1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

google redirect virus

Discussion in 'Virus & Other Malware Removal' started by vampirehunter, Jul 15, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    Hi
    recently my computer started redirecting links on google searches, and this has been getting worse of the past few days. Internet explorer has also started running in the background even though i never use it. I ran Malwarebytes and it picked up something called Exploit.Drop.9 and said that it was successfully removed, but the redirect and IE in the background were unaffected. My OS is windows 7 SP1 64 bit.
    Thanks in advanced for any help.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:05:22 AM, on 7/15/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    C:\Brother\BPRSP\resources\BrSupSsp.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    O2 - BHO: Gaming support for ArcadeWeb - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [ScanSoft] RunDLL32.exe "C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll",CPPDebug
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Rob and Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Brother BPRSP.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: setup.exe
    O4 - Global Startup: setup1.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.mcafee.com
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16289 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Rob and Amy at 11:06:31 on 2012-07-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.3669 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    C:\Brother\BPRSP\resources\BrSupSsp.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\DllHost.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=102810&gct=hp
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Gaming support for ArcadeWeb: {9f531fb1-7c1f-4e1a-8c0c-e8d6177130e2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [<NO NAME>]
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [ScanSoft] RunDLL32.exe "C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll",CPPDebug
    uRun: [Google Update] "C:\Users\Rob and Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\ROBAND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BROTHE~1.LNK - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\setup1.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: magicjack.com\data
    Trusted Zone: magicjack.com\my
    Trusted Zone: mcafee.com
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: talk4free.com\reg
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{C106019A-733B-479D-A838-578228C4CB55} : DhcpNameServer = 8.8.8.8
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO-X64: Gaming support for ArcadeWeb: {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll
    BHO-X64: Gaming support for ArcadeWeb - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102810&gct=hp
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-23 92160]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-7-10 103472]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-23 656624]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-19 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-20 245760]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-19 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-15 15:34:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B5B5DB-F743-46C7-81F2-5C5CCBFB40BA}\mpengine.dll
    2012-07-14 13:42:17 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-14 13:33:15 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5D8A9934-4F54-404B-B082-8B981091FC3B}
    2012-07-14 13:33:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{8A7F3093-3BB1-42E5-BA26-EF97A26FF38D}
    2012-07-14 12:01:42 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A28F399B-28F2-42FE-BE6C-D1423EFE7B70}
    2012-07-14 11:57:30 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{39898E74-6880-4559-AAEC-4F59EED850B7}
    2012-07-13 12:03:41 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CE17FFF4-3CF2-480D-B7BD-0F28E0F156B3}
    2012-07-13 04:11:31 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{DD91969F-3DB0-481E-9872-A699167F4EE6}
    2012-07-12 11:48:10 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B491DEEA-6F18-4FC5-8BD2-FE1AEB82B19F}
    2012-07-12 11:47:57 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{675FC71A-FD2C-4FBA-810E-F361047620BF}
    2012-07-12 04:39:09 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 11:44:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-11 11:39:45 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{FEDD4B7E-9079-4865-8BAA-024E223B2897}
    2012-07-11 11:39:33 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{26C2020B-754E-4ABE-9CF5-C32C287E4BEC}
    2012-07-10 11:50:39 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{9FEC1250-AC7A-4A2D-8527-7CEED62097C2}
    2012-07-10 11:50:28 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{0AACD59D-4503-4662-92F6-C9A4F822B55F}
    2012-07-08 11:42:10 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{53CAB3B6-D1EE-4484-97D3-717E466465DE}
    2012-07-08 11:41:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{C62D9088-12A4-4F27-8993-346082BC673D}
    2012-07-07 11:58:31 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{05D96F4F-1E37-4686-87B6-717008866D49}
    2012-07-07 11:58:21 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{FE6E92CB-DCB1-45D2-ABEA-143E3AFDBCCF}
    2012-07-06 11:30:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{DAF492BB-73F9-4EF8-932A-904FAF272FAE}
    2012-07-06 11:30:12 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43D8C86C-B55A-427E-9472-808F39E63EDE}
    2012-07-05 06:17:17 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{882BF0BC-42BE-4EBB-96A4-DAAE52ECBC33}
    2012-07-05 06:17:03 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CE0F9943-BFCA-4D0C-8A21-60A4F6FEB842}
    2012-07-04 12:16:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A81B948-71DC-47C0-9874-6029F18D24DC}\gapaengine.dll
    2012-07-04 12:06:19 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{42AF3974-BEF6-4DFB-808F-EC0F6840FD4F}
    2012-07-03 23:42:33 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{74F86EB0-326B-47B7-A0B8-CCD87341CB31}
    2012-07-03 11:40:59 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{23BD8FCC-D2CA-4DEB-ABAB-B8E9AE0A2B1D}
    2012-07-03 11:40:46 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{1BB8B8FA-F0CE-4C05-A0FF-7234B9B76816}
    2012-07-02 11:29:39 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{192DF93F-A070-4177-8FA9-2ED93AC111FB}
    2012-07-02 11:29:28 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{877D2944-F14A-42F5-86ED-21D1FCC68630}
    2012-07-01 07:40:06 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{BDA2F858-D051-4ED4-AD54-EF86CF594D0D}
    2012-07-01 07:39:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{456B9ED4-6510-4338-8DE5-5EC4EBC9D1B3}
    2012-06-30 12:19:18 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{83D4416C-0548-4A44-B9A5-1C60050D4DDF}
    2012-06-30 12:19:07 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{487E57D7-6FA0-4847-9AC0-31CC56E2B652}
    2012-06-29 11:31:43 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{02EB1F74-7F53-43B6-BD16-19DAA1182428}
    2012-06-29 11:31:22 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43EA8E64-17F5-41E5-8F2B-3942DE4EAA6F}
    2012-06-28 23:30:53 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5C404E56-75A9-4C6D-939A-FA01047A1F50}
    2012-06-28 23:30:40 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{40620214-136F-4B47-A6EE-C5E11DD030C4}
    2012-06-28 11:30:07 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A3FFF3A0-B774-4DEF-A354-ACDD8B855138}
    2012-06-28 11:29:56 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{6E93B2CD-9337-4850-B158-2303950F1501}
    2012-06-27 11:34:38 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{1CD81F85-4F7C-4695-A57B-518338D3D909}
    2012-06-27 11:34:27 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{8FCFFED0-FC37-49B0-A230-22CF46D1F0C0}
    2012-06-27 04:45:58 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{CBE1B353-C7C2-490E-BDF8-94CA8F81EE76}
    2012-06-25 12:13:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{AD7A34CD-89B6-4577-9518-30A3E3699937}
    2012-06-25 12:12:43 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B004B879-75F5-446A-A77A-5B135324E3D3}
    2012-06-24 11:53:37 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{AC9E5B34-855D-41D0-B2A4-C0D31126756C}
    2012-06-24 11:53:25 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{91580D28-3919-4F74-9D09-D8035A1B0090}
    2012-06-23 20:50:30 -------- d-----w- C:\gPotato
    2012-06-23 19:04:52 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\Deployment
    2012-06-23 12:57:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{6DC0080C-8F75-4B7B-A023-FFC09E4950F0}
    2012-06-23 12:57:22 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{87CF7DAA-431A-4087-AD05-E7A65D14F68A}
    2012-06-22 22:46:16 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{B117AC22-57BB-4A43-B8F5-4AC0B1CDCD21}
    2012-06-22 22:46:06 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{F4FB8A67-479C-4BC6-85BB-69FD5D308F8D}
    2012-06-22 10:52:14 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{43351FBB-CD1A-4607-BE38-2F0CC92BA8EA}
    2012-06-22 10:52:02 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{A220C7F0-B99C-4E38-B751-2E361EDF0F32}
    2012-06-21 11:30:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 11:30:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 11:30:02 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 11:30:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 11:26:54 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{841CF895-56A8-46B0-BB3B-C4D8FADDC848}
    2012-06-21 11:26:36 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{77D6D850-AB40-4665-9AF9-5C3E9CF0F4F0}
    2012-06-20 11:19:05 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{5F9827B0-DECE-4B8F-BCFA-50960D38ACFC}
    2012-06-18 12:29:55 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-18 12:29:55 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 11:20:14 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{0972DDD0-862C-4963-9AF6-E3E6E63D0BBE}
    2012-06-17 11:37:57 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{7E0F8C43-F6D8-4B4F-8616-B5FF603FE54F}
    2012-06-16 10:32:35 -------- d-----w- C:\Users\Rob and Amy\AppData\Local\{D184CD37-E341-4D95-9D23-3BBDD9C81180}
    .
    ==================== Find3M ====================
    .
    2012-07-12 17:10:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 17:10:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-18 12:20:29 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-18 12:20:29 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 11:07:06.90 ===============
     

    Attached Files:

  2. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hello vampirehunter and Welcome to Tech Support Guy! :)
    My name is Gizzy and I'll be glad to help you with your malware problems.

    Please note the following while we work:
    • The fixes are specific to your problem and should only be used for this issue on this computer.
    • Perform all actions in the order given.
    • If you don't know or understand something stop and ask! Don't keep going on.
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please DO NOT run any tools or scans unless I ask you to.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
    • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
    • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Backup your data - windows 7



    I am going through your logs and will reply with instructions soon.
     
  3. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    i appreciate the prompt response and thanks again in advance.
     
  4. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi vampirehunter,


    UAC Advice
    • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
    • The Operating System (Windows 7) in use comes with an inbuilt utility called User Account Control (UAC).
    • When prompted by this with anything I ask you to carry out please select the option Allow.


    Uninstall Programs
    1. Go to Start > Control Panel > Programs and Features
    2. Right click on each instance of:
      • Coupon Printer for Windows
      • Search Toolbar

    3. Click Uninstall & then follow the prompts to remove it.


    Upload File(s) for Scanning
    Please go to VirusTotal or Jotti to upload a file for scanning.

