 4348 HidBth - ok
18:15:25.0929 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:15:25.0931 4348 HidIr - ok
18:15:25.0960 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:15:25.0962 4348 hidserv - ok
18:15:26.0013 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:26.0041 4348 HidUsb - ok
18:15:26.0077 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:15:26.0079 4348 hkmsvc - ok
18:15:26.0135 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:15:26.0139 4348 HomeGroupListener - ok
18:15:26.0171 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:15:26.0176 4348 HomeGroupProvider - ok
18:15:26.0211 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:15:26.0213 4348 HpSAMD - ok
18:15:26.0265 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:15:26.0274 4348 HTTP - ok
18:15:26.0284 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:15:26.0284 4348 hwpolicy - ok
18:15:26.0309 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:15:26.0311 4348 i8042prt - ok
18:15:26.0327 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:15:26.0343 4348 iaStorV - ok
18:15:26.0421 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:15:26.0421 4348 idsvc - ok
18:15:26.0452 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:15:26.0452 4348 iirsp - ok
18:15:26.0483 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:15:26.0499 4348 IKEEXT - ok
18:15:26.0561 4348 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
18:15:26.0593 4348 IntcAzAudAddService - ok
18:15:26.0686 4348 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:15:26.0702 4348 IntcDAud - ok
18:15:26.0717 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:15:26.0717 4348 intelide - ok
18:15:26.0733 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:15:26.0733 4348 intelppm - ok
18:15:26.0764 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:15:26.0764 4348 IPBusEnum - ok
18:15:26.0811 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:15:26.0811 4348 IpFilterDriver - ok
18:15:26.0887 4348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:15:26.0893 4348 iphlpsvc - ok
18:15:26.0906 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:15:26.0907 4348 IPMIDRV - ok
18:15:26.0925 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:15:26.0927 4348 IPNAT - ok
18:15:27.0016 4348 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:15:27.0023 4348 iPod Service - ok
18:15:27.0027 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:15:27.0028 4348 IRENUM - ok
18:15:27.0049 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:15:27.0050 4348 isapnp - ok
18:15:27.0072 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:15:27.0077 4348 iScsiPrt - ok
18:15:27.0098 4348 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:15:27.0102 4348 k57nd60a - ok
18:15:27.0113 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:15:27.0115 4348 kbdclass - ok
18:15:27.0121 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:15:27.0132 4348 kbdhid - ok
18:15:27.0164 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:27.0164 4348 KeyIso - ok
18:15:27.0192 4348 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:15:27.0193 4348 KSecDD - ok
18:15:27.0209 4348 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:15:27.0211 4348 KSecPkg - ok
18:15:27.0219 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:15:27.0220 4348 ksthunk - ok
18:15:27.0250 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:15:27.0258 4348 KtmRm - ok
18:15:27.0294 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:15:27.0299 4348 LanmanServer - ok
18:15:27.0335 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:15:27.0337 4348 LanmanWorkstation - ok
18:15:27.0436 4348 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:15:27.0439 4348 LBTServ - ok
18:15:27.0672 4348 LeapFrog Connect Device Service (b25c71018bdba3e1e0e64917f7af50a7) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
18:15:27.0765 4348 LeapFrog Connect Device Service - ok
18:15:27.0863 4348 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:15:27.0865 4348 LHidFilt - ok
18:15:27.0882 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:15:27.0882 4348 lltdio - ok
18:15:27.0929 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:15:27.0929 4348 lltdsvc - ok
18:15:27.0944 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:15:27.0960 4348 lmhosts - ok
18:15:27.0991 4348 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:15:27.0991 4348 LMouFilt - ok
18:15:28.0022 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:15:28.0038 4348 LSI_FC - ok
18:15:28.0038 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:15:28.0054 4348 LSI_SAS - ok
18:15:28.0054 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:15:28.0054 4348 LSI_SAS2 - ok
18:15:28.0069 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:15:28.0069 4348 LSI_SCSI - ok
18:15:28.0085 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:15:28.0085 4348 luafv - ok
18:15:28.0116 4348 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
18:15:28.0116 4348 LUsbFilt - ok
18:15:28.0225 4348 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
18:15:28.0225 4348 McAfee SiteAdvisor Service - ok
18:15:28.0256 4348 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:15:28.0303 4348 mcdbus - ok
18:15:28.0350 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:15:28.0350 4348 Mcx2Svc - ok
18:15:28.0366 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:15:28.0366 4348 megasas - ok
18:15:28.0381 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:15:28.0381 4348 MegaSR - ok
18:15:28.0433 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:15:28.0434 4348 MMCSS - ok
18:15:28.0449 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:15:28.0451 4348 Modem - ok
18:15:28.0498 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:15:28.0499 4348 monitor - ok
18:15:28.0532 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:15:28.0534 4348 mouclass - ok
18:15:28.0546 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:15:28.0556 4348 mouhid - ok
18:15:28.0584 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:15:28.0585 4348 mountmgr - ok
18:15:28.0625 4348 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:15:28.0627 4348 MozillaMaintenance - ok
18:15:28.0678 4348 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:15:28.0680 4348 MpFilter - ok
18:15:28.0709 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:15:28.0712 4348 mpio - ok
18:15:28.0733 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:15:28.0736 4348 mpsdrv - ok
18:15:28.0786 4348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:15:28.0794 4348 MpsSvc - ok
18:15:28.0824 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:15:28.0826 4348 MRxDAV - ok
18:15:28.0858 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:15:28.0861 4348 mrxsmb - ok
18:15:28.0899 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:15:28.0903 4348 mrxsmb10 - ok
18:15:28.0921 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:15:28.0923 4348 mrxsmb20 - ok
18:15:28.0937 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:15:28.0939 4348 msahci - ok
18:15:29.0030 4348 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
18:15:29.0033 4348 MSCamSvc - ok
18:15:29.0056 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:15:29.0059 4348 msdsm - ok
18:15:29.0084 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:15:29.0088 4348 MSDTC - ok
18:15:29.0109 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:15:29.0110 4348 Msfs - ok
18:15:29.0131 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:15:29.0132 4348 mshidkmdf - ok
18:15:29.0168 4348 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
18:15:29.0169 4348 MSHUSBVideo - ok
18:15:29.0174 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:15:29.0175 4348 msisadrv - ok
18:15:29.0199 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:15:29.0201 4348 MSiSCSI - ok
18:15:29.0203 4348 msiserver - ok
18:15:29.0229 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:15:29.0231 4348 MSKSSRV - ok
18:15:29.0353 4348 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:15:29.0353 4348 MsMpSvc - ok
18:15:29.0370 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:15:29.0372 4348 MSPCLOCK - ok
18:15:29.0379 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:15:29.0380 4348 MSPQM - ok
18:15:29.0419 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:15:29.0420 4348 MsRPC - ok
18:15:29.0451 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:15:29.0451 4348 mssmbios - ok
18:15:29.0451 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:15:29.0451 4348 MSTEE - ok
18:15:29.0467 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:15:29.0467 4348 MTConfig - ok
18:15:29.0482 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:15:29.0482 4348 Mup - ok
18:15:29.0514 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:15:29.0529 4348 napagent - ok
18:15:29.0560 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:15:29.0560 4348 NativeWifiP - ok
18:15:29.0607 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:15:29.0623 4348 NDIS - ok
18:15:29.0638 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:15:29.0638 4348 NdisCap - ok
18:15:29.0670 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:15:29.0670 4348 NdisTapi - ok
18:15:29.0716 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:15:29.0716 4348 Ndisuio - ok
18:15:29.0732 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:15:29.0732 4348 NdisWan - ok
18:15:29.0763 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:15:29.0763 4348 NDProxy - ok
18:15:29.0779 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:15:29.0779 4348 NetBIOS - ok
18:15:29.0794 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:15:29.0810 4348 NetBT - ok
18:15:29.0841 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:29.0841 4348 Netlogon - ok
18:15:29.0872 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:15:29.0872 4348 Netman - ok
18:15:29.0919 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:15:29.0919 4348 netprofm - ok
18:15:30.0020 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:15:30.0023 4348 NetTcpPortSharing - ok
18:15:30.0068 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:15:30.0069 4348 nfrd960 - ok
18:15:30.0110 4348 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:15:30.0113 4348 NisDrv - ok
18:15:30.0191 4348 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:15:30.0195 4348 NisSrv - ok
18:15:30.0247 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:15:30.0252 4348 NlaSvc - ok
