1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Wells Fargo/Amex redirect

Discussion in 'Virus & Other Malware Removal' started by Kennyr, Feb 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    In IE only if I try to log onto my Wells Fargo or american Express account I am redirected to a phishing page. No re-direct when using Chrome

    All help greatly appreciated.
    Thank you
    Ken

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, x64 Family 6 Model 15 Stepping 11
    Processor Count: 4
    RAM: 3070 Mb
    Graphics Card: NVIDIA GeForce 8400 GS, 256 Mb
    Hard Drives: C: Total - 295978 MB, Free - 70822 MB; D: Total - 9264 MB, Free - 1265 MB; E: Total - 305242 MB, Free - 142844 MB; K: Total - 476937 MB, Free - 204659 MB;
    Motherboard: ASUSTeK Computer INC., Berkeley
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:05:26 PM, on 2/14/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe
    C:\Windows\STK02N\STK02NM.exe
    C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
    C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe
    C:\Users\Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\GoZone\GoZone_iSync.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files\Iomega\Quikprotect\QuikProtect.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTools.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Kenny\Desktop\HijackThis.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
    O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
    O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Skype] "C:\Users\Kenny\AppData\Roaming\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2184751800-3290655511-875200122-1009\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2184751800-3290655511-875200122-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
    O4 - Startup: Dropbox.lnk = Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
    O4 - Startup: iTunesHelper.exe - Shortcut.lnk = C:\Program Files\iTunes\iTunesHelper.exe
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\ColorVisionStartup\ColorVisionStartup.exe
    O4 - Global Startup: Iomega Storage Manager.lnk = C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe
    O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ?
    O4 - Global Startup: Trend Micro SafeSync.lnk = C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
    O4 - Global Startup: Twonky Tray Control.lnk = C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe
    O4 - Global Startup: UV Realtime.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    O23 - Service: Google Update Service (gupdate1c9b1864489ee90) (gupdate1c9b1864489ee90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: OnlineStorageService - Trend Micro Inc. - C:\Program Files\Trend Micro SafeSync\hrfscore.exe
    O23 - Service: PCloudd - Iomega Corp - C:\Program Files\Iomega Storage Manager\pCloudd.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\Quikprotect\QpMonitor.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    O23 - Service: TwonkyWebDav - Unknown owner - C:\Program Files\TwonkyMedia\twonkywebdav.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 20373 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_39
    Run by Kenny at 18:10:45 on 2013-02-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1239 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Iomega Storage Manager\pCloudd.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
    C:\Program Files\TwonkyMedia\twonkywebdav.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\alg.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe
    C:\Windows\STK02N\STK02NM.exe
    C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
    C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe
    C:\Users\Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\GoZone\GoZone_iSync.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files\Iomega\Quikprotect\QuikProtect.exe
    C:\Program Files\Trend Micro SafeSync\hrfscore.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTools.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kenny\Desktop\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
    BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - c:\program files\epson software\e-web print\ewps_tb.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\kenny\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
    uRun: [Akamai NetSession Interface] "c:\users\kenny\appdata\local\akamai\netsession_win.exe"
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [Skype] "c:\users\kenny\appdata\roaming\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    uRun: [AdobeBridge] <no file>
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    StartupFolder: c:\users\kenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kenny\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\kenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
    StartupFolder: c:\users\kenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\itunes~1.lnk - c:\program files\itunes\iTunesHelper.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\colorvisionstartup\ColorVisionStartup.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega storage manager\IomegaStorageManager.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\trendm~1.lnk - c:\program files\trend micro safesync\HrfsClient.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\twonky~1.lnk - c:\program files\twonkymedia\twonkymediaserverconfig.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\uvreal~1.lnk - c:\program files\uv realtime\UVRTAutostart.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{28FEDA5C-1BDF-412A-BBD2-0DF6BD1A3B06} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005} : DHCPNameServer = 192.168.2.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kenny\appdata\roaming\mozilla\firefox\profiles\yp9k3dyq.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL -
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\kenny\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\kenny\appdata\roaming\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\users\kenny\program files\dna\plugins\npbtdna.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-26 21504]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-26 21504]
    R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-23 198240]
    R2 hpsunidr;HPScanJet UniDriver;c:\windows\system32\drivers\hpsunidr.sys [2007-3-26 5376]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2012-9-8 213504]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-2-11 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-2-11 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-2-11 168384]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 TwonkyMedia;TwonkyMedia;c:\program files\twonkymedia\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\twonkymedia\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
    R2 TwonkyWebDav;TwonkyWebDav;c:\program files\twonkymedia\twonkywebdav.exe -start --> c:\program files\twonkymedia\twonkywebdav.exe -start [?]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 OnlineStorageService;OnlineStorageService;c:\program files\trend micro safesync\hrfscore.exe [2011-12-28 3980088]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b1864489ee90;Google Update Service (gupdate1c9b1864489ee90);c:\program files\google\update\GoogleUpdate.exe [2009-3-30 133104]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-3-5 401920]
    S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2011-4-13 101520]
    S3 EverestDriver;FinalWire EVEREST Kernel Driver;c:\users\kenny\downloads\everestultimate-discontinued-550-o1kx4dyabh\kerneld.wnt [2010-3-30 27800]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-8-23 968064]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
    S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [2008-12-4 19968]
    S3 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2012-5-9 384000]
    S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2012-3-19 19384]
    S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [2012-5-11 18000]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== File Associations ===============
    .
    .txt: <filetype is not registered>
    .js: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2013-02-14 09:02:24 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{22f7d192-281d-4ba3-8fe6-5865d3322f62}\mpengine.dll
    2013-02-13 08:02:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2013-02-13 05:20:56 2048512 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 05:20:51 1314816 ----a-w- c:\windows\system32\quartz.dll