    1. Click Choose File (For VirusTotal) or Browse... (For Jotti)
    2. Copy and paste the below file and path into the File name: box.
    3. Click Open
    4. Click on Scan it! (For VirusTotal) or Submit file (For Jotti)
    5. Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
      Example of web address:
      [​IMG]
    6. Repeat for the below file(s):


    TDSSKiller Scan
    1. Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
    2. Right-click on TDSSKiller.exe and select Run as administrator to launch it.
    3. Click on Change parameters
      • Check Detect TDLFS file system
      • Click OK
    4. Click on Start Scan, The scan will run.
    5. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    6. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    7. To find the log go to Start > Computer > C:
    8. Post the contents of that log in your next reply please.
      DO NOT TRY TO FIX ANYTHING AT THIS POINT


    Please reply with:
    • Virustotal/Jotti results
    • TDSSKiller log
     
  5. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    https://www.virustotal.com/file/cd9...8b72582d275d57f2b3cb8b95/analysis/1342566148/
    https://www.virustotal.com/file/678...c4432c12aa8effcb55d38666/analysis/1342566659/
    https://www.virustotal.com/file/300...4289195343074178d4fa40db/analysis/1342566830/
    https://www.virustotal.com/file/300...4289195343074178d4fa40db/analysis/1342566850/