18:15:30.0294 4348 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
18:15:30.0295 4348 nmwcd - ok
18:15:30.0310 4348 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
18:15:30.0311 4348 nmwcdc - ok
18:15:30.0340 4348 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
18:15:30.0342 4348 nmwcdnsucx64 - ok
18:15:30.0376 4348 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
18:15:30.0380 4348 nmwcdnsux64 - ok
18:15:30.0398 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:15:30.0399 4348 Npfs - ok
18:15:30.0410 4348 npggsvc - ok
18:15:30.0412 4348 NPPTNT2 - ok
18:15:30.0443 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:15:30.0444 4348 nsi - ok
18:15:30.0451 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:15:30.0451 4348 nsiproxy - ok
18:15:30.0520 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:15:30.0548 4348 Ntfs - ok
18:15:30.0630 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:15:30.0631 4348 Null - ok
18:15:30.0661 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:15:30.0664 4348 nvraid - ok
18:15:30.0702 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:15:30.0706 4348 nvstor - ok
18:15:30.0755 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:15:30.0757 4348 nv_agp - ok
18:15:30.0851 4348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:15:30.0857 4348 odserv - ok
18:15:30.0889 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:15:30.0890 4348 ohci1394 - ok
18:15:30.0938 4348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:15:30.0940 4348 ose - ok
18:15:30.0959 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:15:30.0963 4348 p2pimsvc - ok
18:15:30.0974 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:15:30.0989 4348 p2psvc - ok
18:15:31.0005 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:15:31.0005 4348 Parport - ok
18:15:31.0036 4348 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:15:31.0036 4348 partmgr - ok
18:15:31.0052 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:15:31.0052 4348 PcaSvc - ok
18:15:31.0099 4348 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:15:31.0099 4348 pccsmcfd - ok
18:15:31.0145 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:15:31.0145 4348 pci - ok
18:15:31.0161 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:15:31.0161 4348 pciide - ok
18:15:31.0177 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:15:31.0177 4348 pcmcia - ok
18:15:31.0192 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:15:31.0192 4348 pcw - ok
18:15:31.0223 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:15:31.0239 4348 PEAUTH - ok
18:15:31.0286 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:15:31.0301 4348 PerfHost - ok
18:15:31.0364 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:15:31.0395 4348 pla - ok
18:15:31.0442 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:15:31.0442 4348 PlugPlay - ok
18:15:31.0504 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:15:31.0504 4348 PNRPAutoReg - ok
18:15:31.0520 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:15:31.0539 4348 PNRPsvc - ok
18:15:31.0567 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:15:31.0574 4348 PolicyAgent - ok
18:15:31.0614 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:15:31.0616 4348 Power - ok
18:15:31.0671 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:15:31.0674 4348 PptpMiniport - ok
18:15:31.0693 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:15:31.0695 4348 Processor - ok
18:15:31.0724 4348 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:15:31.0728 4348 ProfSvc - ok
18:15:31.0759 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:31.0761 4348 ProtectedStorage - ok
18:15:31.0809 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:15:31.0810 4348 Psched - ok
18:15:31.0835 4348 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:15:31.0836 4348 PxHlpa64 - ok
18:15:31.0929 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:15:31.0949 4348 ql2300 - ok
18:15:32.0016 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:15:32.0018 4348 ql40xx - ok
18:15:32.0036 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:15:32.0040 4348 QWAVE - ok
18:15:32.0048 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:15:32.0048 4348 QWAVEdrv - ok
18:15:32.0065 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:15:32.0066 4348 RasAcd - ok
18:15:32.0094 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:15:32.0096 4348 RasAgileVpn - ok
18:15:32.0119 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:15:32.0123 4348 RasAuto - ok
18:15:32.0138 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:15:32.0140 4348 Rasl2tp - ok
18:15:32.0159 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:15:32.0163 4348 RasMan - ok
18:15:32.0178 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:15:32.0180 4348 RasPppoe - ok
18:15:32.0191 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:15:32.0193 4348 RasSstp - ok
18:15:32.0208 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:15:32.0212 4348 rdbss - ok
18:15:32.0229 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:15:32.0230 4348 rdpbus - ok
18:15:32.0259 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:15:32.0260 4348 RDPCDD - ok
18:15:32.0280 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:15:32.0280 4348 RDPENCDD - ok
18:15:32.0323 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:15:32.0324 4348 RDPREFMP - ok
18:15:32.0353 4348 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:15:32.0357 4348 RDPWD - ok
18:15:32.0394 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:15:32.0396 4348 rdyboost - ok
18:15:32.0409 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:15:32.0412 4348 RemoteAccess - ok
18:15:32.0427 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:15:32.0432 4348 RemoteRegistry - ok
18:15:32.0447 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:15:32.0450 4348 RpcEptMapper - ok
18:15:32.0477 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:15:32.0479 4348 RpcLocator - ok
18:15:32.0519 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:15:32.0525 4348 RpcSs - ok
18:15:32.0542 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:15:32.0543 4348 rspndr - ok
18:15:32.0575 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:32.0576 4348 SamSs - ok
18:15:32.0600 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:15:32.0602 4348 sbp2port - ok
18:15:32.0613 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:15:32.0618 4348 SCardSvr - ok
18:15:32.0636 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:15:32.0637 4348 scfilter - ok
18:15:32.0677 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:15:32.0697 4348 Schedule - ok
18:15:32.0725 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:15:32.0726 4348 SCPolicySvc - ok
18:15:32.0768 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:15:32.0772 4348 SDRSVC - ok
18:15:32.0854 4348 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:15:32.0857 4348 SeaPort - ok
18:15:32.0920 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:15:32.0921 4348 secdrv - ok
18:15:32.0947 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:15:32.0950 4348 seclogon - ok
18:15:32.0979 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:15:32.0982 4348 SENS - ok
18:15:33.0004 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:15:33.0005 4348 SensrSvc - ok
18:15:33.0021 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:15:33.0024 4348 Serenum - ok
18:15:33.0059 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:15:33.0061 4348 Serial - ok
18:15:33.0112 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:15:33.0114 4348 sermouse - ok
18:15:33.0190 4348 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:15:33.0199 4348 ServiceLayer - ok
18:15:33.0238 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:15:33.0240 4348 SessionEnv - ok
18:15:33.0268 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:15:33.0270 4348 sffdisk - ok
18:15:33.0284 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:15:33.0286 4348 sffp_mmc - ok
18:15:33.0298 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:15:33.0300 4348 sffp_sd - ok
18:15:33.0308 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:15:33.0310 4348 sfloppy - ok
18:15:33.0372 4348 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:15:33.0381 4348 SftService - ok
18:15:33.0420 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:15:33.0426 4348 SharedAccess - ok
18:15:33.0467 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:15:33.0472 4348 ShellHWDetection - ok
18:15:33.0515 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:15:33.0517 4348 SiSRaid2 - ok
18:15:33.0533 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:15:33.0536 4348 SiSRaid4 - ok
18:15:33.0594 4348 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:15:33.0596 4348 SkypeUpdate - ok
18:15:33.0622 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:15:33.0624 4348 Smb - ok
18:15:33.0673 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:15:33.0675 4348 SNMPTRAP - ok
18:15:33.0688 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:15:33.0688 4348 spldr - ok
18:15:33.0714 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:15:33.0720 4348 Spooler - ok
18:15:33.0822 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:15:33.0872 4348 sppsvc - ok
18:15:34.0089 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:15:34.0093 4348 sppuinotify - ok
18:15:34.0149 4348 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:15:34.0152 4348 sprtsvc_DellSupportCenter - ok
18:15:34.0207 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:15:34.0213 4348 srv - ok
18:15:34.0256 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:15:34.0259 4348 srv2 - ok
18:15:34.0273 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:15:34.0275 4348 srvnet - ok
18:15:34.0324 4348 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
18:15:34.0326 4348 ssadbus - ok
18:15:34.0361 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:15:34.0366 4348 SSDPSRV - ok
18:15:34.0383 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:15:34.0387 4348 SstpSvc - ok
18:15:34.0417 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:15:34.0418 4348 stexstor - ok
18:15:34.0449 4348 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:15:34.0450 4348 StillCam - ok
18:15:34.0508 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:15:34.0518 4348 stisvc - ok
18:15:34.0552 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:15:34.0553 4348 swenum - ok