    2013-02-13 05:20:49 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 05:20:49 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2013-02-13 05:20:42 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 05:20:41 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-12 21:25:41 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-02-11 23:48:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-02-11 23:48:35 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-02-11 23:48:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-02-10 22:45:47 -------- d-----w- c:\program files\Kaspersky Lab
    2013-02-10 22:45:46 -------- d-----w- c:\programdata\Kaspersky Lab
    2013-02-08 23:30:23 4200304 ----a-w- c:\windows\system32\cdintf400.dll
    .
    ==================== Find3M ====================
    .
    2013-02-08 01:57:15 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-08 01:57:15 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-15 21:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-15 21:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-05 18:12:14 81408 ----a-w- c:\windows\system32\E_TD4BHVA.DLL
    2013-01-05 18:12:13 95232 ----a-w- c:\windows\system32\E_TLBHVA.DLL
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 18:11:34.26 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/15/2007 3:23:07 AM
    System Uptime: 2/13/2013 3:48:16 AM (39 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Berkeley
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2394/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 64.866 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.236 GiB free.
    E: is FIXED (NTFS) - 298 GiB total, 139.497 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is FIXED (NTFS) - 466 GiB total, 199.863 GiB free.
    R: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: USB Wireless 802.11 b/g Adaptor
    Device ID: USB\VID_15A9&PID_0004\5&865097B&0&3
    Manufacturer: Lite-On
    Name: USB Wireless 802.11 b/g Adaptor
    PNP Device ID: USB\VID_15A9&PID_0004\5&865097B&0&3
    Service: netr73
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Iomega Virtual Ethernet Adapter
    Device ID: ROOT\ROOT&VNICDRV\0000
    Manufacturer: Iomega
    Name: Iomega Virtual Ethernet Adapter
    PNP Device ID: ROOT\ROOT&VNICDRV\0000
    Service: vNICdrv
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: HID-compliant mouse
    Device ID: HID\IRDEVICE&COL08\2&20751CD0&0&0007
    Manufacturer: Microsoft
    Name: HID-compliant mouse
    PNP Device ID: HID\IRDEVICE&COL08\2&20751CD0&0&0007
    Service: mouhid
    .
    ==== System Restore Points ===================
    .
    RP2205: 1/31/2013 6:18:15 PM - Windows Update
    RP2206: 1/31/2013 10:45:09 PM - Installed TurboTax 2012 wrapper
    RP2207: 2/1/2013 8:20:08 AM - Installed TurboTax 2012 wcaiper
    RP2208: 2/2/2013 12:00:15 AM - Scheduled Checkpoint
    RP2209: 2/4/2013 4:22:04 PM - Windows Update
    RP2210: 2/5/2013 8:45:49 AM - Installed Java(TM) 6 Update 39
    RP2211: 2/6/2013 12:00:04 AM - Scheduled Checkpoint
    RP2212: 2/7/2013 9:11:39 AM - Scheduled Checkpoint
    RP2213: 2/8/2013 12:00:03 AM - Scheduled Checkpoint
    RP2214: 2/8/2013 4:23:02 PM - Windows Update
    RP2215: 2/10/2013 12:00:08 AM - Scheduled Checkpoint
    RP2216: 2/10/2013 5:40:49 PM - Installed Kaspersky Security Scan.
    RP2217: 2/12/2013 4:24:15 PM - Windows Update
    RP2218: 2/13/2013 3:00:43 AM - Windows Update
    RP2219: 2/13/2013 11:26:21 AM - Removed Ask Toolbar.
    RP2220: 2/13/2013 11:33:31 AM - Removed Download Navigator
    RP2221: 2/14/2013 12:00:08 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    ActiveCheck component for HP Active Support Library
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Reader X (10.1.5)
    Adobe Widget Browser
    Adobe® Content Viewer
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Amazon Games & Software Downloader
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Self Support Tool
    Audacity 1.2.6
    AutoBackup
    Avanquest update
    Bing Bar
    BitTorrent
    bl
    Bonjour
    BufferChm
    ColorPlus
    ColorVisionStartup
    D3DX10
    Destinations
    DeviceDiscovery
    Dicom Viewer DEMO (Rubo)
    DNA
    DocMgr
    DocProc
    Dropbox
    eFax Messenger 4.3
    Enhanced Multimedia Keyboard Solution
    Epson Connect
    Epson Connect Printer Setup
    Epson Customer Participation
    Epson E-Web Print
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Printer Finder
    EPSON Scan
    EPSON WorkForce 645 Series Printer Uninstall
    EpsonNet Print
    eReg
    Fax
    Feedback Tool
    ffdshow [rev 2527] [2008-12-19]
    Fidelity Active Trader Pro®
    FileZilla (remove only)
    Flickr Uploadr 3.2
    FreeAgent Pro Tools
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin USB Drivers
    Garmin WebUpdater
    Google Advertising Cookie Opt-out
    Google Chrome
    Google Drive
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.0.0.320
    GoZone iSync
    GPBaseService2
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Driver Diagnostics
    HP Easy Setup - Frontend
    HP Imaging Device Functions 13.0
    HP Officejet 4500 G510n-z
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Picasso Media Center Add-In
    HP Product Detection
    HP Solution Center 13.0
    HP Update
    HPAsset component for HP Active Support Library
    HPDiagnosticAlert
    HPProductAssistant
    HPScanjet
    iCloud
    IMatch 3.6
    inSSIDer
    Intel(R) Network Connections Drivers
    Intel® Viiv™ Software
    Iomega QuikProtect
    Iomega Storage Manager
    iPhone Configuration Utility
    iSEEK AnswerWorks English Runtime
    ISO Recorder
    IsoBuster 2.4
    iTunes
    IZArc 3.81
    Java Auto Updater
    Java(TM) 6 Update 39
    Junk Mail filter update
    Kaspersky Security Scan
    LightScribe System Software
    LimeWire 5.1.4
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logicool Audio Echo Cancellation Component
    Logicool Qcam
    Logicool Video Enumerator
    Logicool Video User Mode Video Processing Layer (32-bit)
    Logicool® Camera Driver
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Logitech SetPoint 6.20
    MarketResearch
    Memeo AutoBackup
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MobileMe Control Panel
    Motorola Driver Installation
    Motorola Phone Tools
    Move Media Player
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee autoProducer 6.0
    NEF Codec
    Nero 7 Essentials
    neroxml
    NETGEAR XAV101 Configuration Utility
    Network
    Nikon Message Center
    Nikon Transfer
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 285.62
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OCR Software by I.R.I.S. 13.0
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Passware Kit Basic Demo 10.3
    PDF Settings CS6
    ph
    Picture Control Utility
    Porta
    PS-Utility
    PSSWCORE
    PxMergeModule
    Python 2.5
    Quicken 2013
    QuickTime
    Realtek High Definition Audio Driver
    Recuva
    Remote Control USB Driver
    Retrospect Express HD 2.0
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    RRDtool
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    Snapfish Picture Mover
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    Spyder2express
    Status
    STK02N 2.3
    SwiftCompare 1.3
    System Requirements Lab
    TextPad 5
    Times Reader
    Toolbox
    TrayApp
    Trend Micro SafeSync
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wcaiper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 wcaiper
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wrapper
    TurboTax Deluxe 2005
    TurboTax Deluxe 2007
    TurboTax ItsDeductible 2005
    TwonkyMedia
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UV Realtime
    VCRedistSetup
    VideoToolkit01
    ViewNX
    vReveal
    vReveal 3
    W Photo Studio
    WeatherBug Gadget
    WebReg
    WexTech AnswerWorks
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPcap 4.1.2
    Xilisoft AVI to DVD Converter 6
    Zero Assumption Recovery Version 8.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/13/2013 3:51:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    2/13/2013 3:51:18 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    2/13/2013 3:20:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/13/2013 3:20:37 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/13/2013 3:03:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-16 08:15:28
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725032VLA380 rev.V54OA7BA 298.09GB
    Running: p8r7s76n.exe; Driver: C:\Users\Kenny\AppData\Local\Temp\fwloqpog.sys