    18:15:04.0751 5856 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    18:15:05.0087 5856 ============================================================
    18:15:05.0087 5856 Current date / time: 2012/07/17 18:15:05.0087
    18:15:05.0087 5856 SystemInfo:
    18:15:05.0087 5856
    18:15:05.0087 5856 OS Version: 6.1.7601 ServicePack: 1.0
    18:15:05.0087 5856 Product type: Workstation
    18:15:05.0087 5856 ComputerName: FAMILYPC
    18:15:05.0088 5856 UserName: Rob and Amy
    18:15:05.0088 5856 Windows directory: C:\Windows
    18:15:05.0088 5856 System windows directory: C:\Windows
    18:15:05.0088 5856 Running under WOW64
    18:15:05.0088 5856 Processor architecture: Intel x64
    18:15:05.0088 5856 Number of processors: 4
    18:15:05.0088 5856 Page size: 0x1000
    18:15:05.0088 5856 Boot type: Normal boot
    18:15:05.0088 5856 ============================================================
    18:15:06.0303 5856 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:15:06.0333 5856 ============================================================
    18:15:06.0333 5856 \Device\Harddisk0\DR0:
    18:15:06.0333 5856 MBR partitions:
    18:15:06.0333 5856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    18:15:06.0333 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
    18:15:06.0333 5856 ============================================================
    18:15:06.0348 5856 C: <-> \Device\Harddisk0\DR0\Partition1
    18:15:06.0348 5856 ============================================================
    18:15:06.0348 5856 Initialize success
    18:15:06.0348 5856 ============================================================
    18:15:18.0777 4348 ============================================================
    18:15:18.0777 4348 Scan started
    18:15:18.0777 4348 Mode: Manual; TDLFS;
    18:15:18.0777 4348 ============================================================
    18:15:19.0334 4348 0173151342482347mcinstcleanup - ok
    18:15:19.0405 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:15:19.0409 4348 1394ohci - ok
    18:15:19.0526 4348 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    18:15:19.0528 4348 ACDaemon - ok
    18:15:19.0561 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:15:19.0565 4348 ACPI - ok
    18:15:19.0583 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:15:19.0584 4348 AcpiPmi - ok
    18:15:19.0683 4348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:15:19.0684 4348 AdobeARMservice - ok
    18:15:19.0813 4348 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:15:19.0816 4348 AdobeFlashPlayerUpdateSvc - ok
    18:15:19.0873 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:15:19.0880 4348 adp94xx - ok
    18:15:19.0904 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:15:19.0908 4348 adpahci - ok
    18:15:19.0927 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:15:19.0929 4348 adpu320 - ok
    18:15:19.0955 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:15:19.0957 4348 AeLookupSvc - ok
    18:15:20.0007 4348 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    18:15:20.0009 4348 AERTFilters - ok
    18:15:20.0049 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:15:20.0056 4348 AFD - ok
    18:15:20.0087 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:15:20.0089 4348 agp440 - ok
    18:15:20.0097 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:15:20.0097 4348 ALG - ok
    18:15:20.0113 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:15:20.0113 4348 aliide - ok
    18:15:20.0238 4348 ALSysIO - ok
    18:15:20.0378 4348 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
    18:15:20.0378 4348 AMD External Events Utility - ok
    18:15:20.0394 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:15:20.0394 4348 amdide - ok
    18:15:20.0440 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:15:20.0440 4348 AmdK8 - ok
    18:15:20.0733 4348 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:15:20.0880 4348 amdkmdag - ok
    18:15:20.0939 4348 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:15:20.0944 4348 amdkmdap - ok
    18:15:20.0961 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:15:20.0962 4348 AmdPPM - ok
    18:15:21.0024 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:15:21.0026 4348 amdsata - ok
    18:15:21.0054 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:15:21.0058 4348 amdsbs - ok
    18:15:21.0063 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:15:21.0064 4348 amdxata - ok
    18:15:21.0144 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:15:21.0146 4348 AppID - ok
    18:15:21.0173 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:15:21.0175 4348 AppIDSvc - ok
    18:15:21.0207 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:15:21.0209 4348 Appinfo - ok
    18:15:21.0352 4348 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:15:21.0353 4348 Apple Mobile Device - ok
    18:15:21.0368 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:15:21.0371 4348 arc - ok
    18:15:21.0389 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:15:21.0391 4348 arcsas - ok
    18:15:21.0418 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:15:21.0419 4348 AsyncMac - ok
    18:15:21.0431 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:15:21.0431 4348 atapi - ok
    18:15:21.0485 4348 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
    18:15:21.0488 4348 AtiHdmiService - ok
    18:15:21.0760 4348 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:15:21.0791 4348 atikmdag - ok
    18:15:21.0885 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:15:21.0885 4348 AudioEndpointBuilder - ok
    18:15:21.0900 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:15:21.0900 4348 AudioSrv - ok
    18:15:21.0963 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:15:21.0963 4348 AxInstSV - ok
    18:15:22.0010 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:15:22.0010 4348 b06bdrv - ok
    18:15:22.0041 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:15:22.0041 4348 b57nd60a - ok
    18:15:22.0134 4348 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    18:15:22.0134 4348 BBSvc - ok
    18:15:22.0166 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:15:22.0166 4348 BDESVC - ok
    18:15:22.0181 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:15:22.0181 4348 Beep - ok
    18:15:22.0242 4348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    18:15:22.0252 4348 BFE - ok
    18:15:22.0306 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    18:15:22.0319 4348 BITS - ok
    18:15:22.0343 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:15:22.0344 4348 blbdrive - ok
    18:15:22.0412 4348 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    18:15:22.0416 4348 Bonjour Service - ok
    18:15:22.0451 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:15:22.0453 4348 bowser - ok
    18:15:22.0464 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:15:22.0465 4348 BrFiltLo - ok
    18:15:22.0482 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:15:22.0483 4348 BrFiltUp - ok
    18:15:22.0528 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:15:22.0530 4348 Browser - ok
    18:15:22.0588 4348 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
    18:15:22.0593 4348 BrSerIb - ok
    18:15:22.0618 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:15:22.0622 4348 Brserid - ok
    18:15:22.0637 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:15:22.0638 4348 BrSerWdm - ok
    18:15:22.0649 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:15:22.0651 4348 BrUsbMdm - ok
    18:15:22.0662 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:15:22.0664 4348 BrUsbSer - ok
    18:15:22.0679 4348 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    18:15:22.0680 4348 BrUsbSIb - ok
    18:15:22.0776 4348 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    18:15:22.0840 4348 BrYNSvc - ok
    18:15:22.0858 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:15:22.0859 4348 BTHMODEM - ok
    18:15:22.0893 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:15:22.0895 4348 bthserv - ok
    18:15:22.0919 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:15:22.0921 4348 cdfs - ok
    18:15:22.0963 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    18:15:22.0966 4348 cdrom - ok
    18:15:22.0994 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:15:22.0996 4348 CertPropSvc - ok
    18:15:23.0006 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:15:23.0008 4348 circlass - ok
    18:15:23.0031 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:15:23.0037 4348 CLFS - ok
    18:15:23.0112 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:15:23.0114 4348 clr_optimization_v2.0.50727_32 - ok
    18:15:23.0162 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:15:23.0165 4348 clr_optimization_v2.0.50727_64 - ok
    18:15:23.0236 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:15:23.0236 4348 clr_optimization_v4.0.30319_32 - ok
    18:15:23.0251 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:15:23.0267 4348 clr_optimization_v4.0.30319_64 - ok
    18:15:23.0282 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:15:23.0282 4348 CmBatt - ok
    18:15:23.0314 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:15:23.0314 4348 cmdide - ok
    18:15:23.0360 4348 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    18:15:23.0360 4348 CNG - ok
    18:15:23.0376 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:15:23.0376 4348 Compbatt - ok
    18:15:23.0438 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:15:23.0438 4348 CompositeBus - ok
    18:15:23.0454 4348 COMSysApp - ok
    18:15:23.0470 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:15:23.0470 4348 crcdisk - ok
    18:15:23.0501 4348 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    18:15:23.0501 4348 CryptSvc - ok
    18:15:23.0548 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:15:23.0563 4348 DcomLaunch - ok
    18:15:23.0594 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:15:23.0594 4348 defragsvc - ok
    18:15:23.0626 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:15:23.0626 4348 DfsC - ok
    18:15:23.0657 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:15:23.0657 4348 Dhcp - ok
    18:15:23.0672 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:15:23.0672 4348 discache - ok
    18:15:23.0688 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:15:23.0688 4348 Disk - ok
    18:15:23.0719 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:15:23.0719 4348 Dnscache - ok
    18:15:23.0884 4348 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    18:15:23.0887 4348 DockLoginService - ok
    18:15:23.0924 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:15:23.0929 4348 dot3svc - ok
    18:15:23.0966 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:15:23.0968 4348 DPS - ok
    18:15:24.0007 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:15:24.0008 4348 drmkaud - ok
    18:15:24.0059 4348 dump_wmimmc - ok
    18:15:24.0094 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:15:24.0102 4348 DXGKrnl - ok
    18:15:24.0136 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:15:24.0139 4348 EapHost - ok
    18:15:24.0225 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:15:24.0267 4348 ebdrv - ok
    18:15:24.0402 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:15:24.0403 4348 EFS - ok
    18:15:24.0489 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:15:24.0500 4348 ehRecvr - ok
    18:15:24.0531 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:15:24.0534 4348 ehSched - ok
    18:15:24.0586 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:15:24.0594 4348 elxstor - ok
    18:15:24.0638 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:15:24.0639 4348 ErrDev - ok
    18:15:24.0668 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:15:24.0673 4348 EventSystem - ok
    18:15:24.0689 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:15:24.0692 4348 exfat - ok
    18:15:24.0704 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:15:24.0706 4348 fastfat - ok
    18:15:24.0736 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:15:24.0758 4348 Fax - ok
    18:15:24.0774 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:15:24.0774 4348 fdc - ok
    18:15:24.0789 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:15:24.0789 4348 fdPHost - ok
    18:15:24.0805 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:15:24.0805 4348 FDResPub - ok
    18:15:24.0820 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:15:24.0820 4348 FileInfo - ok
    18:15:24.0820 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:15:24.0820 4348 Filetrace - ok
    18:15:24.0867 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:15:24.0867 4348 flpydisk - ok
    18:15:24.0883 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:15:24.0883 4348 FltMgr - ok
    18:15:24.0930 4348 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
    18:15:24.0930 4348 FlyUsb - ok
    18:15:24.0992 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:15:25.0008 4348 FontCache - ok
    18:15:25.0101 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:15:25.0101 4348 FontCache3.0.0.0 - ok
    18:15:25.0117 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:15:25.0117 4348 FsDepends - ok
    18:15:25.0148 4348 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:15:25.0148 4348 fssfltr - ok
    18:15:25.0273 4348 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    18:15:25.0304 4348 fsssvc - ok
    18:15:25.0445 4348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    18:15:25.0446 4348 Fs_Rec - ok
    18:15:25.0494 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:15:25.0496 4348 fvevol - ok
    18:15:25.0521 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:15:25.0523 4348 gagp30kx - ok
    18:15:25.0584 4348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:15:25.0585 4348 GEARAspiWDM - ok
    18:15:25.0631 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:15:25.0643 4348 gpsvc - ok
    18:15:25.0731 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:15:25.0733 4348 gupdate - ok
    18:15:25.0738 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:15:25.0739 4348 gupdatem - ok
    18:15:25.0781 4348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:15:25.0784 4348 gusvc - ok
    18:15:25.0800 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:15:25.0801 4348 hcw85cir - ok
    18:15:25.0845 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:15:25.0848 4348 HDAudBus - ok
    18:15:25.0871 4348 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    18:15:25.0873 4348 HECIx64 - ok
    18:15:25.0892 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:15:25.0893 4348 HidBatt - ok
    18:15:25.0906 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:15:25.0908 4348 HidBth - ok
    18:15:25.0929 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:15:25.0931 4348 HidIr - ok
    18:15:25.0960 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    18:15:25.0962 4348 hidserv - ok
    18:15:26.0013 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:15:26.0041 4348 HidUsb - ok
    18:15:26.0077 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:15:26.0079 4348 hkmsvc - ok
    18:15:26.0135 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:15:26.0139 4348 HomeGroupListener - ok
    18:15:26.0171 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:15:26.0176 4348 HomeGroupProvider - ok
    18:15:26.0211 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:15:26.0213 4348 HpSAMD - ok
    18:15:26.0265 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:15:26.0274 4348 HTTP - ok
    18:15:26.0284 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:15:26.0284 4348 hwpolicy - ok
    18:15:26.0309 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:15:26.0311 4348 i8042prt - ok
    18:15:26.0327 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:15:26.0343 4348 iaStorV - ok
    18:15:26.0421 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:15:26.0421 4348 idsvc - ok
    18:15:26.0452 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:15:26.0452 4348 iirsp - ok
    18:15:26.0483 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:15:26.0499 4348 IKEEXT - ok
    18:15:26.0561 4348 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
    18:15:26.0593 4348 IntcAzAudAddService - ok
    18:15:26.0686 4348 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:15:26.0702 4348 IntcDAud - ok
    18:15:26.0717 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:15:26.0717 4348 intelide - ok
    18:15:26.0733 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:15:26.0733 4348 intelppm - ok
    18:15:26.0764 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:15:26.0764 4348 IPBusEnum - ok
    18:15:26.0811 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:15:26.0811 4348 IpFilterDriver - ok
    18:15:26.0887 4348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    18:15:26.0893 4348 iphlpsvc - ok
    18:15:26.0906 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:15:26.0907 4348 IPMIDRV - ok
    18:15:26.0925 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:15:26.0927 4348 IPNAT - ok
    18:15:27.0016 4348 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    18:15:27.0023 4348 iPod Service - ok
    18:15:27.0027 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:15:27.0028 4348 IRENUM - ok
    18:15:27.0049 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:15:27.0050 4348 isapnp - ok
    18:15:27.0072 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:15:27.0077 4348 iScsiPrt - ok
    18:15:27.0098 4348 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    18:15:27.0102 4348 k57nd60a - ok
    18:15:27.0113 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:15:27.0115 4348 kbdclass - ok
    18:15:27.0121 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:15:27.0132 4348 kbdhid - ok
    18:15:27.0164 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:15:27.0164 4348 KeyIso - ok
    18:15:27.0192 4348 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    18:15:27.0193 4348 KSecDD - ok
    18:15:27.0209 4348 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    18:15:27.0211 4348 KSecPkg - ok
    18:15:27.0219 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:15:27.0220 4348 ksthunk - ok
    18:15:27.0250 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:15:27.0258 4348 KtmRm - ok
    18:15:27.0294 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    18:15:27.0299 4348 LanmanServer - ok
    18:15:27.0335 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:15:27.0337 4348 LanmanWorkstation - ok
    18:15:27.0436 4348 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    18:15:27.0439 4348 LBTServ - ok
    18:15:27.0672 4348 LeapFrog Connect Device Service (b25c71018bdba3e1e0e64917f7af50a7) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    18:15:27.0765 4348 LeapFrog Connect Device Service - ok
    18:15:27.0863 4348 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    18:15:27.0865 4348 LHidFilt - ok
    18:15:27.0882 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:15:27.0882 4348 lltdio - ok
    18:15:27.0929 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:15:27.0929 4348 lltdsvc - ok
    18:15:27.0944 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:15:27.0960 4348 lmhosts - ok
    18:15:27.0991 4348 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    18:15:27.0991 4348 LMouFilt - ok
    18:15:28.0022 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:15:28.0038 4348 LSI_FC - ok
    18:15:28.0038 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:15:28.0054 4348 LSI_SAS - ok
    18:15:28.0054 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:15:28.0054 4348 LSI_SAS2 - ok
    18:15:28.0069 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:15:28.0069 4348 LSI_SCSI - ok
    18:15:28.0085 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:15:28.0085 4348 luafv - ok
    18:15:28.0116 4348 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
    18:15:28.0116 4348 LUsbFilt - ok
    18:15:28.0225 4348 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    18:15:28.0225 4348 McAfee SiteAdvisor Service - ok
    18:15:28.0256 4348 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    18:15:28.0303 4348 mcdbus - ok
    18:15:28.0350 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:15:28.0350 4348 Mcx2Svc - ok
    18:15:28.0366 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:15:28.0366 4348 megasas - ok
    18:15:28.0381 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:15:28.0381 4348 MegaSR - ok
    18:15:28.0433 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:15:28.0434 4348 MMCSS - ok
    18:15:28.0449 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:15:28.0451 4348 Modem - ok
    18:15:28.0498 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:15:28.0499 4348 monitor - ok
    18:15:28.0532 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:15:28.0534 4348 mouclass - ok
    18:15:28.0546 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:15:28.0556 4348 mouhid - ok
    18:15:28.0584 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:15:28.0585 4348 mountmgr - ok
    18:15:28.0625 4348 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:15:28.0627 4348 MozillaMaintenance - ok
    18:15:28.0678 4348 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    18:15:28.0680 4348 MpFilter - ok
    18:15:28.0709 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:15:28.0712 4348 mpio - ok
    18:15:28.0733 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:15:28.0736 4348 mpsdrv - ok
    18:15:28.0786 4348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    18:15:28.0794 4348 MpsSvc - ok
    18:15:28.0824 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:15:28.0826 4348 MRxDAV - ok
    18:15:28.0858 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:15:28.0861 4348 mrxsmb - ok
    18:15:28.0899 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:15:28.0903 4348 mrxsmb10 - ok
    18:15:28.0921 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:15:28.0923 4348 mrxsmb20 - ok
    18:15:28.0937 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:15:28.0939 4348 msahci - ok
    18:15:29.0030 4348 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    18:15:29.0033 4348 MSCamSvc - ok
    18:15:29.0056 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:15:29.0059 4348 msdsm - ok
    18:15:29.0084 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:15:29.0088 4348 MSDTC - ok
    18:15:29.0109 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:15:29.0110 4348 Msfs - ok
    18:15:29.0131 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:15:29.0132 4348 mshidkmdf - ok
    18:15:29.0168 4348 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
    18:15:29.0169 4348 MSHUSBVideo - ok
    18:15:29.0174 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:15:29.0175 4348 msisadrv - ok
    18:15:29.0199 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:15:29.0201 4348 MSiSCSI - ok
    18:15:29.0203 4348 msiserver - ok
    18:15:29.0229 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:15:29.0231 4348 MSKSSRV - ok
    18:15:29.0353 4348 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:15:29.0353 4348 MsMpSvc - ok
    18:15:29.0370 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:15:29.0372 4348 MSPCLOCK - ok
    18:15:29.0379 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:15:29.0380 4348 MSPQM - ok
    18:15:29.0419 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:15:29.0420 4348 MsRPC - ok
    18:15:29.0451 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:15:29.0451 4348 mssmbios - ok
    18:15:29.0451 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:15:29.0451 4348 MSTEE - ok
    18:15:29.0467 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:15:29.0467 4348 MTConfig - ok