18:15:34.0582 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:15:34.0591 4348 swprv - ok
18:15:34.0670 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:15:34.0688 4348 SysMain - ok
18:15:34.0800 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:15:34.0802 4348 TabletInputService - ok
18:15:34.0818 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:15:34.0822 4348 TapiSrv - ok
18:15:34.0857 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:15:34.0858 4348 TBS - ok
18:15:34.0955 4348 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:15:35.0005 4348 Tcpip - ok
18:15:35.0118 4348 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:15:35.0125 4348 TCPIP6 - ok
18:15:35.0202 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:15:35.0203 4348 tcpipreg - ok
18:15:35.0257 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:15:35.0258 4348 TDPIPE - ok
18:15:35.0305 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:15:35.0307 4348 TDTCP - ok
18:15:35.0334 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:15:35.0336 4348 tdx - ok
18:15:35.0373 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:15:35.0376 4348 TermDD - ok
18:15:35.0436 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:15:35.0448 4348 TermService - ok
18:15:35.0475 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:15:35.0477 4348 Themes - ok
18:15:35.0502 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:15:35.0504 4348 THREADORDER - ok
18:15:35.0520 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:15:35.0524 4348 TrkWks - ok
18:15:35.0573 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:15:35.0573 4348 TrustedInstaller - ok
18:15:35.0620 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:15:35.0620 4348 tssecsrv - ok
18:15:35.0651 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:15:35.0651 4348 TsUsbFlt - ok
18:15:35.0714 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:15:35.0714 4348 tunnel - ok
18:15:35.0745 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:15:35.0745 4348 uagp35 - ok
18:15:35.0760 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:15:35.0776 4348 udfs - ok
18:15:35.0792 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:15:35.0792 4348 UI0Detect - ok
18:15:35.0823 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:15:35.0838 4348 uliagpkx - ok
18:15:35.0885 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:15:35.0885 4348 umbus - ok
18:15:35.0916 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:15:35.0963 4348 UmPass - ok
18:15:35.0994 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:15:36.0010 4348 upnphost - ok
18:15:36.0041 4348 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:15:36.0041 4348 upperdev - ok
18:15:36.0088 4348 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:15:36.0088 4348 USBAAPL64 - ok
18:15:36.0127 4348 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:15:36.0130 4348 usbaudio - ok
18:15:36.0163 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:15:36.0165 4348 usbccgp - ok
18:15:36.0202 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:15:36.0204 4348 usbcir - ok
18:15:36.0234 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:15:36.0236 4348 usbehci - ok
18:15:36.0275 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:15:36.0281 4348 usbhub - ok
18:15:36.0306 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:15:36.0308 4348 usbohci - ok
18:15:36.0323 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:15:36.0325 4348 usbprint - ok
18:15:36.0340 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:15:36.0342 4348 usbscan - ok
18:15:36.0361 4348 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
18:15:36.0363 4348 usbser - ok
18:15:36.0375 4348 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:15:36.0376 4348 UsbserFilt - ok
18:15:36.0411 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:15:36.0413 4348 USBSTOR - ok
18:15:36.0417 4348 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:15:36.0418 4348 usbuhci - ok
18:15:36.0468 4348 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:15:36.0472 4348 usbvideo - ok
18:15:36.0505 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:15:36.0509 4348 UxSms - ok
18:15:36.0521 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:15:36.0522 4348 VaultSvc - ok
18:15:36.0555 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:15:36.0556 4348 vdrvroot - ok
18:15:36.0604 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:15:36.0613 4348 vds - ok
18:15:36.0635 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:15:36.0636 4348 vga - ok
18:15:36.0655 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:15:36.0656 4348 VgaSave - ok
18:15:36.0701 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:15:36.0705 4348 vhdmp - ok
18:15:36.0735 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:15:36.0737 4348 viaide - ok
18:15:36.0769 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:15:36.0771 4348 volmgr - ok
18:15:36.0816 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:15:36.0822 4348 volmgrx - ok
18:15:36.0841 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:15:36.0843 4348 volsnap - ok
18:15:36.0862 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:15:36.0864 4348 vsmraid - ok
18:15:36.0933 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:15:36.0957 4348 VSS - ok
18:15:37.0746 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:15:37.0747 4348 vwifibus - ok
18:15:37.0787 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:15:37.0796 4348 W32Time - ok
18:15:37.0806 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:15:37.0808 4348 WacomPen - ok
18:15:37.0840 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:37.0842 4348 WANARP - ok
18:15:37.0846 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:37.0848 4348 Wanarpv6 - ok
18:15:38.0113 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:15:38.0136 4348 WatAdminSvc - ok
18:15:38.0198 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:15:38.0220 4348 wbengine - ok
18:15:38.0608 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:15:38.0611 4348 WbioSrvc - ok
18:15:38.0647 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:15:38.0655 4348 wcncsvc - ok
18:15:38.0671 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:15:38.0674 4348 WcsPlugInService - ok
18:15:38.0688 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:15:38.0689 4348 Wd - ok
18:15:38.0714 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:15:38.0720 4348 Wdf01000 - ok
18:15:38.0731 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:15:38.0733 4348 WdiServiceHost - ok
18:15:38.0735 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:15:38.0736 4348 WdiSystemHost - ok
18:15:38.0754 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:15:38.0757 4348 WebClient - ok
18:15:38.0771 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:15:38.0775 4348 Wecsvc - ok
18:15:38.0791 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:15:38.0793 4348 wercplsupport - ok
18:15:38.0845 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:15:38.0849 4348 WerSvc - ok
18:15:38.0873 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:15:38.0875 4348 WfpLwf - ok
18:15:38.0906 4348 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:15:38.0908 4348 WimFltr - ok
18:15:38.0931 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:15:38.0932 4348 WIMMount - ok
18:15:38.0961 4348 WinDefend - ok
18:15:38.0969 4348 WinHttpAutoProxySvc - ok
18:15:39.0059 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:15:39.0063 4348 Winmgmt - ok
18:15:39.0120 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:15:39.0148 4348 WinRM - ok
18:15:39.0255 4348 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:15:39.0257 4348 WinUsb - ok
18:15:39.0297 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:15:39.0308 4348 Wlansvc - ok
18:15:39.0363 4348 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:15:39.0365 4348 wlcrasvc - ok
18:15:39.0487 4348 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:15:39.0517 4348 wlidsvc - ok
18:15:39.0561 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:15:39.0562 4348 WmiAcpi - ok
18:15:39.0605 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:15:39.0609 4348 wmiApSrv - ok
18:15:39.0636 4348 WMPNetworkSvc - ok
18:15:39.0703 4348 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
18:15:39.0708 4348 WMZuneComm - ok
18:15:39.0719 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:15:39.0723 4348 WPCSvc - ok
18:15:39.0749 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:15:39.0751 4348 WPDBusEnum - ok
18:15:39.0779 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:15:39.0781 4348 ws2ifsl - ok
18:15:39.0791 4348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:15:39.0793 4348 wscsvc - ok
18:15:39.0826 4348 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:15:39.0828 4348 WSDPrintDevice - ok
18:15:39.0832 4348 WSearch - ok
18:15:39.0948 4348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:15:39.0983 4348 wuauserv - ok
18:15:40.0090 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:15:40.0093 4348 WudfPf - ok
18:15:40.0132 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:15:40.0135 4348 WUDFRd - ok
18:15:40.0155 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:15:40.0159 4348 wudfsvc - ok
18:15:40.0199 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:15:40.0205 4348 WwanSvc - ok
18:15:40.0241 4348 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
18:15:40.0243 4348 xusb21 - ok
18:15:40.0495 4348 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
18:15:40.0610 4348 ZuneNetworkSvc - ok
18:15:40.0639 4348 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:15:40.0644 4348 ZuneWlanCfgSvc - ok
18:15:40.0653 4348 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:15:40.0897 4348 \Device\Harddisk0\DR0 - ok
18:15:41.0035 4348 Boot (0x1200) (2bd812be402c08e0d8789da6cb0d25e2) \Device\Harddisk0\DR0\Partition0
18:15:41.0039 4348 \Device\Harddisk0\DR0\Partition0 - ok
18:15:41.0074 4348 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
18:15:41.0093 4348 \Device\Harddisk0\DR0\Partition1 - ok
18:15:41.0093 4348 ============================================================
18:15:41.0093 4348 Scan finished
18:15:41.0093 4348 ============================================================
18:15:41.0105 4344 Detected object count: 0
18:15:41.0105 4344 Actual detected object count: 0
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
18-Jul-2012, 11:07 AM #6
Hi vampirehunter,