    ---- Kernel code sections - GMER 2.1 ----

    ? C:\Users\Kenny\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.1 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2252] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2252] ntdll.dll!NtProtectVirtualMemory 77114BA4 5 Bytes JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2252] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2252] user32.dll!SetScrollInfo + 7A8 75E57980 4 Bytes [4D, 27, 8B, 69]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[5368] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[5368] ntdll.dll!NtProtectVirtualMemory 77114BA4 5 Bytes JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[5368] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[5368] user32.dll!SetScrollInfo + 7A8 75E57980 4 Bytes [4D, 27, 8B, 69]

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}@Path (null)
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}@Hash 0x22 0xC8 0xA6 0xEB ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}@Triggers 0x15 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EBD217-5EBA-42FC-AD6A-28C552FB841C}@DynamicInfo 0x03 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsCalendar\Reminders - [email protected] (null)

    ---- EOF - GMER 2.1 ----
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    Thank you

    # AdwCleaner v2.112 - Logfile created 02/16/2013 at 11:02:28
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Kenny - KENNY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Kenny\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Kenny\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\Administrator.Kenny-PC\AppData\Local\Conduit
    Folder Deleted : C:\Users\Administrator.Kenny-PC\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Administrator.Kenny-PC\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Kenny\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Kenny\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    Folder Deleted : C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\extensions\[email protected]
    Folder Deleted : C:\Users\Kenny\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v3.6.13 (en-US)

    File : C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\prefs.js

    Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");

    -\\ Google Chrome v25.0.1364.84

    File : C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3885 octets] - [16/02/2013 11:02:28]

    ########## EOF - C:\AdwCleaner[S1].txt - [3945 octets] ##########


    RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Kenny [Admin rights]
    Mode : Scan -- Date : 02/16/2013 11:18:54
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 125.252.224.90
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT725032VLA380 ATA Device +++++
    --- User ---
    [MBR] 91391958f5c7f391dfbc71051d84a654
    [BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295978 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606164580 | Size: 9264 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDT725032VLA380 ATA Device +++++
    --- User ---
    [MBR] eeefee5fb6d978f1d3658b22d829f621
    [BSP] 50e7efcb11c85eaab36c595e2e0f59d9 : HP tatooed MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: Seagate FreeAgent Pro USB Device +++++
    --- User ---
    [MBR] efaae474bf56cd39e5d0462ccb81c6e6
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_02162013_02d1118.txt >>
    RKreport[1]_S_02162013_02d1118.txt
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    ADWCleaner has removed a few junk items of Adware, RogueKiller didn't find anything but an entry in the hosts file points to an address in Singapore, Akamai Technologies, does that mean anything to you.

    Is the problem still there now the scans have been run.
     
  5. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    Akamai Technologies is a download assisting pgm for large programs, Adobe maybe? I can do without it I'm sure. The larger problem though is in IE logging on to Wells Fargo still gets re-directed to a fishing page.
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
  7. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    Opened IE without add-ons and it still redirected. Just to clarify. If I put in the wrong password for Wells Fargo I get the usual WF wrong password page. Only if I put in the correct log-in info for Wells Fargo does it then send me to the phishing page.
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, lets see if this scan will show us anything.


    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
     
  9. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    OTL logfile created on: 2/17/2013 10:14:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenny\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.49% Memory free
    6.22 Gb Paging File | 4.62 Gb Available in Paging File | 74.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.04 Gb Total Space | 63.15 Gb Free Space | 21.85% Space Free | Partition Type: NTFS
    Drive D: | 9.05 Gb Total Space | 1.24 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive E: | 298.09 Gb Total Space | 139.50 Gb Free Space | 46.80% Space Free | Partition Type: NTFS
    Drive K: | 465.76 Gb Total Space | 199.82 Gb Free Space | 42.90% Space Free | Partition Type: NTFS
    Drive L: | 117.87 Mb Total Space | 74.78 Mb Free Space | 63.44% Space Free | Partition Type: FAT32

    Computer Name: KENNY-PC | User Name: Kenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Kenny\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Users\Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe (Trend Micro Inc.)
    PRC - C:\Program Files\Trend Micro SafeSync\hrfscore.exe (Trend Micro Inc.)
    PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Iomega Storage Manager\pCloudd.exe (Iomega Corp)
    PRC - C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe (EMC)
    PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    PRC - C:\Program Files\Iomega\Quikprotect\QpMonitor.exe ()
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
    PRC - C:\Program Files\TwonkyMedia\twonkywebdav.exe ()
    PRC - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
    PRC - C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\_elementtree.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32api.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\_socket.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32ts.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\pysqlite2._sqlite.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32com.shell.shell.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._html2.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32crypt.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\pyexpat.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._gdi_.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\windows._cacheinvalidation.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32profile.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\_ctypes.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\pythoncom26.dll ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._misc_.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32security.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\PyWinTypes26.dll ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\_ssl.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32pdh.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32process.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._core_.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\_hashlib.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._windows_.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._wizard.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32file.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32inet.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\wx._controls_.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\win32event.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\unicodedata.pyd ()
    MOD - C:\Users\Kenny\AppData\Local\Temp\_MEI53002\select.pyd ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files\Iomega Storage Manager\wxmsw28u_vc_custom.dll ()
    MOD - C:\Program Files\Trend Micro SafeSync\avcodec-54.dll ()
    MOD - C:\Program Files\Trend Micro SafeSync\avformat-54.dll ()
    MOD - C:\Program Files\Trend Micro SafeSync\avutil-51.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\System32\msjetoledb40.dll ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (OnlineStorageService) -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe (Trend Micro Inc.)
    SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (PCloudd) -- C:\Program Files\Iomega Storage Manager\pCloudd.exe (Iomega Corp)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (QPCopyEngine) -- C:\Program Files\Iomega\Quikprotect\QpMonitor.exe ()
    SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
    SRV - (TwonkyWebDav) -- C:\Program Files\TwonkyMedia\twonkywebdav.exe ()
    SRV - (TwonkyMedia) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
    SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
    SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
    SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
    SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
    SRV - (RetroExp Helper) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe (EMC Corporation)
    SRV - (RetroExpLauncher) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe (EMC Corporation)
    SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
    SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
    SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
    SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
    SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
    SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logicool\SrvLnch\SrvLnch.exe (Logicool Inc.)
    SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logicool\LVMVFM\LVPrcSrv.exe (Logicool Inc.)
    SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)
    SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
    DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
    DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
    DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (adfs) -- File not found
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (vNICdrv) -- C:\Windows\System32\drivers\vNICdrv.sys (Iomega Corporation)
    DRV - (QsFsFltr) -- C:\Windows\System32\drivers\QsFsFltr.sys (Windows (R) Win 7 DDK provider)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (EverestDriver) -- C:\Users\Kenny\Downloads\everestultimate-discontinued-550-o1kx4dyabh\kerneld.wnt ()
    DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
    DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
    DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
    DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
    DRV - (PLCND532) -- C:\Windows\System32\drivers\PLCND532.sys (Intellon, Inc.)
    DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
    DRV - (hpsunidr) -- C:\Windows\System32\drivers\hpsunidr.sys (Gteko Ltd.)
    DRV - (DCamUSBSTK02N) -- C:\Windows\System32\drivers\STK02NW2.sys (Syntek Ltd.)
    DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
    DRV - (Spyder2) -- C:\Windows\System32\drivers\Spyder2.sys ()
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logicool Inc.)
    DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logicool Inc.)
    DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (PID_08A0) -- C:\Windows\System32\drivers\LV302AV.SYS (Logitech Inc.)
    DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
    DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{937C650B-D097-4782-B5A2-F3E4E94BA9DE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{E071FE95-EA7A-4AB8-BA93-B1911E9C90B4}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{F75DDF04-551F-482A-9028-3E4144A76CDF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {D5A4E666-E3FA-4217-B32C-98E3EBC1064E}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{D5A4E666-E3FA-4217-B32C-98E3EBC1064E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
    IE - HKCU\..\SearchScopes\{E071FE95-EA7A-4AB8-BA93-B1911E9C90B4}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKCU\..\SearchScopes\{F75DDF04-551F-482A-9028-3E4144A76CDF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..keyword.URL: ""
    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Kenny\Program Files\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kenny\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Kenny\AppData\Roaming\nprhapengine.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:01:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/09/12 12:41:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/09 21:02:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2012/08/04 12:39:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 11:28:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/09 21:02:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Kenny\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Kenny\AppData\Roaming\Move Networks [2010/10/28 06:57:32 | 000,000,000 | ---D | M]