    18:15:29.0482 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:15:29.0482 4348 Mup - ok
    18:15:29.0514 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:15:29.0529 4348 napagent - ok
    18:15:29.0560 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:15:29.0560 4348 NativeWifiP - ok
    18:15:29.0607 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:15:29.0623 4348 NDIS - ok
    18:15:29.0638 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:15:29.0638 4348 NdisCap - ok
    18:15:29.0670 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:15:29.0670 4348 NdisTapi - ok
    18:15:29.0716 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:15:29.0716 4348 Ndisuio - ok
    18:15:29.0732 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:15:29.0732 4348 NdisWan - ok
    18:15:29.0763 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:15:29.0763 4348 NDProxy - ok
    18:15:29.0779 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:15:29.0779 4348 NetBIOS - ok
    18:15:29.0794 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:15:29.0810 4348 NetBT - ok
    18:15:29.0841 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:15:29.0841 4348 Netlogon - ok
    18:15:29.0872 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:15:29.0872 4348 Netman - ok
    18:15:29.0919 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:15:29.0919 4348 netprofm - ok
    18:15:30.0020 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:15:30.0023 4348 NetTcpPortSharing - ok
    18:15:30.0068 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:15:30.0069 4348 nfrd960 - ok
    18:15:30.0110 4348 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:15:30.0113 4348 NisDrv - ok
    18:15:30.0191 4348 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    18:15:30.0195 4348 NisSrv - ok
    18:15:30.0247 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:15:30.0252 4348 NlaSvc - ok
    18:15:30.0294 4348 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
    18:15:30.0295 4348 nmwcd - ok
    18:15:30.0310 4348 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
    18:15:30.0311 4348 nmwcdc - ok
    18:15:30.0340 4348 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
    18:15:30.0342 4348 nmwcdnsucx64 - ok
    18:15:30.0376 4348 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
    18:15:30.0380 4348 nmwcdnsux64 - ok
    18:15:30.0398 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:15:30.0399 4348 Npfs - ok
    18:15:30.0410 4348 npggsvc - ok
    18:15:30.0412 4348 NPPTNT2 - ok
    18:15:30.0443 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:15:30.0444 4348 nsi - ok
    18:15:30.0451 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:15:30.0451 4348 nsiproxy - ok
    18:15:30.0520 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:15:30.0548 4348 Ntfs - ok
    18:15:30.0630 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:15:30.0631 4348 Null - ok
    18:15:30.0661 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:15:30.0664 4348 nvraid - ok
    18:15:30.0702 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:15:30.0706 4348 nvstor - ok
    18:15:30.0755 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:15:30.0757 4348 nv_agp - ok
    18:15:30.0851 4348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:15:30.0857 4348 odserv - ok
    18:15:30.0889 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:15:30.0890 4348 ohci1394 - ok
    18:15:30.0938 4348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:15:30.0940 4348 ose - ok
    18:15:30.0959 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:15:30.0963 4348 p2pimsvc - ok
    18:15:30.0974 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:15:30.0989 4348 p2psvc - ok
    18:15:31.0005 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:15:31.0005 4348 Parport - ok
    18:15:31.0036 4348 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    18:15:31.0036 4348 partmgr - ok
    18:15:31.0052 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:15:31.0052 4348 PcaSvc - ok
    18:15:31.0099 4348 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
    18:15:31.0099 4348 pccsmcfd - ok
    18:15:31.0145 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:15:31.0145 4348 pci - ok
    18:15:31.0161 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:15:31.0161 4348 pciide - ok
    18:15:31.0177 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:15:31.0177 4348 pcmcia - ok
    18:15:31.0192 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:15:31.0192 4348 pcw - ok
    18:15:31.0223 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:15:31.0239 4348 PEAUTH - ok
    18:15:31.0286 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:15:31.0301 4348 PerfHost - ok
    18:15:31.0364 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:15:31.0395 4348 pla - ok
    18:15:31.0442 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:15:31.0442 4348 PlugPlay - ok
    18:15:31.0504 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:15:31.0504 4348 PNRPAutoReg - ok
    18:15:31.0520 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:15:31.0539 4348 PNRPsvc - ok
    18:15:31.0567 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:15:31.0574 4348 PolicyAgent - ok
    18:15:31.0614 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:15:31.0616 4348 Power - ok
    18:15:31.0671 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:15:31.0674 4348 PptpMiniport - ok
    18:15:31.0693 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:15:31.0695 4348 Processor - ok
    18:15:31.0724 4348 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    18:15:31.0728 4348 ProfSvc - ok
    18:15:31.0759 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:15:31.0761 4348 ProtectedStorage - ok
    18:15:31.0809 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:15:31.0810 4348 Psched - ok
    18:15:31.0835 4348 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    18:15:31.0836 4348 PxHlpa64 - ok
    18:15:31.0929 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:15:31.0949 4348 ql2300 - ok
    18:15:32.0016 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:15:32.0018 4348 ql40xx - ok
    18:15:32.0036 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:15:32.0040 4348 QWAVE - ok
    18:15:32.0048 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:15:32.0048 4348 QWAVEdrv - ok
    18:15:32.0065 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:15:32.0066 4348 RasAcd - ok
    18:15:32.0094 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:15:32.0096 4348 RasAgileVpn - ok
    18:15:32.0119 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:15:32.0123 4348 RasAuto - ok
    18:15:32.0138 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:15:32.0140 4348 Rasl2tp - ok
    18:15:32.0159 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:15:32.0163 4348 RasMan - ok
    18:15:32.0178 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:15:32.0180 4348 RasPppoe - ok
    18:15:32.0191 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:15:32.0193 4348 RasSstp - ok
    18:15:32.0208 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:15:32.0212 4348 rdbss - ok
    18:15:32.0229 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:15:32.0230 4348 rdpbus - ok
    18:15:32.0259 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:15:32.0260 4348 RDPCDD - ok
    18:15:32.0280 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:15:32.0280 4348 RDPENCDD - ok
    18:15:32.0323 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:15:32.0324 4348 RDPREFMP - ok
    18:15:32.0353 4348 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    18:15:32.0357 4348 RDPWD - ok
    18:15:32.0394 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:15:32.0396 4348 rdyboost - ok
    18:15:32.0409 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:15:32.0412 4348 RemoteAccess - ok
    18:15:32.0427 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:15:32.0432 4348 RemoteRegistry - ok
    18:15:32.0447 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:15:32.0450 4348 RpcEptMapper - ok
    18:15:32.0477 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:15:32.0479 4348 RpcLocator - ok
    18:15:32.0519 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:15:32.0525 4348 RpcSs - ok
    18:15:32.0542 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:15:32.0543 4348 rspndr - ok
    18:15:32.0575 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:15:32.0576 4348 SamSs - ok
    18:15:32.0600 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:15:32.0602 4348 sbp2port - ok
    18:15:32.0613 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:15:32.0618 4348 SCardSvr - ok
    18:15:32.0636 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:15:32.0637 4348 scfilter - ok
    18:15:32.0677 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:15:32.0697 4348 Schedule - ok
    18:15:32.0725 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:15:32.0726 4348 SCPolicySvc - ok
    18:15:32.0768 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:15:32.0772 4348 SDRSVC - ok
    18:15:32.0854 4348 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    18:15:32.0857 4348 SeaPort - ok
    18:15:32.0920 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:15:32.0921 4348 secdrv - ok
    18:15:32.0947 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:15:32.0950 4348 seclogon - ok
    18:15:32.0979 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    18:15:32.0982 4348 SENS - ok
    18:15:33.0004 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:15:33.0005 4348 SensrSvc - ok
    18:15:33.0021 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:15:33.0024 4348 Serenum - ok
    18:15:33.0059 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:15:33.0061 4348 Serial - ok
    18:15:33.0112 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:15:33.0114 4348 sermouse - ok
    18:15:33.0190 4348 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    18:15:33.0199 4348 ServiceLayer - ok
    18:15:33.0238 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:15:33.0240 4348 SessionEnv - ok
    18:15:33.0268 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:15:33.0270 4348 sffdisk - ok
    18:15:33.0284 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:15:33.0286 4348 sffp_mmc - ok
    18:15:33.0298 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:15:33.0300 4348 sffp_sd - ok
    18:15:33.0308 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:15:33.0310 4348 sfloppy - ok
    18:15:33.0372 4348 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    18:15:33.0381 4348 SftService - ok
    18:15:33.0420 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:15:33.0426 4348 SharedAccess - ok
    18:15:33.0467 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:15:33.0472 4348 ShellHWDetection - ok
    18:15:33.0515 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:15:33.0517 4348 SiSRaid2 - ok
    18:15:33.0533 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:15:33.0536 4348 SiSRaid4 - ok
    18:15:33.0594 4348 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:15:33.0596 4348 SkypeUpdate - ok
    18:15:33.0622 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:15:33.0624 4348 Smb - ok
    18:15:33.0673 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:15:33.0675 4348 SNMPTRAP - ok
    18:15:33.0688 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:15:33.0688 4348 spldr - ok
    18:15:33.0714 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:15:33.0720 4348 Spooler - ok
    18:15:33.0822 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:15:33.0872 4348 sppsvc - ok
    18:15:34.0089 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:15:34.0093 4348 sppuinotify - ok
    18:15:34.0149 4348 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    18:15:34.0152 4348 sprtsvc_DellSupportCenter - ok
    18:15:34.0207 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:15:34.0213 4348 srv - ok
    18:15:34.0256 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:15:34.0259 4348 srv2 - ok
    18:15:34.0273 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:15:34.0275 4348 srvnet - ok
    18:15:34.0324 4348 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
    18:15:34.0326 4348 ssadbus - ok
    18:15:34.0361 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:15:34.0366 4348 SSDPSRV - ok
    18:15:34.0383 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:15:34.0387 4348 SstpSvc - ok
    18:15:34.0417 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:15:34.0418 4348 stexstor - ok
    18:15:34.0449 4348 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    18:15:34.0450 4348 StillCam - ok
    18:15:34.0508 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:15:34.0518 4348 stisvc - ok
    18:15:34.0552 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:15:34.0553 4348 swenum - ok
    18:15:34.0582 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:15:34.0591 4348 swprv - ok
    18:15:34.0670 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:15:34.0688 4348 SysMain - ok
    18:15:34.0800 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:15:34.0802 4348 TabletInputService - ok
    18:15:34.0818 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:15:34.0822 4348 TapiSrv - ok
    18:15:34.0857 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:15:34.0858 4348 TBS - ok
    18:15:34.0955 4348 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    18:15:35.0005 4348 Tcpip - ok
    18:15:35.0118 4348 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    18:15:35.0125 4348 TCPIP6 - ok
    18:15:35.0202 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:15:35.0203 4348 tcpipreg - ok
    18:15:35.0257 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:15:35.0258 4348 TDPIPE - ok
    18:15:35.0305 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    18:15:35.0307 4348 TDTCP - ok
    18:15:35.0334 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:15:35.0336 4348 tdx - ok
    18:15:35.0373 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:15:35.0376 4348 TermDD - ok
    18:15:35.0436 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:15:35.0448 4348 TermService - ok
    18:15:35.0475 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:15:35.0477 4348 Themes - ok
    18:15:35.0502 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:15:35.0504 4348 THREADORDER - ok
    18:15:35.0520 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:15:35.0524 4348 TrkWks - ok
    18:15:35.0573 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:15:35.0573 4348 TrustedInstaller - ok
    18:15:35.0620 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:15:35.0620 4348 tssecsrv - ok
    18:15:35.0651 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:15:35.0651 4348 TsUsbFlt - ok
    18:15:35.0714 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:15:35.0714 4348 tunnel - ok
    18:15:35.0745 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:15:35.0745 4348 uagp35 - ok
    18:15:35.0760 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:15:35.0776 4348 udfs - ok
    18:15:35.0792 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:15:35.0792 4348 UI0Detect - ok
    18:15:35.0823 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:15:35.0838 4348 uliagpkx - ok
    18:15:35.0885 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:15:35.0885 4348 umbus - ok
    18:15:35.0916 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:15:35.0963 4348 UmPass - ok
    18:15:35.0994 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:15:36.0010 4348 upnphost - ok
    18:15:36.0041 4348 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
    18:15:36.0041 4348 upperdev - ok
    18:15:36.0088 4348 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    18:15:36.0088 4348 USBAAPL64 - ok
    18:15:36.0127 4348 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    18:15:36.0130 4348 usbaudio - ok
    18:15:36.0163 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:15:36.0165 4348 usbccgp - ok
    18:15:36.0202 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:15:36.0204 4348 usbcir - ok
    18:15:36.0234 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    18:15:36.0236 4348 usbehci - ok
    18:15:36.0275 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:15:36.0281 4348 usbhub - ok
    18:15:36.0306 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    18:15:36.0308 4348 usbohci - ok
    18:15:36.0323 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:15:36.0325 4348 usbprint - ok
    18:15:36.0340 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:15:36.0342 4348 usbscan - ok
    18:15:36.0361 4348 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
    18:15:36.0363 4348 usbser - ok
    18:15:36.0375 4348 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
    18:15:36.0376 4348 UsbserFilt - ok
    18:15:36.0411 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:15:36.0413 4348 USBSTOR - ok
    18:15:36.0417 4348 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:15:36.0418 4348 usbuhci - ok
    18:15:36.0468 4348 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    18:15:36.0472 4348 usbvideo - ok
    18:15:36.0505 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:15:36.0509 4348 UxSms - ok
    18:15:36.0521 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:15:36.0522 4348 VaultSvc - ok
    18:15:36.0555 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:15:36.0556 4348 vdrvroot - ok
    18:15:36.0604 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:15:36.0613 4348 vds - ok
    18:15:36.0635 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:15:36.0636 4348 vga - ok
    18:15:36.0655 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:15:36.0656 4348 VgaSave - ok
    18:15:36.0701 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:15:36.0705 4348 vhdmp - ok
    18:15:36.0735 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:15:36.0737 4348 viaide - ok
    18:15:36.0769 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:15:36.0771 4348 volmgr - ok
    18:15:36.0816 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:15:36.0822 4348 volmgrx - ok
    18:15:36.0841 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:15:36.0843 4348 volsnap - ok
    18:15:36.0862 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:15:36.0864 4348 vsmraid - ok
    18:15:36.0933 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:15:36.0957 4348 VSS - ok
    18:15:37.0746 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:15:37.0747 4348 vwifibus - ok
    18:15:37.0787 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:15:37.0796 4348 W32Time - ok
    18:15:37.0806 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:15:37.0808 4348 WacomPen - ok
    18:15:37.0840 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:15:37.0842 4348 WANARP - ok
    18:15:37.0846 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:15:37.0848 4348 Wanarpv6 - ok
    18:15:38.0113 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:15:38.0136 4348 WatAdminSvc - ok
    18:15:38.0198 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:15:38.0220 4348 wbengine - ok
    18:15:38.0608 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:15:38.0611 4348 WbioSrvc - ok
    18:15:38.0647 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:15:38.0655 4348 wcncsvc - ok
    18:15:38.0671 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:15:38.0674 4348 WcsPlugInService - ok
    18:15:38.0688 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:15:38.0689 4348 Wd - ok
    18:15:38.0714 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:15:38.0720 4348 Wdf01000 - ok
    18:15:38.0731 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:15:38.0733 4348 WdiServiceHost - ok
    18:15:38.0735 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:15:38.0736 4348 WdiSystemHost - ok
    18:15:38.0754 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:15:38.0757 4348 WebClient - ok
    18:15:38.0771 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:15:38.0775 4348 Wecsvc - ok
    18:15:38.0791 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:15:38.0793 4348 wercplsupport - ok
    18:15:38.0845 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:15:38.0849 4348 WerSvc - ok
    18:15:38.0873 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:15:38.0875 4348 WfpLwf - ok
    18:15:38.0906 4348 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    18:15:38.0908 4348 WimFltr - ok
    18:15:38.0931 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:15:38.0932 4348 WIMMount - ok
    18:15:38.0961 4348 WinDefend - ok
    18:15:38.0969 4348 WinHttpAutoProxySvc - ok
    18:15:39.0059 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:15:39.0063 4348 Winmgmt - ok
    18:15:39.0120 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:15:39.0148 4348 WinRM - ok
    18:15:39.0255 4348 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:15:39.0257 4348 WinUsb - ok
    18:15:39.0297 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:15:39.0308 4348 Wlansvc - ok
    18:15:39.0363 4348 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:15:39.0365 4348 wlcrasvc - ok
    18:15:39.0487 4348 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:15:39.0517 4348 wlidsvc - ok
    18:15:39.0561 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:15:39.0562 4348 WmiAcpi - ok
    18:15:39.0605 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:15:39.0609 4348 wmiApSrv - ok
    18:15:39.0636 4348 WMPNetworkSvc - ok
    18:15:39.0703 4348 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
    18:15:39.0708 4348 WMZuneComm - ok
    18:15:39.0719 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:15:39.0723 4348 WPCSvc - ok
    18:15:39.0749 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:15:39.0751 4348 WPDBusEnum - ok
    18:15:39.0779 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:15:39.0781 4348 ws2ifsl - ok
    18:15:39.0791 4348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    18:15:39.0793 4348 wscsvc - ok
    18:15:39.0826 4348 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    18:15:39.0828 4348 WSDPrintDevice - ok
    18:15:39.0832 4348 WSearch - ok
    18:15:39.0948 4348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    18:15:39.0983 4348 wuauserv - ok
    18:15:40.0090 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:15:40.0093 4348 WudfPf - ok
    18:15:40.0132 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:15:40.0135 4348 WUDFRd - ok
    18:15:40.0155 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:15:40.0159 4348 wudfsvc - ok
    18:15:40.0199 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:15:40.0205 4348 WwanSvc - ok
    18:15:40.0241 4348 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    18:15:40.0243 4348 xusb21 - ok
    18:15:40.0495 4348 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
    18:15:40.0610 4348 ZuneNetworkSvc - ok
    18:15:40.0639 4348 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    18:15:40.0644 4348 ZuneWlanCfgSvc - ok
    18:15:40.0653 4348 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    18:15:40.0897 4348 \Device\Harddisk0\DR0 - ok
    18:15:41.0035 4348 Boot (0x1200) (2bd812be402c08e0d8789da6cb0d25e2) \Device\Harddisk0\DR0\Partition0
    18:15:41.0039 4348 \Device\Harddisk0\DR0\Partition0 - ok
    18:15:41.0074 4348 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
    18:15:41.0093 4348 \Device\Harddisk0\DR0\Partition1 - ok
    18:15:41.0093 4348 ============================================================
    18:15:41.0093 4348 Scan finished
    18:15:41.0093 4348 ============================================================
    18:15:41.0105 4344 Detected object count: 0
    18:15:41.0105 4344 Actual detected object count: 0
     