Download and run OTL
  1. Download OTL to your desktop.
  2. Right-click on OTL.exe and select Run as administrator to run it. Make sure all other windows are closed and let it run uninterrupted.
  3. Check the box beside Scan All Users
  4. Ensure Use SafeList is selected under Extra Registry
  5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


Please reply with:
  • OTL logs (OTL.txt and Extras.txt)
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 10:09 PM #7
OTL logfile created on: 7/18/2012 8:16:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob and Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.96 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.26% Memory free
11.92 Gb Paging File | 9.62 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 777.61 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
Drive D: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILYPC | User Name: Rob and Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 20:15:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
PRC - [2012/06/29 05:40:10 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/23 16:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/18 17:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/09/17 14:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/04 12:38:14 | 000,065,536 | ---- | M] () -- C:\Brother\BPRSP\resources\BrSupSsp.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 06:33:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a23 0496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 06:33:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe6 51c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 06:33:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f8773 6d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 06:33:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea4 9639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 06:31:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489 276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 06:30:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a58 6d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 06:30:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 06:30:21 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll
MOD - [2012/05/10 06:30:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 06:30:13 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/08 09:52:20 | 000,271,024 | ---- | M] () -- C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
MOD - [2009/09/17 14:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/09/17 14:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/09/17 14:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/09/17 14:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/09/17 14:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/09/17 14:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MOD - [2009/09/17 14:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2008/07/04 12:38:14 | 000,065,536 | ---- | M] () -- C:\Brother\BPRSP\resources\BrSupSsp.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 21:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 17:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/07/12 12:10:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/18 07:29:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/06/14 12:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0173151342482347mcinst.exe -- (0173151342482347mcinstcleanup) McAfee Application Installer Cleanup (0173151342482347)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/23 16:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/17 02:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/09/17 14:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 20:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/04/01 14:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9E833260-7906-4A4E-9C68-7B37924BE6D8}
IE:64bit: - HKLM\..\SearchScopes\{9E833260-7906-4A4E-9C68-7B37924BE6D8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
IE - HKLM\..\SearchScopes\{617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
IE - HKU\.DEFAULT\..\SearchScopes\{C540EA72-5CE6-4ABB-9E9F-D54B07AD84D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
IE - HKU\S-1-5-18\..\SearchScopes\{C540EA72-5CE6-4ABB-9E9F-D54B07AD84D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes,DefaultScope = {117F631B-1401-43CF-B02D-4CC0CAD4BF5A}
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{117F631B-1401-43CF-B02D-4CC0CAD4BF5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{42377191-38C0-44C0-A819-0B8E214D6294}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=en_US&apn _ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=5de774d5-ab32-4d9c-9405-1b1c8e38acea&apn_sauid=A09C508C-8A80-46E1-8CFA-B877B9E7A126
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{EE871180-2F93-F8D2-D9F0-D4FC20ED2A5F}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102810&gct=hp"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/03/04 15:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/16 18:45:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/21 17:58:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/17 17:59:44 | 000,000,000 | ---D | M]