    [2011/02/12 08:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Extensions
    [2011/02/12 08:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/07/06 17:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2009/05/30 10:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2013/02/16 11:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\extensions
    [2011/02/12 18:03:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\yp9k3dyq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/02/05 08:47:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/12 08:07:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/08/04 10:55:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/12 11:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/21 05:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/05 08:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    [2010/12/03 14:35:08 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2010/12/03 14:35:08 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
    [2010/12/03 14:35:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2012/12/18 09:28:36 | 000,186,584 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2012/12/01 11:28:37 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2012/12/01 11:28:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2010/12/03 12:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2010/12/03 12:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2010/12/03 12:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2010/12/03 12:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2010/12/03 12:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2010/12/03 12:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2010/12/03 12:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Kenny\AppData\Local\Google\Chrome\Application\25.0.1364.84\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenny\AppData\Local\Google\Chrome\Application\25.0.1364.84\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenny\AppData\Local\Google\Chrome\Application\25.0.1364.84\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Kenny\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: eBay Web App = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
    CHR - Extension: Google Search = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: AT_AmericanApparel = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejbaacdckokghddlhgapklpmlfklfga\3_0\
    CHR - Extension: AdBlock = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
    CHR - Extension: Keep My Opt-Outs = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
    CHR - Extension: Facebook = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgmalddjnemjklnmenickgmkeehekdbk\2.6_0\
    CHR - Extension: Offline Solitaire = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn\8_0\
    CHR - Extension: Gmail = C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/02/12 08:36:26 | 000,445,599 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 adobe.activate.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 125.252.224.90
    O1 - Hosts: 127.0.0.1 125.252.224.91
    O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 15307 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe File not found
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuiKProtect] C:\Program Files\Iomega\Quikprotect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Kenny\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Google Update] C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKCU..\Run: [Skype] C:\Users\Kenny\AppData\Roaming\Skype\Phone\Skype.exe ()
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
    O4 - Startup: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.exe - Shortcut.lnk = C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: suntrust.com ([webmail] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28FEDA5C-1BDF-412A-BBD2-0DF6BD1A3B06}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/23 08:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/11/30 00:45:30 | 000,000,132 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{2cc61c0e-efac-11dd-85be-001d60b56bd9}\Shell\AutoRun\command - "" = L:\PortableVault.exe
    O33 - MountPoints2\{ca3e389c-b47a-11dc-8289-001d60b56bd9}\Shell - "" = AutoRun
    O33 - MountPoints2\{ca3e389c-b47a-11dc-8289-001d60b56bd9}\Shell\AutoRun\command - "" = L:\LiteAuto.exe
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Install FreeAgent Tools.exe -- [2007/02/08 20:29:48 | 146,041,088 | ---- | M] (Seagate )
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/17 10:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kenny\Desktop\OTL.exe
    [2013/02/17 06:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2013/02/17 06:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    [2013/02/17 06:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2013/02/16 22:29:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/02/16 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\Kenny\Desktop\RK_Quarantine
    [2013/02/16 11:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2013/02/14 18:10:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kenny\Desktop\dds.scr
    [2013/02/14 18:06:03 | 000,000,000 | ---D | C] -- C:\Users\Kenny\Desktop\logs
    [2013/02/14 18:02:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kenny\Desktop\HijackThis.exe
    [2013/02/13 03:15:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/02/13 03:15:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/02/13 03:15:39 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/02/13 03:15:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/02/13 03:15:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/02/13 03:15:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/02/13 03:15:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/02/13 03:15:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/02/13 03:02:17 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2013/02/13 00:20:56 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/02/13 00:20:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
    [2013/02/13 00:20:42 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/02/13 00:20:41 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/02/12 05:42:16 | 000,000,000 | ---D | C] -- C:\Users\Kenny\Documents\ProcAlyzer Dumps
    [2013/02/11 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/11 18:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/02/11 18:48:35 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2013/02/11 18:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/02/10 17:47:44 | 000,000,000 | ---D | C] -- C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
    [2013/02/10 17:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2013/02/10 17:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013/02/08 18:30:23 | 004,200,304 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
    [2013/02/08 18:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
    [2013/02/07 07:53:29 | 000,000,000 | ---D | C] -- C:\Users\Kenny\Desktop\S800CUpdate
    [2013/02/05 08:46:54 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2013/02/05 08:46:54 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2013/02/05 08:46:54 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2013/01/31 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
    [2013/01/27 08:15:37 | 000,000,000 | ---D | C] -- C:\Users\Kenny\Documents\Printer_RT_N66U_VER1033
    [2008/05/04 13:03:23 | 000,721,912 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Kenny\gotomypc_428.exe
    [2008/02/10 16:19:53 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmmdm.sys
    [2008/02/10 16:19:53 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmserd.sys
    [2008/02/10 16:19:53 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmbus.sys
    [2008/02/10 16:19:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Kenny\usbsermptxp.sys
    [2008/02/10 16:19:53 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Kenny\usbsermpt.sys
    [2008/02/10 16:19:53 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmmdfl.sys
    [2008/02/10 16:19:53 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmcmnt.sys
    [2008/02/10 16:19:53 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmwhnt.sys
    [2008/02/10 16:19:53 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Kenny\mqdmcr.sys
    [2007/08/09 16:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Kenny\AppData\Local\stdole.dll
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/17 10:09:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenny\Desktop\OTL.exe
    [2013/02/17 09:56:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/17 09:30:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/17 09:30:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/17 09:27:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2184751800-3290655511-875200122-1001UA.job
    [2013/02/17 09:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/17 07:34:05 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx
    [2013/02/17 07:32:58 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
    [2013/02/17 07:31:15 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2013/02/17 07:31:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/17 07:30:54 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/02/17 07:30:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/17 06:29:29 | 003,994,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/16 14:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2184751800-3290655511-875200122-1001Core.job
    [2013/02/16 14:09:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/02/16 12:57:12 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2013/02/16 11:15:51 | 000,798,208 | ---- | M] () -- C:\Users\Kenny\Desktop\RogueKiller.exe
    [2013/02/16 11:01:56 | 000,587,671 | ---- | M] () -- C:\Users\Kenny\Desktop\adwcleaner0.exe
    [2013/02/16 10:02:29 | 000,695,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/16 10:02:29 | 000,137,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/15 06:34:22 | 000,374,784 | ---- | M] () -- C:\Users\Kenny\Desktop\p8r7s76n.exe
    [2013/02/14 18:10:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kenny\Desktop\dds.scr
    [2013/02/14 18:02:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kenny\Desktop\HijackThis.exe
    [2013/02/12 08:36:26 | 000,445,599 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/02/11 18:48:48 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/02/10 17:47:02 | 000,000,956 | ---- | M] () -- C:\Users\Kenny\Desktop\Kaspersky Security Scan.lnk
    [2013/02/08 18:30:20 | 000,001,621 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Premier 2013.lnk
    [2013/02/08 18:30:10 | 000,000,165 | ---- | M] () -- C:\Windows\QUICKEN.INI
    [2013/02/08 17:11:21 | 000,858,012 | ---- | M] () -- C:\Users\Kenny\Desktop\eDisclosureB2C.pdf
    [2013/02/07 20:57:15 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/07 20:57:15 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/07 07:53:26 | 126,702,016 | ---- | M] () -- C:\Users\Kenny\Desktop\F-S800C-V12W.exe
    [2013/02/07 03:23:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKenny.job
    [2013/02/01 08:21:06 | 000,002,529 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/01/31 22:48:43 | 000,000,744 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/01/26 17:48:01 | 000,000,993 | ---- | M] () -- C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/26 17:47:50 | 000,000,961 | ---- | M] () -- C:\Users\Kenny\Desktop\Dropbox.lnk
    [2013/01/21 16:35:18 | 000,149,112 | ---- | M] () -- C:\Users\Kenny\Documents\reichner001.jpg
    [2013/01/20 11:12:30 | 007,665,991 | ---- | M] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2) copy2.jpg
    [2013/01/19 12:57:44 | 008,842,302 | ---- | M] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2) copy.jpg
    [2013/01/19 12:42:05 | 006,309,242 | ---- | M] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2).JPG
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/16 12:57:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2013/02/16 11:15:33 | 000,798,208 | ---- | C] () -- C:\Users\Kenny\Desktop\RogueKiller.exe
    [2013/02/16 11:01:50 | 000,587,671 | ---- | C] () -- C:\Users\Kenny\Desktop\adwcleaner0.exe
    [2013/02/16 08:17:33 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
    [2013/02/15 06:34:22 | 000,374,784 | ---- | C] () -- C:\Users\Kenny\Desktop\p8r7s76n.exe
    [2013/02/11 18:48:48 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/02/11 18:48:48 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/02/10 17:47:45 | 000,000,956 | ---- | C] () -- C:\Users\Kenny\Desktop\Kaspersky Security Scan.lnk
    [2013/02/08 18:30:20 | 000,001,621 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Premier 2013.lnk
    [2013/02/08 17:11:21 | 000,858,012 | ---- | C] () -- C:\Users\Kenny\Desktop\eDisclosureB2C.pdf
    [2013/02/07 07:55:27 | 126,702,016 | ---- | C] () -- C:\Users\Kenny\Desktop\F-S800C-V12W.exe
    [2013/01/31 22:46:37 | 000,002,529 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/01/21 16:35:18 | 000,149,112 | ---- | C] () -- C:\Users\Kenny\Documents\reichner001.jpg
    [2013/01/20 11:12:20 | 007,665,991 | ---- | C] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2) copy2.jpg
    [2013/01/19 12:41:28 | 008,842,302 | ---- | C] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2) copy.jpg
    [2013/01/19 12:31:28 | 006,309,242 | ---- | C] () -- C:\Users\Kenny\Desktop\2012-12-23 20.55.04 (2).JPG
    [2012/09/08 12:20:27 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
    [2012/08/20 02:57:23 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/08/04 11:04:34 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
    [2012/05/31 19:44:02 | 000,038,429 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2012/03/25 10:27:25 | 000,000,744 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011/08/11 11:29:48 | 000,348,595 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\Trade28.zip
    [2011/03/14 18:03:37 | 000,004,364 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\Comma Separated Values (DOS).NOT
    [2011/03/06 10:56:07 | 000,188,060 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/03/05 07:19:36 | 000,000,036 | ---- | C] () -- C:\Windows\IMatch4.INI
    [2010/11/12 06:04:21 | 000,000,036 | ---- | C] () -- C:\Users\Kenny\AppData\Local\housecall.guid.cache
    [2010/09/14 18:29:38 | 001,930,588 | ---- | C] () -- C:\Users\Kenny\raycharles invite.tif
    [2010/09/06 15:25:41 | 000,001,456 | ---- | C] () -- C:\Users\Kenny\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2010/05/02 11:54:31 | 000,176,128 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\chrtmp
    [2010/05/02 11:54:24 | 000,094,208 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\ster Collection KeyGen[Mac].exe
    [2009/12/19 08:47:13 | 000,023,975 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\Tab Separated Values (DOS).ADR
    [2009/07/22 17:59:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/05/10 22:16:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jingles
    [2009/05/10 22:16:49 | 000,000,268 | RH-- | C] () -- C:\Users\Kenny\AppData\Roaming\Internet Services
    [2009/05/10 22:16:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2009/05/10 22:16:49 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
    [2009/05/10 22:12:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz
    [2009/05/10 22:12:43 | 000,000,268 | RH-- | C] () -- C:\Users\Kenny\AppData\Roaming\Instrument Library
    [2009/05/10 22:12:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2009/05/10 22:12:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\LaserPrinter
    [2009/03/07 08:38:33 | 000,022,972 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\Tab Separated Values (Windows).ADR
    [2008/11/21 18:28:44 | 001,282,504 | ---- | C] () -- C:\Users\Kenny\grilling%20guide%20quantum.pdf
    [2008/10/14 16:59:06 | 002,669,279 | ---- | C] () -- C:\Users\Kenny\Jaime Reichner-Headshotz.jpg
    [2008/10/13 20:40:45 | 000,060,744 | ---- | C] () -- C:\Users\Kenny\g2mdlhlpx.exe
    [2008/07/12 08:34:21 | 000,003,594 | ---- | C] () -- C:\Users\Kenny\ikea order1.pdf
    [2008/04/11 15:44:45 | 000,001,356 | ---- | C] () -- C:\Users\Kenny\AppData\Local\d3d9caps.dat
    [2008/02/10 16:50:08 | 000,092,312 | ---- | C] () -- C:\Users\Kenny\1202680208-oem78.PNF
    [2008/02/10 16:50:08 | 000,048,144 | ---- | C] () -- C:\Users\Kenny\1202680208-oem78.inf
    [2008/02/10 16:50:08 | 000,020,708 | ---- | C] () -- C:\Users\Kenny\1202680208-oem84.PNF
    [2008/02/10 16:50:08 | 000,009,913 | ---- | C] () -- C:\Users\Kenny\1202680208-oem84.inf
    [2008/02/10 16:50:08 | 000,008,888 | ---- | C] () -- C:\Users\Kenny\1202680208-oem82.PNF
    [2008/02/10 16:50:08 | 000,008,400 | ---- | C] () -- C:\Users\Kenny\1202680208-oem83.PNF
    [2008/02/10 16:50:08 | 000,006,989 | ---- | C] () -- C:\Users\Kenny\1202680208-oem82.inf
    [2008/02/10 16:50:08 | 000,004,477 | ---- | C] () -- C:\Users\Kenny\1202680208-oem83.inf
    [2008/02/10 16:19:53 | 000,009,913 | ---- | C] () -- C:\Users\Kenny\MCCI_MDM.INF
    [2008/02/10 16:19:53 | 000,009,232 | ---- | C] () -- C:\Users\Kenny\USB_MOT_BRIT.INF
    [2008/02/10 16:19:53 | 000,007,080 | ---- | C] () -- C:\Users\Kenny\USBMOT2000.INF
    [2008/02/10 16:19:53 | 000,006,989 | ---- | C] () -- C:\Users\Kenny\MCCI_BUS.INF
    [2008/02/10 16:19:53 | 000,006,109 | ---- | C] () -- C:\Users\Kenny\USB_MOT_A1000.INF
    [2008/02/10 16:19:53 | 000,006,070 | ---- | C] () -- C:\Users\Kenny\USBMOT2000XP.INF
    [2008/02/10 16:19:53 | 000,005,880 | ---- | C] () -- C:\Users\Kenny\USB_CMCS_2000.INF
    [2008/02/10 16:19:53 | 000,004,477 | ---- | C] () -- C:\Users\Kenny\MCCI_SDM.INF
    [2008/01/25 18:53:25 | 000,008,266 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2007/12/13 14:06:19 | 000,602,135 | ---- | C] () -- C:\Users\Kenny\AppData\Roaming\ufkr46.zip
    [2007/12/07 19:07:18 | 000,107,008 | ---- | C] () -- C:\Users\Kenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/30 10:56:30 | 000,220,184 | ---- | C] ( ) -- C:\Users\Kenny\AppData\Local\Interop.Microsoft.Office.Core.dll