  6. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi vampirehunter,


    Download and run OTL
    1. Download OTL to your desktop.
    2. Right-click on OTL.exe and select Run as administrator to run it. Make sure all other windows are closed and let it run uninterrupted.
    3. Check the box beside Scan All Users
    4. Ensure Use SafeList is selected under Extra Registry
    5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


    Please reply with:
    • OTL logs (OTL.txt and Extras.txt)
     
  7. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    OTL logfile created on: 7/18/2012 8:16:49 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob and Amy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.96 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.26% Memory free
    11.92 Gb Paging File | 9.62 Gb Available in Paging File | 80.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.82 Gb Total Space | 777.61 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
    Drive D: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: FAMILYPC | User Name: Rob and Amy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/18 20:15:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
    PRC - [2012/06/29 05:40:10 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/23 16:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/09/18 17:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2009/09/17 14:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/07/04 12:38:14 | 000,065,536 | ---- | M] () -- C:\Brother\BPRSP\resources\BrSupSsp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 06:33:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 06:33:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 06:33:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 06:33:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/10 06:31:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 06:30:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 06:30:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 06:30:21 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 06:30:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 06:30:13 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/04/08 09:52:20 | 000,271,024 | ---- | M] () -- C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    MOD - [2009/09/17 14:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
    MOD - [2009/09/17 14:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
    MOD - [2009/09/17 14:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
    MOD - [2009/09/17 14:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
    MOD - [2009/09/17 14:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
    MOD - [2009/09/17 14:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
    MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
    MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
    MOD - [2009/09/17 14:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
    MOD - [2009/09/17 14:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
    MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    MOD - [2008/07/04 12:38:14 | 000,065,536 | ---- | M] () -- C:\Brother\BPRSP\resources\BrSupSsp.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/05 21:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/03/31 17:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2012/07/12 12:10:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/18 07:29:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/06/14 12:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0173151342482347mcinst.exe -- (0173151342482347mcinstcleanup) McAfee Application Installer Cleanup (0173151342482347)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/23 16:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/12/17 02:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2009/09/17 14:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/05 20:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
    DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/04/01 14:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9E833260-7906-4A4E-9C68-7B37924BE6D8}
    IE:64bit: - HKLM\..\SearchScopes\{9E833260-7906-4A4E-9C68-7B37924BE6D8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
    IE - HKLM\..\SearchScopes\{617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
    IE - HKU\.DEFAULT\..\SearchScopes\{C540EA72-5CE6-4ABB-9E9F-D54B07AD84D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {617BBC5C-CC71-44C8-AD7C-22FF2D6E1959}
    IE - HKU\S-1-5-18\..\SearchScopes\{C540EA72-5CE6-4ABB-9E9F-D54B07AD84D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes,DefaultScope = {117F631B-1401-43CF-B02D-4CC0CAD4BF5A}
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{117F631B-1401-43CF-B02D-4CC0CAD4BF5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{42377191-38C0-44C0-A819-0B8E214D6294}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=5de774d5-ab32-4d9c-9405-1b1c8e38acea&apn_sauid=A09C508C-8A80-46E1-8CFA-B877B9E7A126
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{EE871180-2F93-F8D2-D9F0-D4FC20ED2A5F}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultEngine: "Yahoo"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102810&gct=hp"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.type: 4


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob and Amy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/03/04 15:16:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/16 18:45:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/21 17:58:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 17:59:44 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/17 17:59:44 | 000,000,000 | ---D | M]