[2010/03/02 18:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Extensions
[2012/07/14 19:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\extensions
[2012/04/09 17:39:58 | 000,002,333 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \askcom.xml
[2011/05/05 20:35:34 | 000,001,919 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \bing-zugo.xml
[2010/04/27 17:10:42 | 000,004,772 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \web-search.xml
[2012/06/18 07:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 15:28:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/16 18:45:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/02/23 00:09:13 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\ROB AND AMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\22BBGJMF.DEFAULT\EXTENSIONS\CO MPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012/06/18 07:29:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/06/18 07:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/22 17:18:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/05/09 16:35:23 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/07/14 19:14:23 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/18 07:29:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPlugin Chrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Gmail = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Gaming support for ArcadeWeb) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll (Arcade Web LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [ScanSoft] C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll (flashget)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Rob and Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C106019A-733B-479D-A838-578228C4CB55}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 00:14:28 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d22ca95e-20e2-11df-9ac3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d22ca95e-20e2-11df-9ac3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- [2010/04/01 03:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{dfa2327a-9582-11df-bfe6-002564ec7592}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa2327a-9582-11df-bfe6-002564ec7592}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\I\Shell\phone\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 20:15:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
[2012/07/16 22:11:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob and Amy\Desktop\TDSSKiller.exe
[2012/07/15 11:06:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob and Amy\Desktop\dds.com
[2012/07/15 11:04:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rob and Amy\Desktop\HijackThis.exe
[2012/07/14 19:16:16 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/14 11:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Personal Utilities
[2012/07/14 08:33:15 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5D8A9934-4F54-404B-B082-8B981091FC3B}
[2012/07/14 08:33:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{8A7F3093-3BB1-42E5-BA26-EF97A26FF38D}
[2012/07/14 07:01:42 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A28F399B-28F2-42FE-BE6C-D1423EFE7B70}
[2012/07/14 06:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{39898E74-6880-4559-AAEC-4F59EED850B7}
[2012/07/13 07:03:41 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CE17FFF4-3CF2-480D-B7BD-0F28E0F156B3}
[2012/07/12 23:11:31 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{DD91969F-3DB0-481E-9872-A699167F4EE6}
[2012/07/12 06:48:10 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B491DEEA-6F18-4FC5-8BD2-FE1AEB82B19F}
[2012/07/12 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{675FC71A-FD2C-4FBA-810E-F361047620BF}
[2012/07/11 23:32:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 23:32:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 23:32:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 23:32:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 23:32:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 23:32:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 23:32:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 23:32:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 23:32:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 23:32:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 23:32:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 23:32:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 23:32:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 06:44:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 06:44:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 06:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 06:44:45 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 06:44:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 06:39:45 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{FEDD4B7E-9079-4865-8BAA-024E223B2897}
[2012/07/11 06:39:33 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{26C2020B-754E-4ABE-9CF5-C32C287E4BEC}
[2012/07/10 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{9FEC1250-AC7A-4A2D-8527-7CEED62097C2}
[2012/07/10 06:50:28 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{0AACD59D-4503-4662-92F6-C9A4F822B55F}
[2012/07/08 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\Documents\PICTURES
[2012/07/08 06:42:10 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{53CAB3B6-D1EE-4484-97D3-717E466465DE}
[2012/07/08 06:41:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{C62D9088-12A4-4F27-8993-346082BC673D}
[2012/07/07 06:58:31 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{05D96F4F-1E37-4686-87B6-717008866D49}
[2012/07/07 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{FE6E92CB-DCB1-45D2-ABEA-143E3AFDBCCF}
[2012/07/06 06:30:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{DAF492BB-73F9-4EF8-932A-904FAF272FAE}
[2012/07/06 06:30:12 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43D8C86C-B55A-427E-9472-808F39E63EDE}
[2012/07/05 01:17:17 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{882BF0BC-42BE-4EBB-96A4-DAAE52ECBC33}
[2012/07/05 01:17:03 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CE0F9943-BFCA-4D0C-8A21-60A4F6FEB842}
[2012/07/04 07:06:19 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{42AF3974-BEF6-4DFB-808F-EC0F6840FD4F}
[2012/07/03 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{74F86EB0-326B-47B7-A0B8-CCD87341CB31}
[2012/07/03 06:40:59 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{23BD8FCC-D2CA-4DEB-ABAB-B8E9AE0A2B1D}
[2012/07/03 06:40:46 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{1BB8B8FA-F0CE-4C05-A0FF-7234B9B76816}
[2012/07/02 06:29:39 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{192DF93F-A070-4177-8FA9-2ED93AC111FB}
[2012/07/02 06:29:28 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{877D2944-F14A-42F5-86ED-21D1FCC68630}
[2012/07/01 02:40:06 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{BDA2F858-D051-4ED4-AD54-EF86CF594D0D}
[2012/07/01 02:39:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{456B9ED4-6510-4338-8DE5-5EC4EBC9D1B3}
[2012/06/30 07:19:18 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{83D4416C-0548-4A44-B9A5-1C60050D4DDF}
[2012/06/30 07:19:07 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{487E57D7-6FA0-4847-9AC0-31CC56E2B652}
[2012/06/29 06:31:43 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{02EB1F74-7F53-43B6-BD16-19DAA1182428}
[2012/06/29 06:31:22 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43EA8E64-17F5-41E5-8F2B-3942DE4EAA6F}