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/06/18 07:25:47 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\BitTorrent
    [2010/05/03 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/05/03 06:33:06 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\com.adobe.bridge.PublishPanel
    [2011/04/24 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    [2012/09/30 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\com.adobe.dmp.contentviewer
    [2012/05/21 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2010/01/30 10:22:22 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2010/05/17 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\DNA
    [2013/02/17 07:34:17 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Dropbox
    [2009/03/03 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\eFax Messenger
    [2012/08/04 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\EPSON
    [2009/05/30 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Flickr
    [2012/11/08 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\GARMIN
    [2009/10/03 06:20:04 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Helios
    [2013/02/13 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Image Zone Express
    [2011/03/15 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Leadertech
    [2011/05/03 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\LimeWire
    [2009/09/07 17:50:39 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\MotionDSP
    [2012/01/07 09:49:35 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\MPEG Streamclip
    [2007/12/23 07:07:57 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\muvee Technologies
    [2009/05/11 17:01:37 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Nikon
    [2011/03/13 15:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Passware
    [2012/06/04 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\PDAppFlex
    [2007/12/01 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\photools.com
    [2013/02/13 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Printer Info Cache
    [2007/11/27 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Snapfish
    [2010/05/03 17:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\StageManager
    [2010/06/23 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/06/30 15:57:21 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\TuneUpMedia
    [2009/01/25 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\W Photo Studio
    [2009/01/25 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\W Photo Studio Viewer
    [2009/01/25 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Walgreens
    [2007/11/29 04:08:49 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\WinBatch
    [2010/05/02 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\Kenny\AppData\Roaming\Xilisoft