    [2010/03/02 18:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Extensions
    [2012/07/14 19:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\extensions
    [2012/04/09 17:39:58 | 000,002,333 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins\askcom.xml
    [2011/05/05 20:35:34 | 000,001,919 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins\bing-zugo.xml
    [2010/04/27 17:10:42 | 000,004,772 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins\web-search.xml
    [2012/06/18 07:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/29 15:28:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/16 18:45:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2012/02/23 00:09:13 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\ROB AND AMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\22BBGJMF.DEFAULT\EXTENSIONS\[email protected]
    [2012/06/18 07:29:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
    [2012/06/18 07:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/04/22 17:18:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/05/09 16:35:23 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/07/14 19:14:23 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/06/18 07:29:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rob and Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Rob and Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: SiteAdvisor = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
    CHR - Extension: Gmail = C:\Users\Rob and Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Gaming support for ArcadeWeb) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll (Arcade Web LLC)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [] File not found
    O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [ScanSoft] C:\Users\Rob and Amy\AppData\Local\ScanSoft\hdfearpo.dll (flashget)
    O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Rob and Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C106019A-733B-479D-A838-578228C4CB55}: DhcpNameServer = 8.8.8.8
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/20 00:14:28 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{d22ca95e-20e2-11df-9ac3-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d22ca95e-20e2-11df-9ac3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- [2010/04/01 03:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
    O33 - MountPoints2\{dfa2327a-9582-11df-bfe6-002564ec7592}\Shell - "" = AutoRun
    O33 - MountPoints2\{dfa2327a-9582-11df-bfe6-002564ec7592}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
    O33 - MountPoints2\I\Shell\phone\command - "" = I:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/18 20:15:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
    [2012/07/16 22:11:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob and Amy\Desktop\TDSSKiller.exe
    [2012/07/15 11:06:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob and Amy\Desktop\dds.com
    [2012/07/15 11:04:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rob and Amy\Desktop\HijackThis.exe
    [2012/07/14 19:16:16 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/07/14 11:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Personal Utilities
    [2012/07/14 08:33:15 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5D8A9934-4F54-404B-B082-8B981091FC3B}
    [2012/07/14 08:33:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{8A7F3093-3BB1-42E5-BA26-EF97A26FF38D}
    [2012/07/14 07:01:42 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A28F399B-28F2-42FE-BE6C-D1423EFE7B70}
    [2012/07/14 06:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{39898E74-6880-4559-AAEC-4F59EED850B7}
    [2012/07/13 07:03:41 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CE17FFF4-3CF2-480D-B7BD-0F28E0F156B3}
    [2012/07/12 23:11:31 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{DD91969F-3DB0-481E-9872-A699167F4EE6}
    [2012/07/12 06:48:10 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B491DEEA-6F18-4FC5-8BD2-FE1AEB82B19F}
    [2012/07/12 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{675FC71A-FD2C-4FBA-810E-F361047620BF}
    [2012/07/11 23:32:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/07/11 23:32:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/07/11 23:32:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/07/11 23:32:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/07/11 23:32:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/07/11 23:32:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/07/11 23:32:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/07/11 23:32:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/07/11 23:32:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/07/11 23:32:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/07/11 23:32:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/07/11 23:32:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/07/11 23:32:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/07/11 06:44:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2012/07/11 06:44:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2012/07/11 06:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/07/11 06:44:45 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
    [2012/07/11 06:44:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
    [2012/07/11 06:39:45 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{FEDD4B7E-9079-4865-8BAA-024E223B2897}
    [2012/07/11 06:39:33 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{26C2020B-754E-4ABE-9CF5-C32C287E4BEC}
    [2012/07/10 06:50:39 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{9FEC1250-AC7A-4A2D-8527-7CEED62097C2}
    [2012/07/10 06:50:28 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{0AACD59D-4503-4662-92F6-C9A4F822B55F}
    [2012/07/08 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\Documents\PICTURES
    [2012/07/08 06:42:10 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{53CAB3B6-D1EE-4484-97D3-717E466465DE}
    [2012/07/08 06:41:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{C62D9088-12A4-4F27-8993-346082BC673D}
    [2012/07/07 06:58:31 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{05D96F4F-1E37-4686-87B6-717008866D49}
    [2012/07/07 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{FE6E92CB-DCB1-45D2-ABEA-143E3AFDBCCF}
    [2012/07/06 06:30:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{DAF492BB-73F9-4EF8-932A-904FAF272FAE}
    [2012/07/06 06:30:12 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43D8C86C-B55A-427E-9472-808F39E63EDE}
    [2012/07/05 01:17:17 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{882BF0BC-42BE-4EBB-96A4-DAAE52ECBC33}
    [2012/07/05 01:17:03 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CE0F9943-BFCA-4D0C-8A21-60A4F6FEB842}
    [2012/07/04 07:06:19 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{42AF3974-BEF6-4DFB-808F-EC0F6840FD4F}
    [2012/07/03 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{74F86EB0-326B-47B7-A0B8-CCD87341CB31}
    [2012/07/03 06:40:59 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{23BD8FCC-D2CA-4DEB-ABAB-B8E9AE0A2B1D}
    [2012/07/03 06:40:46 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{1BB8B8FA-F0CE-4C05-A0FF-7234B9B76816}
    [2012/07/02 06:29:39 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{192DF93F-A070-4177-8FA9-2ED93AC111FB}
    [2012/07/02 06:29:28 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{877D2944-F14A-42F5-86ED-21D1FCC68630}
    [2012/07/01 02:40:06 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{BDA2F858-D051-4ED4-AD54-EF86CF594D0D}
    [2012/07/01 02:39:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{456B9ED4-6510-4338-8DE5-5EC4EBC9D1B3}
    [2012/06/30 07:19:18 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{83D4416C-0548-4A44-B9A5-1C60050D4DDF}
    [2012/06/30 07:19:07 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{487E57D7-6FA0-4847-9AC0-31CC56E2B652}
    [2012/06/29 06:31:43 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{02EB1F74-7F53-43B6-BD16-19DAA1182428}
    [2012/06/29 06:31:22 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43EA8E64-17F5-41E5-8F2B-3942DE4EAA6F}
    [2012/06/28 18:30:53 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5C404E56-75A9-4C6D-939A-FA01047A1F50}
    [2012/06/28 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{40620214-136F-4B47-A6EE-C5E11DD030C4}
    [2012/06/28 06:30:07 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A3FFF3A0-B774-4DEF-A354-ACDD8B855138}
    [2012/06/28 06:29:56 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{6E93B2CD-9337-4850-B158-2303950F1501}
    [2012/06/27 06:34:38 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{1CD81F85-4F7C-4695-A57B-518338D3D909}
    [2012/06/27 06:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{8FCFFED0-FC37-49B0-A230-22CF46D1F0C0}
    [2012/06/26 23:45:58 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{CBE1B353-C7C2-490E-BDF8-94CA8F81EE76}
    [2012/06/25 07:13:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{AD7A34CD-89B6-4577-9518-30A3E3699937}
    [2012/06/25 07:12:43 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B004B879-75F5-446A-A77A-5B135324E3D3}
    [2012/06/24 06:53:37 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{AC9E5B34-855D-41D0-B2A4-C0D31126756C}
    [2012/06/24 06:53:25 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{91580D28-3919-4F74-9D09-D8035A1B0090}
    [2012/06/23 15:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato
    [2012/06/23 15:50:30 | 000,000,000 | ---D | C] -- C:\gPotato
    [2012/06/23 14:04:52 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\Deployment
    [2012/06/23 07:57:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{6DC0080C-8F75-4B7B-A023-FFC09E4950F0}
    [2012/06/23 07:57:22 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{87CF7DAA-431A-4087-AD05-E7A65D14F68A}
    [2012/06/22 17:46:16 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{B117AC22-57BB-4A43-B8F5-4AC0B1CDCD21}
    [2012/06/22 17:46:06 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{F4FB8A67-479C-4BC6-85BB-69FD5D308F8D}
    [2012/06/22 05:52:14 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{43351FBB-CD1A-4607-BE38-2F0CC92BA8EA}
    [2012/06/22 05:52:02 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{A220C7F0-B99C-4E38-B751-2E361EDF0F32}
    [2012/06/21 06:30:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
    [2012/06/21 06:30:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
    [2012/06/21 06:30:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
    [2012/06/21 06:30:16 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
    [2012/06/21 06:30:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
    [2012/06/21 06:30:16 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
    [2012/06/21 06:30:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
    [2012/06/21 06:30:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
    [2012/06/21 06:26:54 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{841CF895-56A8-46B0-BB3B-C4D8FADDC848}
    [2012/06/21 06:26:36 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{77D6D850-AB40-4665-9AF9-5C3E9CF0F4F0}
    [2012/06/20 06:19:05 | 000,000,000 | ---D | C] -- C:\Users\Rob and Amy\AppData\Local\{5F9827B0-DECE-4B8F-BCFA-50960D38ACFC}
    [2010/03/02 18:03:23 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Rob and Amy\AppData\Roaming\DataSafeDotNet.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/18 20:15:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Amy\Desktop\OTL.exe
    [2012/07/18 20:14:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/18 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/18 19:25:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001UA.job
    [2012/07/18 11:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001Core.job
    [2012/07/17 21:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/17 18:14:30 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob and Amy\Desktop\TDSSKiller.exe
    [2012/07/17 18:13:58 | 002,117,152 | ---- | M] () -- C:\Users\Rob and Amy\Desktop\tdsskiller.zip
    [2012/07/16 18:44:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/16 18:44:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/15 12:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/15 12:27:03 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/15 11:06:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob and Amy\Desktop\dds.com
    [2012/07/15 11:03:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rob and Amy\Desktop\HijackThis.exe
    [2012/07/14 12:53:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/12 12:10:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/07/12 12:10:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/12 09:09:20 | 000,001,135 | ---- | M] () -- C:\Users\Rob and Amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/07/12 06:46:53 | 000,309,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/11 16:01:15 | 000,004,096 | -H-- | M] () -- C:\Users\Rob and Amy\AppData\Local\keyfile3.drm
    [2012/07/05 14:54:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/23 15:55:18 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
    [2012/06/23 14:15:54 | 000,733,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/23 14:15:54 | 000,629,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/23 14:15:54 | 000,108,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/19 16:04:02 | 000,000,000 | ---- | M] () -- C:\Users\Rob and Amy\Documents\Nuance Image Printer Writer Port
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/17 18:14:00 | 002,117,152 | ---- | C] () -- C:\Users\Rob and Amy\Desktop\tdsskiller.zip
    [2012/07/14 19:15:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001UA.job
    [2012/07/14 19:15:44 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945082049-3120335163-541019017-1001Core.job
    [2012/07/11 16:01:15 | 000,004,096 | -H-- | C] () -- C:\Users\Rob and Amy\AppData\Local\keyfile3.drm
    [2012/06/23 15:55:18 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\Rappelz.lnk
    [2012/06/19 16:04:02 | 000,000,000 | ---- | C] () -- C:\Users\Rob and Amy\Documents\Nuance Image Printer Writer Port
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/23 15:47:36 | 000,747,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/23 15:47:33 | 000,000,401 | ---- | C] () -- C:\Windows\Mail2Contact.ini
    [2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/01/27 15:30:13 | 000,455,237 | ---- | C] () -- C:\Users\Rob and Amy\green documents.pdf
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/06/28 23:12:22 | 000,000,281 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Roaming\Network Meter_Settings.ini
    [2011/06/28 07:37:56 | 000,103,784 | ---- | C] () -- C:\Users\Rob and Amy\GoToAssistDownloadHelper.exe
    [2011/06/24 11:43:08 | 000,000,412 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Roaming\All CPU Meter_Settings.ini
    [2011/05/09 16:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
    [2011/04/25 19:22:02 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
    [2011/04/25 19:21:22 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2011/04/25 19:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2011/04/25 19:21:21 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
    [2011/04/25 19:21:20 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
    [2011/04/25 19:19:27 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
    [2010/06/22 23:50:02 | 000,007,618 | ---- | C] () -- C:\Users\Rob and Amy\AppData\Local\resmon.resmoncfg
    [2010/05/12 12:30:18 | 000,060,304 | ---- | C] () -- C:\Users\Rob and Amy\g2mdlhlpx.exe
    [2010/03/03 12:53:32 | 000,042,263 | ---- | C] () -- C:\Users\Rob and Amy\ordercomplete.aspx.htm
    [2008/07/09 19:21:56 | 000,000,000 | ---- | C] () -- C:\Users\Rob and Amy\Ÿ9Ÿ9
    [2008/06/20 12:26:13 | 000,000,118 | ---- | C] () -- C:\Users\Rob and Amy\default.pls
    [2008/06/12 16:47:48 | 000,001,080 | ---- | C] () -- C:\Users\Rob and Amy\NORInfo.ini
    [2008/06/12 16:47:48 | 000,000,084 | ---- | C] () -- C:\Users\Rob and Amy\USBInfo.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 860 bytes -> C:\Users\Rob and Amy\Documents\Court Orders for Guardianship.eml:OECustomProperty