[2012/06/28 18:30:53 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5C404E56-75A9-4C6D-939A-FA01047A1F50}
[2012/06/28 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{40620214-136F-4B47-A6EE-C5E11DD030C4}
[2012/06/28 06:30:07 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A3FFF3A0-B774-4DEF-A354-ACDD8B855138}
[2012/06/28 06:29:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{6E93B2CD-9337-4850-B158-2303950F1501}
[2012/06/27 06:34:38 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{1CD81F85-4F7C-4695-A57B-518338D3D909}
[2012/06/27 06:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{8FCFFED0-FC37-49B0-A230-22CF46D1F0C0}
[2012/06/26 23:45:58 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CBE1B353-C7C2-490E-BDF8-94CA8F81EE76}
[2012/06/25 07:13:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{AD7A34CD-89B6-4577-9518-30A3E3699937}
[2012/06/25 07:12:43 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B004B879-75F5-446A-A77A-5B135324E3D3}
[2012/06/24 06:53:37 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{AC9E5B34-855D-41D0-B2A4-C0D31126756C}
[2012/06/24 06:53:25 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{91580D28-3919-4F74-9D09-D8035A1B0090}
[2012/06/23 15:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato
[2012/06/23 15:50:30 | 000,000,000 | ---D | C] -- C:\gPotato
[2012/06/23 14:04:52 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\Deployment
[2012/06/23 07:57:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{6DC0080C-8F75-4B7B-A023-FFC09E4950F0}
[2012/06/23 07:57:22 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{87CF7DAA-431A-4087-AD05-E7A65D14F68A}
[2012/06/22 17:46:16 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B117AC22-57BB-4A43-B8F5-4AC0B1CDCD21}
[2012/06/22 17:46:06 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{F4FB8A67-479C-4BC6-85BB-69FD5D308F8D}
[2012/06/22 05:52:14 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43351FBB-CD1A-4607-BE38-2F0CC92BA8EA}
[2012/06/22 05:52:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A220C7F0-B99C-4E38-B751-2E361EDF0F32}
[2012/06/21 06:30:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 06:30:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 06:30:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 06:30:16 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 06:30:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 06:30:16 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 06:30:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 06:30:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 06:26:54 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{841CF895-56A8-46B0-BB3B-C4D8FADDC848}
[2012/06/21 06:26:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{77D6D850-AB40-4665-9AF9-5C3E9CF0F4F0}
[2012/06/20 06:19:05 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5F9827B0-DECE-4B8F-BCFA-50960D38ACFC}
[2010/03/02 18:03:23 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Rob and Amy\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 20:15:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
[2012/07/18 20:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 19:25:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001UA.job
[2012/07/18 11:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001Core.job
[2012/07/17 21:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 18:14:30 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob and Amy\Desktop\TDSSKiller.exe
[2012/07/17 18:13:58 | 002,117,152 | ---- | M] () -- C:\Users\Rob and Amy\Desktop\tdsskiller.zip
[2012/07/16 18:44:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 18:44:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 12:27:03 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 11:06:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob and Amy\Desktop\dds.com
[2012/07/15 11:03:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rob and Amy\Desktop\HijackThis.exe
[2012/07/14 12:53:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 12:10:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 12:10:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 09:09:20 | 000,001,135 | ---- | M] () -- C:\Users\Rob and Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/12 06:46:53 | 000,309,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 16:01:15 | 000,004,096 | -H-- | M] () -- C:\Users\Rob and Amy\AppData\Local\keyfile3.drm
[2012/07/05 14:54:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 15:55:18 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012/06/23 14:15:54 | 000,733,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 14:15:54 | 000,629,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 14:15:54 | 000,108,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/19 16:04:02 | 000,000,000 | ---- | M] () -- C:\Users\Rob and Amy\Documents\Nuance Image Printer Writer Port
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 18:14:00 | 002,117,152 | ---- | C] () -- C:\Users\Rob and Amy\Desktop\tdsskiller.zip
[2012/07/14 19:15:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001UA.job
[2012/07/14 19:15:44 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001Core.job
[2012/07/11 16:01:15 | 000,004,096 | -H-- | C] () -- C:\Users\Rob and Amy\AppData\Local\keyfile3.drm
[2012/06/23 15:55:18 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012/06/19 16:04:02 | 000,000,000 | ---- | C] () -- C:\Users\Rob and Amy\Documents\Nuance Image Printer Writer Port
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/23 15:47:36 | 000,747,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/23 15:47:33 | 000,000,401 | ---- | C] () -- C:\Windows\Mail2Contact.ini
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/27 15:30:13 | 000,455,237 | ---- | C] () -- C:\Users\Rob and Amy\green documents.pdf
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/28 23:12:22 | 000,000,281 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Roaming\Network Meter_Settings.ini
[2011/06/28 07:37:56 | 000,103,784 | ---- | C] () -- C:\Users\Rob and Amy\GoToAssistDownloadHelper.exe
[2011/06/24 11:43:08 | 000,000,412 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Roaming\All CPU Meter_Settings.ini
[2011/05/09 16:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/04/25 19:22:02 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2011/04/25 19:21:22 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/04/25 19:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/04/25 19:21:21 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/04/25 19:21:20 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011/04/25 19:19:27 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/06/22 23:50:02 | 000,007,618 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Local\resmon.resmoncfg
[2010/05/12 12:30:18 | 000,060,304 | ---- | C] () -- C:\Users\Rob and Amy\g2mdlhlpx.exe
[2010/03/03 12:53:32 | 000,042,263 | ---- | C] () -- C:\Users\Rob and Amy\ordercomplete.aspx.htm
[2008/07/09 19:21:56 | 000,000,000 | ---- | C] () -- C:\Users\Rob and Amy\񀿉
[2008/06/20 12:26:13 | 000,000,118 | ---- | C] () -- C:\Users\Rob and Amy\default.pls
[2008/06/12 16:47:48 | 000,001,080 | ---- | C] () -- C:\Users\Rob and Amy\NORInfo.ini
[2008/06/12 16:47:48 | 000,000,084 | ---- | C] () -- C:\Users\Rob and Amy\USBInfo.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 860 bytes -> C:\Users\Rob and Amy\Documents\Court Orders for Guardianship.eml:OECustomProperty