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 3388 bytes -> C:\Users\Kenny\Documents\Cowboy & Indian......eml:OECustomProperty
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:890CC2F3
    @Alternate Data Stream - 1314 bytes -> C:\ProgramData\TEMP:24721E3C
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B

    < End of report >

    OTL Extras logfile created on: 2/17/2013 10:14:32 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenny\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.49% Memory free
    6.22 Gb Paging File | 4.62 Gb Available in Paging File | 74.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.04 Gb Total Space | 63.15 Gb Free Space | 21.85% Space Free | Partition Type: NTFS
    Drive D: | 9.05 Gb Total Space | 1.24 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
    Drive E: | 298.09 Gb Total Space | 139.50 Gb Free Space | 46.80% Space Free | Partition Type: NTFS
    Drive K: | 465.76 Gb Total Space | 199.82 Gb Free Space | 42.90% Space Free | Partition Type: NTFS
    Drive L: | 117.87 Mb Total Space | 74.78 Mb Free Space | 63.44% Space Free | Partition Type: FAT32

    Computer Name: KENNY-PC | User Name: Kenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Porta.MakeAlbum] -- "C:\Program Files\Porta\Porta.exe" "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2184751800-3290655511-875200122-1001]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{006C4FA7-5B5A-4B42-87A9-A3ED6606FFF1}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
    "{031FE694-1CD3-47D3-A8BA-3AACECC9A6CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{14DEE5E8-5F93-4CB1-9B1D-06F95A63F23C}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{160BC136-C02D-45C8-9CC8-17FF9DDD282A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{1BB83031-05CE-40F6-8792-13636ED32C48}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{1FC311B2-4295-4625-93F5-48A8B1D5F8C1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{217ED1BD-D5F6-42FE-BF01-CB3E8E32371C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{23ED49DC-D318-4EB9-BB2E-8252E4BDE64B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{26238890-A71B-4819-A670-C6AA3413370E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{26258A18-0A31-4B1B-8922-8E5FB07232AF}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{2AD56FCB-151F-4B81-BE82-3B9B4D089CD2}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2D515972-F09A-46F5-A7AF-5C67D52CB49C}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{2DF2CF5F-F1EE-4ADF-99E5-F3F6DF4F4516}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{2EC76882-4BC5-49FA-90CD-A2ED5F9B6B0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3282F3CD-CCCD-4C03-BCBA-8BECDDA8A7EA}" = rport=139 | protocol=6 | dir=out | app=system |
    "{437F9BE9-44FC-41F9-8278-5ECC2DA47795}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{45F9C015-1937-4DFF-B005-0028941C9BEF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4E92E036-3847-4B7F-916D-398596CA9D08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{52A82648-DBCC-455E-B841-B3A172EF898E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{53FC7A3B-4432-4D68-A97B-2DE59B6B14B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{54F8830E-9824-447A-B482-3E6C9A6E3AC1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{55A22CAB-AAF5-4859-AAE7-2490AC897999}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{56EA4450-14F9-40CC-9BE6-61CB9CFF0FE4}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{58846FCF-7D4C-415D-89C4-2417C347A081}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5D42FBF1-33DF-49FF-86C3-8FFF7790C6F2}" = lport=5353 | protocol=17 | dir=in | name=mdns-sd/bonjour |
    "{5E0BD894-783E-4880-B0DD-B5913EF19CE3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{67FFE313-53E3-45AD-9924-26D9811EE7A9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{69B32625-DF41-42BC-A3D5-F9D4B6534820}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6D2D1ED1-0FA3-4EFE-9E9F-6D08DB7CD158}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{6FAA4975-2CEB-46A4-B6C2-1429BC7F9BB4}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{79FBFF99-DD3E-4634-BB78-9B1133F51AC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{7E1ADFDC-D1BC-40EA-9C6A-FFE0F4011E4E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
    "{8462720E-93BD-481E-8C0D-F3A877F84573}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{854038C6-821C-4F7C-8E20-99C19FD3AB56}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{89E1CAD8-5F77-4D6E-BCC6-93AB27389588}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
    "{8BF76A3B-8787-4B9C-9F75-7CB019D0DA8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9068CBF7-8141-44F1-AF76-64E4237F4114}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9271337D-E2B6-47CC-AAD3-57CBE6BADCB2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{9B91EED5-774F-4988-8CC9-50A837E71D39}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9F6BA4D5-B6B5-4496-A667-76661528CAF3}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A031AF9F-D6A8-411F-89EA-AA1156F26905}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A06F6135-01AD-4593-9269-819CF7B61290}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A31F2E65-07DC-4569-80EB-5069EF3BC409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A35E8367-1304-427C-B0E0-AB997036D2A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A4ABB570-04B8-4497-B2BA-09D3513C6CDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{A500FCD7-A701-4429-9470-39FBEFFD1357}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AF18E8DA-8D67-49F6-8636-6A54766F62A3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AFB43E03-5481-4423-99B5-A03C8E4A46E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B0399C22-3DDD-42F4-80EA-A4E9B009A816}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B33F15F2-D52C-41DA-B272-238388858747}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{B6670D56-61D9-4EB0-A073-F956664CE1A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B6826193-7DF4-4477-BA33-8619F853C80A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BB1B0CF7-06CC-4173-BEEC-DAF020D72AF8}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
    "{BE1008BE-2626-41A7-87DF-FF03C73E250B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C7609FA0-CE25-41FA-9155-E2A837BA5B5D}" = lport=58534 | protocol=6 | dir=in | name=akamai netsession interface |
    "{CAB6CC18-917D-4328-BF88-BD4FA13286D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CCB47445-F986-479C-B134-7D147581E28A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D13F73A9-9457-4826-8EB8-E49401CF1254}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D4CF6B44-55C6-46BE-92D8-194F4340FD98}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D9C44ED5-2571-42C2-9829-D027B169B1E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{E315A4BB-E96E-49A4-8077-E63C7BC8BE8F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EAB21692-281F-42C8-8F29-8897DBC27601}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{F175BECC-C8DE-4739-B248-D4BDC90D720C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F22696CC-FA2D-4CB0-8FA4-EB47698AF7EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FF6AD464-F6A3-407E-A8F7-59AFA741E693}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{011E587B-E51C-49BA-B14A-2DFF32D015B7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{0B35845D-A227-45A2-8A58-58FD7B62102E}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{108EF90C-1931-4548-9FD5-1BD76621E44E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{10CF5A0C-8533-40B7-A06F-A147ABE11B8F}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
    "{11F40F2F-5D97-44B2-99E3-C5E9733E0445}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{138B11B3-9FB2-4843-8CB3-D425EB048FAD}" = protocol=17 | dir=in | app=c:\users\kenny\appdata\roaming\dropbox\bin\dropbox.exe |
    "{149647BC-3CC1-472B-9C77-FA003EB6D2EB}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
    "{16EC338C-47DC-4080-83AA-D30F601D3919}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{1794DC4C-536C-4D7B-A43F-092790409690}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1A2C15E8-5747-48EE-B0FB-184D9149A0F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{1B2D5930-5F61-420B-9F71-74121786DF69}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{1B670369-5AB1-431C-AD82-20B1F41FF5B3}" = dir=in | app=f:\setup\hpznui01.exe |
    "{1E3B4C9D-977E-4FFB-B191-0394EA1C054F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{22E71CC3-27F8-426D-8A56-EEC21243454E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{23364F7C-6229-4CE3-9D9D-F3F0A8E995F2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{2482CECD-59A2-4F59-A33E-85910212C237}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{26D0FCF6-754B-4475-B80C-80EBC62856EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{280FE1A3-3849-485B-80A7-0FD103E35CA2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{28A86B22-3105-429D-BFA9-48C08FAF09B0}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{29F449F4-9B28-4036-9771-429036A3B8AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{2DA1351A-82BA-445A-82FB-F5CD8198F8BE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{303AFFB1-C07E-465B-98B4-14827A99DB05}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{3041B941-63CD-486A-968A-600DED330A10}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{30E72723-FDCA-461D-B20C-0346C56B343F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{340C16FF-04A7-4645-9DEC-930CF285E933}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{34589B70-8120-4484-95C8-7C536D2A1677}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
    "{388AFE16-1CD6-430E-A81B-0EA807FC7F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{3B99B170-5A2E-4599-A68C-74EA46D4AC88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{3C1CB69A-BD38-48CB-8CDF-E9649162B3BD}" = protocol=6 | dir=in | app=c:\users\kenny\appdata\local\temp\wzse1.tmp\common\epsonnet setup\eneasyapp.exe |
    "{3E19EE39-D39A-4F19-AF47-85C4E051C7E9}" = protocol=17 | dir=in | app=c:\program files\uv realtime\uv realtime.exe |
    "{4109DBA8-4E24-4262-ACA5-1C8BED2EEBD3}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
    "{41B0261D-2AD8-4A2A-8641-2959214155A7}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{44F299E5-15F1-4919-9408-54D67A2450CB}" = protocol=6 | dir=in | app=c:\users\kenny\appdata\local\akamai\netsession_win.exe |