    < End of report >
     
  8. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    OTL Extras logfile created on: 7/18/2012 8:16:49 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob and Amy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.96 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.26% Memory free
    11.92 Gb Paging File | 9.62 Gb Available in Paging File | 80.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.82 Gb Total Space | 777.61 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
    Drive D: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: FAMILYPC | User Name: Rob and Amy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{052E308A-1D5A-4B87-9ADD-8BB02F687592}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0544E167-676B-4BA4-A1A3-651F4B77F771}" = rport=139 | protocol=6 | dir=out | app=system |
    "{05AAF869-BC7F-4212-A946-1D4354292124}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{06C6BD8D-0E72-45BD-9188-B9B69A6728E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{08857CBD-899D-4EDC-BE38-9D7B3A86E028}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1276F8D6-E623-4EC0-BA8F-DD7C4952E0F3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{132D82E4-AF41-48A3-997E-506E98104EA1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{14741AEF-BFEC-4ABC-AA8C-898EF2CE102B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{23471078-ED80-46A6-BF35-0372A8F37FD7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{247C5A3E-C5BA-418A-9A6C-3F79956677B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2829F85D-587D-499A-A5A4-94D3FCD40EF0}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2B04AA32-6FDA-41D2-B36F-9CD33C95784F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{2D8D0467-74FB-4BD3-9661-D2481E6D6B74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{35043F77-1923-4FA4-A5B2-BD1F117D7E74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{44ACA0F1-42BB-4122-B650-FFB03225D793}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{521AE983-96B7-437F-97E0-E06E24E5D8CF}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5C47A764-7B5C-481C-9B85-F2D8E1A57A69}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{6366900D-6E1E-48CB-A4E2-4AEA9F318E47}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7372C5E9-DD85-4A6F-8317-D4E9B86B9B6D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{77C651EF-4C69-4525-AE1C-78B9A80D646B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8F96778D-664D-489E-9A1F-E65845C4C0EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B265F07A-937E-4C2C-AF50-DF964DCB5DF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B88A3FA0-F3E4-4DBE-B6CD-3F0285590F15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B9560C5C-4083-483C-981C-40D3A4676961}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{B9B402A9-37AE-4F2D-8457-BC4B3CBD8FAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C18B5ACE-4504-4C1D-BFD8-3DA6351AEBFC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CB055DA5-1EC6-432F-A3FD-6CA480438136}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CCC71E9D-2ABE-4D78-B620-20CEA0D80623}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CE398A9A-D767-441C-8038-FAF7DC8BDFF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D45E63E8-1995-4F5E-8117-C5BF2B9E57F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{DB18077A-56FE-40D9-B35D-779B204720D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{DC545FA5-57E8-4FC2-A062-B0D5C6C66A4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E8C903C1-036C-4800-BCA3-4B5DB30381FC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F1E1B2AA-4CF6-4C26-A714-DA8A73E44FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03B89F08-8382-4DF7-9AF5-A051E15F1E2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{067268B3-669E-41E9-938F-D7223C4C7F48}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{077CF908-0D28-44D8-8AB6-FC442BAA36BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1612DEFD-2811-40AA-B316-81CED0627EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{1E549AB3-B015-41F4-826C-6B4482C76E0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{21396C7D-589A-42D8-97AA-27E40BAA8D78}" = protocol=6 | dir=in | app=c:\users\rob and amy\downloads\pdfconvertersetup.exe |
    "{25C8495D-DFC0-4281-BB33-D81EFEDCD738}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{2675962E-436F-4D7B-A2E3-46EFC452DEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{2867C3CA-4D0E-4FB1-8464-7E0D663EA4B5}" = protocol=6 | dir=out | app=system |
    "{2AD5C38E-49FE-477F-B737-3639CDA80267}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2B70A4B7-6AC7-4920-9FCE-A625664FC311}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2D9F9096-7EAB-4448-9B76-14D394DAE148}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{40E6FB4B-0408-453B-A29D-DEAF98274885}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{42D9A6B9-27A8-44E7-875E-1698DFD2245A}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
    "{466FC6DD-5B2E-4C9D-9508-2C0E1D6231AA}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
    "{486073CA-03DC-4146-BB77-C514A98B93F0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
    "{568C1941-44B7-41D1-9EE3-73B1362F4CA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{5BBF38E1-0A3F-4890-A5A5-C5840996960D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{60287EF3-F311-4A13-B4E0-8B51BCE0B010}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{67C4F250-A9EF-4DFD-80B1-F9002C94A49D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{685FE055-6C81-446B-A64D-719BEB5BABE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{689ECDE2-16FC-45A6-9433-7AABA53FE4E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{697EFE14-BD29-43B3-9F6B-5DE6FF60E7DA}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
    "{6A2D885F-4305-45F4-9B45-DF6C2617EF1A}" = protocol=6 | dir=in | app=c:\users\rob and amy\appdata\roaming\mjusbsp\magicjack.exe |
    "{6B875D57-B636-4E58-AE7B-63994C88A754}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6C81D26A-5614-447E-93D3-96670A35C051}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{766DB5B4-D0EF-495A-A2B2-C404C17B1EC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{77E901FC-B967-4013-9E8B-F800D7C29C38}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{7DFE0853-28D3-452D-94B1-254013F3CB16}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{7E1490AD-9796-46E8-B587-FC10D8DB47E7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{83F38C2F-D96B-4E97-A7B3-A7D8899496DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{86F45056-05D1-4B00-A776-38777D9CB15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8AB74319-0A09-4337-BA1D-128FA34405D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C5314FF-4C0B-4C4E-B10A-DA31AC86D5FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{90D2CEE2-AE45-4B2F-B474-972C4D38CBEC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{94D1AC10-5CE5-4137-8E30-4076384C66EF}" = protocol=17 | dir=in | app=c:\users\rob and amy\appdata\roaming\mjusbsp\magicjack.exe |
    "{955ECBF5-E2C8-469C-99DF-9A35362AE9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{995969B8-993A-45C5-A93B-5E5FCD272CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{9C0F107B-8EF8-4506-8D3D-65D3293E5A46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A496B093-386F-4E3F-9F4B-F2D54E108057}" = protocol=17 | dir=in | app=c:\users\rob and amy\downloads\pdfconvertersetup.exe |
    "{A6362FA3-5782-432A-98CA-2E9A8FA9D204}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A7BAD80C-6F0B-489F-B707-DB894E219E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
    "{AB86E699-FCA3-43B1-A71F-2C10C85AE808}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{B54AA2B8-2088-4DF4-83A3-3966AEAD30B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B7722357-F8F9-48C0-A309-9A79C99123A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B9D7FD4E-68E6-483C-93D2-E7E2D015FDA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BB382EC8-B19D-4207-84C4-965BB3497375}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{BE17FFFB-4EB9-413A-9ADB-D5FB373645C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C52B49BF-32F3-4B18-91D0-7609FC3BD32B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C95C78AA-6077-43FD-9EA6-A762DB733AE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CD8791D4-5630-431A-9D68-8887F90A7518}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{D0F4DD32-9885-431D-BA19-C84B238A0AFF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{D2B7AF7E-3DCA-43EA-BA13-42687B9DDC0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D5AC7018-2291-4F36-997F-D9E1788F5FC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D9B3F910-EBC3-4021-ADC8-419FB958B295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DCCD32D8-68A1-4027-96A2-66C5D03CDFC7}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
    "{E4A3BFA7-5660-4066-AD85-0690F52DA656}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{FB2AC217-9E9B-4154-953D-C3B9D09E98D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FF531862-547C-481A-98E1-4F9B31DD1DB2}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7852365E-0AD2-CE95-B463-8C6B87DE614C}" = ccc-utility64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{035DB669-4995-8447-0229-D8BEC6B8605F}" = Catalyst Control Center Graphics Full Existing
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
    "{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-795CW
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B97F19A-BD2B-A127-8474-E2575F92F21A}" = Catalyst Control Center Core Implementation
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3C6BE429-9C6E-4A02-A085-73FB485D3BBA}" = LeapFrog Tag Plugin
    "{4160D554-3CEA-9FBB-7298-6D729BF56062}" = ccc-core-static
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4BC83065-F98B-4DB1-B4AE-AA2F1FA9BA2B}" = LeapFrog Connect
    "{4D4B649B-F843-4AD2-7566-3743AC1B68FE}" = Catalyst Control Center Graphics Light
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7E5CFA33-2164-C305-6CA5-E4B377ABE544}" = Catalyst Control Center Graphics Previews Common
    "{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
    "{8040527F-DD74-4B45-8A06-C4BF145B6C76}" = Brother Product Research and Support Program
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
    "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CE5E0C8-727D-FC08-DABB-E6887AE9847E}" = Catalyst Control Center Graphics Previews Vista
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF52DCD4-C3A5-2811-32A6-14869CD166D7}" = Catalyst Control Center Graphics Full New
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D34C2E60-185F-FACB-62F3-8747647B8971}" = Catalyst Control Center InstallProxy
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E303B395-E0C1-42E6-9EF9-F3BC23DEF2D7}" = Remote Printer Console
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E51BB4BB-2FB0-957B-1E4A-9D978CF0B801}" = CCC Help English
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EAC1B6CA-168F-446C-92DA-179424798D0F}" = Dutch Boy Color Simplicity
    "{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F01AAB6D-7BF3-4E4B-9401-3368E4AFCC24}" = Brother HL-5240
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "amg-texttwist2" = TextTwist 2
    "amg-zumadeluxe" = Zuma Deluxe
    "am-superfruitfrolic" = Super Fruit Frolic
    "am-supergamehousesolitaire" = Super GameHouse Solitaire
    "am-superpopdrop" = Super Pop & Drop
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Digital Editions" = Adobe Digital Editions
    "eFile Express 2010" = eFile Express 2010
    "FoxTab PDF Converter" = FoxTab PDF Converter
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "OUTLOOKR" = Microsoft Office Outlook 2007
    "Plants vs. Zombies" = Plants vs. Zombies
    "Public Mail2Contact_is1" = Public Mail2Contact
    "Rhapsody" = Rhapsody
    "Super GameHouse Solitaire Vol. 1" = Super GameHouse Solitaire Vol. 1
    "Super GameHouse Solitaire Vol. 2" = Super GameHouse Solitaire Vol. 2
    "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    "Trivial Pursuit Digital Choice_is1" = Trivial Pursuit Digital Choice v1.3.0 for Windows XP/Vista
    "UPCShell" = LeapFrog Connect
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.0.0.799
    "magicJack" = magicJack

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/9/2012 3:54:51 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/09 14:54:51.649]: [00004580]: ##### Fatal ERROR!!
    Create STI-device failed! #####

    Error - 7/9/2012 3:54:51 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/09 14:54:51.649]: [00004580]: Initialize TwdsMain
    Class failed!