< End of report >
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 10:11 PM #8
OTL Extras logfile created on: 7/18/2012 8:16:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob and Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.96 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.26% Memory free
11.92 Gb Paging File | 9.62 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 777.61 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
Drive D: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILYPC | User Name: Rob and Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{052E308A-1D5A-4B87-9ADD-8BB02F687592}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0544E167-676B-4BA4-A1A3-651F4B77F771}" = rport=139 | protocol=6 | dir=out | app=system |
"{05AAF869-BC7F-4212-A946-1D4354292124}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06C6BD8D-0E72-45BD-9188-B9B69A6728E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08857CBD-899D-4EDC-BE38-9D7B3A86E028}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1276F8D6-E623-4EC0-BA8F-DD7C4952E0F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{132D82E4-AF41-48A3-997E-506E98104EA1}" = lport=138 | protocol=17 | dir=in | app=system |
"{14741AEF-BFEC-4ABC-AA8C-898EF2CE102B}" = rport=137 | protocol=17 | dir=out | app=system |
"{23471078-ED80-46A6-BF35-0372A8F37FD7}" = rport=445 | protocol=6 | dir=out | app=system |
"{247C5A3E-C5BA-418A-9A6C-3F79956677B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2829F85D-587D-499A-A5A4-94D3FCD40EF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B04AA32-6FDA-41D2-B36F-9CD33C95784F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D8D0467-74FB-4BD3-9661-D2481E6D6B74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35043F77-1923-4FA4-A5B2-BD1F117D7E74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44ACA0F1-42BB-4122-B650-FFB03225D793}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{521AE983-96B7-437F-97E0-E06E24E5D8CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C47A764-7B5C-481C-9B85-F2D8E1A57A69}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6366900D-6E1E-48CB-A4E2-4AEA9F318E47}" = lport=137 | protocol=17 | dir=in | app=system |
"{7372C5E9-DD85-4A6F-8317-D4E9B86B9B6D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{77C651EF-4C69-4525-AE1C-78B9A80D646B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F96778D-664D-489E-9A1F-E65845C4C0EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B265F07A-937E-4C2C-AF50-DF964DCB5DF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B88A3FA0-F3E4-4DBE-B6CD-3F0285590F15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9560C5C-4083-483C-981C-40D3A4676961}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9B402A9-37AE-4F2D-8457-BC4B3CBD8FAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C18B5ACE-4504-4C1D-BFD8-3DA6351AEBFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB055DA5-1EC6-432F-A3FD-6CA480438136}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCC71E9D-2ABE-4D78-B620-20CEA0D80623}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE398A9A-D767-441C-8038-FAF7DC8BDFF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D45E63E8-1995-4F5E-8117-C5BF2B9E57F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DB18077A-56FE-40D9-B35D-779B204720D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DC545FA5-57E8-4FC2-A062-B0D5C6C66A4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8C903C1-036C-4800-BCA3-4B5DB30381FC}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1E1B2AA-4CF6-4C26-A714-DA8A73E44FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{03B89F08-8382-4DF7-9AF5-A051E15F1E2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{067268B3-669E-41E9-938F-D7223C4C7F48}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{077CF908-0D28-44D8-8AB6-FC442BAA36BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1612DEFD-2811-40AA-B316-81CED0627EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1E549AB3-B015-41F4-826C-6B4482C76E0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21396C7D-589A-42D8-97AA-27E40BAA8D78}" = protocol=6 | dir=in | app=c:\users\rob and amy\downloads\pdfconvertersetup.exe |
"{25C8495D-DFC0-4281-BB33-D81EFEDCD738}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{2675962E-436F-4D7B-A2E3-46EFC452DEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2867C3CA-4D0E-4FB1-8464-7E0D663EA4B5}" = protocol=6 | dir=out | app=system |
"{2AD5C38E-49FE-477F-B737-3639CDA80267}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B70A4B7-6AC7-4920-9FCE-A625664FC311}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2D9F9096-7EAB-4448-9B76-14D394DAE148}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40E6FB4B-0408-453B-A29D-DEAF98274885}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{42D9A6B9-27A8-44E7-875E-1698DFD2245A}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{466FC6DD-5B2E-4C9D-9508-2C0E1D6231AA}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{486073CA-03DC-4146-BB77-C514A98B93F0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{568C1941-44B7-41D1-9EE3-73B1362F4CA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BBF38E1-0A3F-4890-A5A5-C5840996960D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{60287EF3-F311-4A13-B4E0-8B51BCE0B010}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{67C4F250-A9EF-4DFD-80B1-F9002C94A49D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{685FE055-6C81-446B-A64D-719BEB5BABE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{689ECDE2-16FC-45A6-9433-7AABA53FE4E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{697EFE14-BD29-43B3-9F6B-5DE6FF60E7DA}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{6A2D885F-4305-45F4-9B45-DF6C2617EF1A}" = protocol=6 | dir=in | app=c:\users\rob and amy\appdata\roaming\mjusbsp\magicjack.exe |
"{6B875D57-B636-4E58-AE7B-63994C88A754}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C81D26A-5614-447E-93D3-96670A35C051}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{766DB5B4-D0EF-495A-A2B2-C404C17B1EC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{77E901FC-B967-4013-9E8B-F800D7C29C38}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{7DFE0853-28D3-452D-94B1-254013F3CB16}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{7E1490AD-9796-46E8-B587-FC10D8DB47E7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83F38C2F-D96B-4E97-A7B3-A7D8899496DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{86F45056-05D1-4B00-A776-38777D9CB15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8AB74319-0A09-4337-BA1D-128FA34405D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C5314FF-4C0B-4C4E-B10A-DA31AC86D5FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90D2CEE2-AE45-4B2F-B474-972C4D38CBEC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94D1AC10-5CE5-4137-8E30-4076384C66EF}" = protocol=17 | dir=in | app=c:\users\rob and amy\appdata\roaming\mjusbsp\magicjack.exe |
"{955ECBF5-E2C8-469C-99DF-9A35362AE9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{995969B8-993A-45C5-A93B-5E5FCD272CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{9C0F107B-8EF8-4506-8D3D-65D3293E5A46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A496B093-386F-4E3F-9F4B-F2D54E108057}" = protocol=17 | dir=in | app=c:\users\rob and amy\downloads\pdfconvertersetup.exe |
"{A6362FA3-5782-432A-98CA-2E9A8FA9D204}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7BAD80C-6F0B-489F-B707-DB894E219E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{AB86E699-FCA3-43B1-A71F-2C10C85AE808}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{B54AA2B8-2088-4DF4-83A3-3966AEAD30B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7722357-F8F9-48C0-A309-9A79C99123A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B9D7FD4E-68E6-483C-93D2-E7E2D015FDA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB382EC8-B19D-4207-84C4-965BB3497375}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE17FFFB-4EB9-413A-9ADB-D5FB373645C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C52B49BF-32F3-4B18-91D0-7609FC3BD32B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C95C78AA-6077-43FD-9EA6-A762DB733AE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD8791D4-5630-431A-9D68-8887F90A7518}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{D0F4DD32-9885-431D-BA19-C84B238A0AFF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D2B7AF7E-3DCA-43EA-BA13-42687B9DDC0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5AC7018-2291-4F36-997F-D9E1788F5FC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9B3F910-EBC3-4021-ADC8-419FB958B295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCCD32D8-68A1-4027-96A2-66C5D03CDFC7}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{E4A3BFA7-5660-4066-AD85-0690F52DA656}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB2AC217-9E9B-4154-953D-C3B9D09E98D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF531862-547C-481A-98E1-4F9B31DD1DB2}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7852365E-0AD2-CE95-B463-8C6B87DE614C}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{035DB669-4995-8447-0229-D8BEC6B8605F}" = Catalyst Control Center Graphics Full Existing
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-795CW
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B97F19A-BD2B-A127-8474-E2575F92F21A}" = Catalyst Control Center Core Implementation
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C6BE429-9C6E-4A02-A085-73FB485D3BBA}" = LeapFrog Tag Plugin
"{4160D554-3CEA-9FBB-7298-6D729BF56062}" = ccc-core-static
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4BC83065-F98B-4DB1-B4AE-AA2F1FA9BA2B}" = LeapFrog Connect
"{4D4B649B-F843-4AD2-7566-3743AC1B68FE}" = Catalyst Control Center Graphics Light
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E5CFA33-2164-C305-6CA5-E4B377ABE544}" = Catalyst Control Center Graphics Previews Common
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{8040527F-DD74-4B45-8A06-C4BF145B6C76}" = Brother Product Research and Support Program
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE5E0C8-727D-FC08-DABB-E6887AE9847E}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF52DCD4-C3A5-2811-32A6-14869CD166D7}" = Catalyst Control Center Graphics Full New
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D34C2E60-185F-FACB-62F3-8747647B8971}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E303B395-E0C1-42E6-9EF9-F3BC23DEF2D7}" = Remote Printer Console
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E51BB4BB-2FB0-957B-1E4A-9D978CF0B801}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EAC1B6CA-168F-446C-92DA-179424798D0F}" = Dutch Boy Color Simplicity
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.8
"{F01AAB6D-7BF3-4E4B-9401-3368E4AFCC24}" = Brother HL-5240
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"amg-texttwist2" = TextTwist 2
"amg-zumadeluxe" = Zuma Deluxe
"am-superfruitfrolic" = Super Fruit Frolic
"am-supergamehousesolitaire" = Super GameHouse Solitaire
"am-superpopdrop" = Super Pop & Drop
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Digital Editions" = Adobe Digital Editions
"eFile Express 2010" = eFile Express 2010
"FoxTab PDF Converter" = FoxTab PDF Converter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"OUTLOOKR" = Microsoft Office Outlook 2007
"Plants vs. Zombies" = Plants vs. Zombies
"Public Mail2Contact_is1" = Public Mail2Contact
"Rhapsody" = Rhapsody
"Super GameHouse Solitaire Vol. 1" = Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = Super GameHouse Solitaire Vol. 2
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trivial Pursuit Digital Choice_is1" = Trivial Pursuit Digital Choice v1.3.0 for Windows XP/Vista
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.0.0.799
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2012 3:54:51 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/09 14:54:51.649]: [00004580]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 7/9/2012 3:54:51 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/09 14:54:51.649]: [00004580]: Initialize TwdsMain
Class failed!