    Error - 7/11/2012 8:17:57 AM | Computer Name = FamilyPC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
    stamp: 0x4fec0d4d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc000070a Fault offset: 0x0009c76d Faulting process
    id: 0x1368 Faulting application start time: 0x01cd5f5f31a8c148 Faulting application
    path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
    path: C:\Windows\SysWOW64\ntdll.dll Report Id: 72529073-cb52-11e1-91f3-002564ec7592

    Error - 7/11/2012 4:58:35 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/11 15:58:35.124]: [00005968]: ##### Fatal ERROR!!
    Create STI-device failed! #####

    Error - 7/11/2012 4:58:35 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/11 15:58:35.124]: [00005968]: Initialize TwdsMain
    Class failed!

    Error - 7/12/2012 3:42:33 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/12 14:42:33.123]: [00006040]: ##### Fatal ERROR!!
    Create STI-device failed! #####

    Error - 7/12/2012 3:42:33 PM | Computer Name = FamilyPC | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/12 14:42:33.123]: [00006040]: Initialize TwdsMain
    Class failed!

    Error - 7/14/2012 1:54:59 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
    Description = The program mbam.exe version 1.62.0.87 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: b9c Start Time:
    01cd61e9a32b4b50 Termination Time: 16 Application Path: C:\Program Files (x86)\Malwarebytes'
    Anti-Malware\mbam.exe Report Id: 044e4e1f-cddd-11e1-afed-002564ec7592

    Error - 7/14/2012 8:13:40 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: c38 Start
    Time: 01cd621ea612f9fb Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: eac73457-ce11-11e1-85e7-002564ec7592

    Error - 7/15/2012 2:22:37 PM | Computer Name = FamilyPC | Source = Application Hang | ID = 1002
    Description = The program SIMCITY.EXE version 1.0.0.1 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1454 Start Time:
    01cd62b1cea61301 Termination Time: 0 Application Path: C:\Program Files (x86)\SimCity
    2000 - Special Edition\SIMCITY.EXE Report Id: 08e0023d-ceaa-11e1-9a0b-002564ec7592


    [ Media Center Events ]
    Error - 1/13/2012 8:45:20 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:45:20 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


    Error - 1/13/2012 8:46:25 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:46:21 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


    Error - 1/17/2012 8:55:06 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:55:00 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


    Error - 1/18/2012 8:53:04 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:53:04 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


    Error - 1/18/2012 8:54:09 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:54:05 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


    Error - 1/19/2012 9:19:46 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 7:19:45 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)


    Error - 1/19/2012 9:20:52 AM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 7:20:46 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80080005)


    Error - 2/22/2012 7:28:31 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 5:28:31 PM - Error connecting to the internet. 5:28:31 PM - Unable
    to contact server..

    Error - 2/22/2012 7:29:03 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 5:29:00 PM - Error connecting to the internet. 5:29:00 PM - Unable
    to contact server..

    Error - 2/22/2012 8:30:32 PM | Computer Name = FamilyPC | Source = MCUpdate | ID = 0
    Description = 6:30:32 PM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 7/15/2012 12:24:22 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
    Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
    from loading due to incompatibility with this system. Please contact your software
    vendor for a compatible version of the driver.

    Error - 7/15/2012 12:24:25 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
    Description = The NPPTNT2 service failed to start due to the following error: %%2

    Error - 7/15/2012 1:26:06 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
    Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
    from loading due to incompatibility with this system. Please contact your software
    vendor for a compatible version of the driver.

    Error - 7/15/2012 1:26:09 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
    Description = The NPPTNT2 service failed to start due to the following error: %%2

    Error - 7/15/2012 1:28:34 PM | Computer Name = FamilyPC | Source = Application Popup | ID = 1060
    Description = \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked
    from loading due to incompatibility with this system. Please contact your software
    vendor for a compatible version of the driver.

    Error - 7/15/2012 1:28:36 PM | Computer Name = FamilyPC | Source = Service Control Manager | ID = 7000
    Description = The NPPTNT2 service failed to start due to the following error: %%2

    Error - 7/16/2012 1:37:14 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/16/2012 1:37:15 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/17/2012 1:37:14 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/17/2012 1:37:15 PM | Computer Name = FamilyPC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.1723.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.


    < End of report >
     
  9. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    I just noticed that when i use Chrome, my McAfee Site Advisor extension will intermittently disappear. I dont know if thats relevant or not but thought that i would mention it.
     
  10. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi vampirehunter,
    After doing the following let me know how your computer is running.


    Run OTL Script
    1. Right-click OTL.exe and select Run as administrator to start the program
    2. Click the None button at the top
    3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
      Code:
      :OTL
      MOD - [2010/04/08 09:52:20 | 000,271,024 | ---- | M] () -- C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
      IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
      IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102810&gct=hp
      IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
      IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=en_US&apn _ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=5de774d5-ab32-4d9c-9405-1b1c8e38acea&apn_sauid=A09C508C-8A80-46E1-8CFA-B877B9E7A126
      IE - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102810&gct=hp"
      FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
      [2012/04/09 17:39:58 | 000,002,333 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \askcom.xml
      [2011/05/05 20:35:34 | 000,001,919 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \bing-zugo.xml
      [2010/04/27 17:10:42 | 000,004,772 | ---- | M] () -- C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \web-search.xml
      [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
      [2011/04/08 11:37:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
      [2011/05/09 16:35:23 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
      O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O2 - BHO: (Gaming support for ArcadeWeb) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll (Arcade Web LLC)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKU\S-1-5-21-945082049-3120335163-541019017-1001..\Run: [] File not found
      O4 - HKLM..\RunOnceEx: [] File not found
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
      O15 - HKU\S-1-5-21-945082049-3120335163-541019017-1001\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      :Files
      C:\Program Files (x86)\Search Toolbar
      C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
      C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
      C:\Users\Rob and Amy\AppData\Local\ArcadeWeb
      
      :Commands
      [EMPTYTEMP]
    4. Then click the Run Fix button at the top.
    5. If prompted, Click OK
    6. OTL may ask to reboot the computer. Please do so if asked
    7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

      Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


    Please reply with:
    • OTL results
    • Update on computer's performance
     
  11. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    here is the OTL log. I will post back with a performance update after i have used the computer a bit.


    All processes killed
    ========== OTL ==========
    Releasing module C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully.
    HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKU\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B6C668CE-023C-4278-94AC-763D3714E1F0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6C668CE-023C-4278-94AC-763D3714E1F0}\ not found.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "http://www.ask.com/?l=dis&o=102810&gct=hp" removed from browser.startup.homepage
    Prefs.js: [email protected]:5.1.1.0 removed from extensions.enabledItems
    File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \askcom.xml not found.
    File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \bing-zugo.xml not found.
    File C:\Users\Rob and Amy\AppData\Roaming\Mozilla\Firefox\Profiles\22bbgjmf.default\searchplugins \web-search.xml not found.
    C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2}\ deleted successfully.
    C:\Users\Rob and Amy\AppData\Local\ArcadeWeb\arcadeweb32.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magicjack.com\data\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magicjack.com\my\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-945082049-3120335163-541019017-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\talk4free.com\reg\ deleted successfully.
    C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP\WiseCustomCalla.exe deleted successfully.
    C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP folder deleted successfully.
    ========== FILES ==========
    C:\Program Files (x86)\Search Toolbar folder moved successfully.
    File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
    File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
    C:\Users\Rob and Amy\AppData\Local\ArcadeWeb folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Rob and Amy
    ->Temp folder emptied: 2098526752 bytes
    ->Temporary Internet Files folder emptied: 629474065 bytes
    ->Java cache emptied: 33937805 bytes
    ->FireFox cache emptied: 1109512302 bytes
    ->Google Chrome cache emptied: 163428006 bytes
    ->Apple Safari cache emptied: 4275200 bytes
    ->Flash cache emptied: 436107 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 666057315 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 196930352 bytes

    Total Files Cleaned = 4,676.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07192012_215134

    Files\Folders moved on Reboot...
    C:\Users\Rob and Amy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\CR_F3B72.tmp\SETUP_PATCH.PACKED.7Z scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Rob and Amy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/07/12 12:14:29 | 000,001,057 | ---- | M] () C:\Windows\temp\CR_F3B72.tmp\SETUP_PATCH.PACKED.7Z : MD5=F04D836AB010ED44B759AC389B160E66

    Registry entries deleted on Reboot...
     
  12. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    so far the computer seems to be working fine. Google hasnt redirected since the OTL script was run.
     
  13. vampirehunter

    vampirehunter Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    20
    google is still redirecting links periodically
     
  14. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi vampirehunter,
    Do the redirects happen in all browsers? Or one specifically?
    Do you have a USB flash drive? if so please run the following scan.


    ListParts
    1. Download ListParts64 to a USB flash drive.
    2. Plug the USB drive into the infected machine.

    Boot your computer into Recovery Environment

    1. Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    2. Select Repair your computer.
    3. Select Language and click Next
    4. Enter password (if necessary) and click OK, you should now see the screen below ...

      [​IMG]
    5. Select the Command Prompt option.
    6. A command window will open.
      • Type notepad then hit Enter.
      • Notepad will open.
        • Click File > Open then select Computer.
        • Note down the drive letter for your USB Drive.
        • Close Notepad.
    7. Back in the command window ....
      • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • ListParts will start to run.
        • Press the Scan button.
        • When finished scanning it will make a log Result.txt on the flash drive.
    8. Close the command window.
    9. Boot back into normal mode and post me the Result.txt log please.


    Please reply with:
    • Answer to questions
    • ListParts log (Result.txt)
     
  15. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi vampirehunter,

    Do you still require assistance?
    If you do not reply to this thread within 24 hours of this post, It will be removed from my subscribed threads list.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061124