Error - 7/11/2012 8:17:57 AM | Computer Name = FamilyPC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc000070a Fault offset: 0x0009c76d Faulting process
id: 0x1368 Faulting application start time: 0x01cd5f5f31a8c148 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 72529073-cb52-11e1-91f3-002564ec7592

Error - 7/11/2012 4:58:35 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/11 15:58:35.124]: [00005968]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 7/11/2012 4:58:35 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/11 15:58:35.124]: [00005968]: Initialize TwdsMain
Class failed!

Error - 7/12/2012 3:42:33 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/12 14:42:33.123]: [00006040]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 7/12/2012 3:42:33 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/12 14:42:33.123]: [00006040]: Initialize TwdsMain
Class failed!

Error - 7/14/2012 1:54:59 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.62.0.87 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b9c Start Time:
01cd61e9a32b4b50 Termination Time: 16 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 044e4e1f-cddd-11e1-afed-002564ec7592

Error - 7/14/2012 8:13:40 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c38 Start
Time: 01cd621ea612f9fb Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: eac73457-ce11-11e1-85e7-002564ec7592

Error - 7/15/2012 2:22:37 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
Description = The program SIMCITY.EXE version 1.0.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1454 Start Time:
01cd62b1cea61301 Termination Time: 0 Application Path: C:\Program Files (x86)\SimCity
2000 - Special Edition\SIMCITY.EXE Report Id: 08e0023d-ceaa-11e1-9a0b-002564ec7592


[ Media Center Events ]
Error - 1/13/2012 8:45:20 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:45:20 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


Error - 1/13/2012 8:46:25 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:46:21 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


Error - 1/17/2012 8:55:06 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:55:00 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


Error - 1/18/2012 8:53:04 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:53:04 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


Error - 1/18/2012 8:54:09 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:54:05 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


Error - 1/19/2012 9:19:46 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 7:19:45 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


Error - 1/19/2012 9:20:52 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 7:20:46 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


Error - 2/22/2012 7:28:31 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 5:28:31 PM - Error connecting to the internet. 5:28:31 PM - Unable
to contact server..

Error - 2/22/2012 7:29:03 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 5:29:00 PM - Error connecting to the internet. 5:29:00 PM - Unable
to contact server..

Error - 2/22/2012 8:30:32 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
Description = 6:30:32 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 7/15/2012 12:24:22 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 7/15/2012 12:24:25 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%2

Error - 7/15/2012 1:26:06 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 7/15/2012 1:26:09 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%2

Error - 7/15/2012 1:28:34 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 7/15/2012 1:28:36 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%2

Error - 7/16/2012 1:37:14 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/16/2012 1:37:15 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/17/2012 1:37:14 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/17/2012 1:37:15 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
18-Jul-2012, 10:16 PM #9
I just noticed that when i use Chrome, my McAfee Site Advisor extension will intermittently disappear. I dont know if thats relevant or not but thought that i would mention it.
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
19-Jul-2012, 08:35 PM #10
Hi vampirehunter,
After doing the following let me know how your computer is running.


Run OTL Script
  1. Right-click OTL.exe and select Run as administrator to start the program
  2. Click the None button at the top
  3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
    Code:
    :OTL
    MOD - [2010/04/08 09:52:20 | 000,271,024 | ---- | M] () -- C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=en_US&apn _ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=5de774d5-ab32-4d9c-9405-1b1c8e38acea&apn_sauid=A09C508C-8A80-46E1-8CFA-B877B9E7A126
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102810&gct=hp"
    FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.1.1.0
    [2012/04/09 17:39:58 | 000,002,333 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \askcom.xml
    [2011/05/05 20:35:34 | 000,001,919 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \bing-zugo.xml
    [2010/04/27 17:10:42 | 000,004,772 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \web-search.xml
    [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
    [2011/05/09 16:35:23 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Gaming support for ArcadeWeb) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll (Arcade Web LLC)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    C:\Program Files (x86)\Search Toolbar
    C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    C:\Users\Rob and Amy\AppData\Local\ArcadeWeb
    
    :Commands
    [EMPTYTEMP]
  4. Then click the Run Fix button at the top.
  5. If prompted, Click OK
  6. OTL may ask to reboot the computer. Please do so if asked
  7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

    Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


Please reply with:
  • OTL results
  • Update on computer's performance
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
19-Jul-2012, 10:51 PM #11
here is the OTL log. I will post back with a performance update after i have used the computer a bit.


All processes killed
========== OTL ==========
Releasing module C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully.
HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6C668CE-023C-4278-94AC-763D3714E1F0}\ not found.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://www.ask.com/?l=dis&o=102810&gct=hp" removed from browser.startup.homepage
Prefs.js: toolbar@shopathome.com:5.1.1.0 removed from extensions.enabledItems
File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \askcom.xml not found.
File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \bing-zugo.xml not found.
File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \web-search.xml not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2}\ deleted successfully.
C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magicjack.com\data\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magicjack.com\my\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\talk4free.com\reg\ deleted successfully.
C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP\WiseCustomCalla.exe deleted successfully.
C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP folder deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Search Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
C:\Users\Rob and Amy\AppData\Local\ArcadeWeb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rob and Amy
->Temp folder emptied: 2098526752 bytes
->Temporary Internet Files folder emptied: 629474065 bytes
->Java cache emptied: 33937805 bytes
->FireFox cache emptied: 1109512302 bytes
->Google Chrome cache emptied: 163428006 bytes
->Apple Safari cache emptied: 4275200 bytes
->Flash cache emptied: 436107 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 666057315 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 196930352 bytes

Total Files Cleaned = 4,676.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07192012_215134

Files\Folders moved on Reboot...
C:\Users\Rob and Amy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CR_F3B72.tmp\SETUP_PATCH.PACKED.7Z scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Rob and Amy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/12 12:14:29 | 000,001,057 | ---- | M] () C:\Windows\temp\CR_F3B72.tmp\SETUP_PATCH.PACKED.7Z : MD5=F04D836AB010ED44B759AC389B160E66

Registry entries deleted on Reboot...
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
20-Jul-2012, 06:35 PM #12
so far the computer seems to be working fine. Google hasnt redirected since the OTL script was run.
vampirehunter's Avatar
vampirehunter vampirehunter is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Jul 2012
21-Jul-2012, 08:43 AM #13
google is still redirecting links periodically
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
21-Jul-2012, 03:18 PM #14
Hi vampirehunter,
Do the redirects happen in all browsers? Or one specifically?
Do you have a USB flash drive? if so please run the following scan.


ListParts
  1. Download ListParts64 to a USB flash drive.
  2. Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment
  1. Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  2. Select Repair your computer.
  3. Select Language and click Next
  4. Enter password (if necessary) and click OK, you should now see the screen below ...


  5. Select the Command Prompt option.
  6. A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  7. Back in the command window ....
    • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • ListParts will start to run.
      • Press the Scan button.
      • When finished scanning it will make a log Result.txt on the flash drive.
  8. Close the command window.
  9. Boot back into normal mode and post me the Result.txt log please.


Please reply with:
  • Answer to questions
  • ListParts log (Result.txt)
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
23-Jul-2012, 11:53 PM #15
Hi vampirehunter,

Do you still require assistance?
If you do not reply to this thread within 24 hours of this post, It will be removed from my subscribed threads list.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2