    "{47F0BD09-182D-4B12-A4E6-AEE8FBB30CD5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{4BB287C8-2C03-4788-818E-B87F3F4D3F89}" = protocol=17 | dir=in | app=c:\users\kenny\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
    "{4E893789-087C-4805-88AA-40492EB6B64C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{5172B80F-651E-4D8F-8B33-679D6325A5A5}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{5448DF4B-7068-49AE-9368-E2DAB0C4A9DE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{581FFF0E-F58C-4A0D-864B-D5114B876E95}" = protocol=6 | dir=in | app=c:\program files\uv realtime\uv realtime.exe |
    "{5854A4CD-D86A-4446-B96C-FA573779F589}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{5E6D3AEE-6692-4CB0-9487-523F47182B9E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "{603558C8-7951-415D-9352-8252290654E6}" = protocol=6 | dir=out | app=system |
    "{6436253B-9498-4853-80F2-1C389B67CDCA}" = protocol=58 | dir=in | [email protected],-148 |
    "{673CAE16-120B-4506-B9B7-4B75A9559BFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{67850304-CA44-4ED9-98D9-E311EAD6B655}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "{695EE4E1-31B1-4D44-A9F9-DF899928572C}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{6A2A6538-44CB-4E15-8B22-B61108CAB6F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{6A79AC86-77DD-4E89-B423-D05631A0A3FA}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{6C2A1D15-1676-4289-9694-5D4B3A7251ED}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{6C8B62C1-C54A-40D8-8D24-86E261634FAD}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{6E3B7323-E07E-42C5-A37C-08CC28960D77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{72867800-0042-481E-BEC8-F95DD618C7D9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{79B3ABD7-2503-4C7E-B4EF-8D3D1869069D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7AE00FC8-60E4-4F45-9070-9EFDAFEE7E13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{831D303C-3CA9-4030-9385-45B0FE465C46}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{83BDDDF3-1E46-44FC-A117-938DCC3E4A9C}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
    "{85081B59-42E0-44F2-8877-F53B1D4758BE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{86DFB6C2-160C-4115-9548-A3B890C3F2BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{87F8E3B2-9340-49D0-8523-47E61AC15AD6}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "{8E72BB8D-F75D-4B98-841F-8B0D14A8F183}" = protocol=17 | dir=in | app=c:\users\kenny\appdata\local\akamai\netsession_win.exe |
    "{8F668AE0-CD95-44F3-8463-10EDF4E5931F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{92858811-F927-4200-AC84-130F04F544C2}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{97D8E2AA-6585-477E-B86D-8E4794B4CA43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{983CA78F-97FB-47F9-A305-67E3C684AE44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99DC2EF0-A102-49E1-9AF8-C7EC3A3A973B}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{9AC4F20F-93DF-4FD0-9672-7241A3A77CBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A07E0EC1-5545-46EB-8169-9DC6C0A6957A}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
    "{A0FDE3E6-BF4F-462D-BFFC-ACAEA52EFE9D}" = protocol=17 | dir=in | app=c:\users\kenny\appdata\local\temp\wzse1.tmp\common\epsonnet setup\eneasyapp.exe |
    "{A45CC75B-44DD-4957-9945-A96CC4D166C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A4BC022A-54F6-42E0-8B9B-B5C41FC06C6E}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{A6390F29-C37C-4F09-8EBF-1EF7AD898568}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{A7FD2703-D920-4FBD-A1C3-4062CD807949}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{A8E57F4A-9582-4EA1-AF34-D869300CFD39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AA1DBA90-D586-4B8D-8F2F-77BF43C16EBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AA825C7B-E166-41A9-9F29-6CD5E7E3FB64}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
    "{AB02F7C9-FE73-422E-9E04-3E1FEB557574}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{ACCA04F3-9F50-4B3B-8D08-A3BCEAEF70FA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{AD11B0AC-6A15-4514-A934-6018A0BD6B08}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{B06DCD3D-EE1B-4F6F-A506-2F0933658AC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{B13EDD97-9000-4A42-A2E0-AC3126229279}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B241DAC3-76D2-47FB-A41E-0FC7766F4630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B62A101A-BA0F-479A-AEF9-ACFAA394CB5D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{B849DA94-D8C8-409F-91A6-56742B1AA2D2}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{B86C1210-0E40-4DE9-B6CE-952C7B985326}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C1C74080-CA8D-4877-BDD1-4440948B55DA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{C2651E30-34B2-40C5-A33E-B6AF8F583D77}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{CCCFC0B3-135B-430E-A4C8-B0A38052F8EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{D0995B3A-8EA9-4E31-932C-1BC9F0FC414C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D2DA8F99-3CFA-4CF9-8A84-A35AE913D8C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{D31692C9-2D81-4742-9251-51CFC3580674}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D3EB6088-D81C-4ACD-8198-6468DAD404F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{D450C53D-0CE3-418F-A6E3-9649BF615254}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{DB6756E1-6100-4FEE-A1CD-D1098AA19FB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DC263E19-8926-4371-B6E5-262432689A74}" = protocol=6 | dir=in | app=c:\users\kenny\appdata\roaming\dropbox\bin\dropbox.exe |
    "{DC824CDB-F713-4CCB-BE4B-5DDEFE4FFE10}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{DE6DA55A-D610-4C0D-A2C9-24A053DBD4AF}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{DF4E5FA2-07EF-4536-932E-70E92FF87AE1}" = protocol=6 | dir=in | app=c:\users\kenny\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
    "{DFB33763-8A80-47B7-B630-CD1385CC71E3}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{E0976F5D-C158-48F9-AF1F-25D8EA078434}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{E4151911-CC48-4E47-9377-9469B7CFE184}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{E55643D0-D42B-4A3D-9BDC-A4BEB2DC32A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E57EB990-1FEF-428C-8D2B-7160B2432292}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{EA224A71-66C9-4CAA-A672-F19EB40ECE54}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{EA444827-A353-4A06-B7B2-C9E226534EA5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{EAE0D0FF-5E25-4F1F-AF2A-34D69A996F4E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{F0D1718F-6869-4BD6-8D88-867C194A502C}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{F40A4DFD-2F9F-40BF-AB2C-BA936F229B41}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{F51F0DAF-CC1D-4810-8928-4FEDE5DEBDD4}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{F5EEEF24-622E-4D57-989C-C3C1A620885C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{F75B81C1-CAC6-4F0F-B120-CA03F196AF1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{FB080584-87EB-4A21-AE77-6E4E8D53208B}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
    "{FE0C73AA-D0DF-4380-A2AD-712447A89DAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "TCP Query User{0C8A96AA-5701-46C6-A8B4-8CC37691374B}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
    "TCP Query User{2E49A495-7C1E-491B-A5F7-76AEBE0BC306}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{3AEA1872-2DC6-4652-9E4E-A6C9876E16DC}C:\users\kenny\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\kenny\program files\dna\btdna.exe |
    "TCP Query User{7940BC32-8E2C-4AB3-9C02-2222617BD083}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{7DA1AB18-8BFB-4328-A860-B78D1F8CC222}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
    "TCP Query User{813BC895-0499-4668-A777-80C2118CB398}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "TCP Query User{C307646D-0FB1-4118-8697-2E691BD8A8A4}C:\users\kenny\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\kenny\appdata\local\temp\g2_626\g2viewer.exe |
    "TCP Query User{C8E44476-69CA-46C4-89E8-795AE5718611}C:\users\kenny\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\kenny\program files\bittorrent\bittorrent.exe |
    "UDP Query User{25FDF125-33DA-4C67-A6C0-B688B10721FB}C:\users\kenny\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\kenny\program files\bittorrent\bittorrent.exe |
    "UDP Query User{6D077894-4716-49C6-93F5-833AB1516440}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{83509106-AFE8-4971-A2E9-381FE5AA4A6A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{8674D4D3-0D2A-4374-904D-B5DB5EEBD689}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
    "UDP Query User{A333C90D-61B2-4988-8890-AC4D59EC2654}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
    "UDP Query User{B9B9D74D-2181-4280-B28F-EAED11066A2C}C:\users\kenny\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\kenny\appdata\local\temp\g2_626\g2viewer.exe |
    "UDP Query User{E2B2D4DF-F674-4413-ABA0-26FDD8726DD4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{FFAB4289-6593-485D-8808-6DF1CBA9BD15}C:\users\kenny\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\kenny\program files\dna\btdna.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2282C742-8E14-4E71-8329-5253E51B2834}" = Passware Kit Basic Demo 10.3
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{291820D0-A626-40F9-BDFF-8D5CEAB04243}" = Google Advertising Cookie Opt-out
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader
    "{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B95A7D0-AF67-4916-9433-C18B9969E9D4}" = PS-Utility
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4F0CF29A-AAE6-45B7-A764-D24BCA8EB1E9}" = Epson E-Web Print
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}" = UV Realtime
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63A5F548-B114-4413-BD9E-5EAF35F90779}" = RRDtool
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6BBEF431-3950-4D08-A55B-5455E7B94889}" = Logicool Qcam
    "{6C0098D5-25FE-4791-B957-5C5F038A0DF9}" = Logicool Audio Echo Cancellation Component
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
    "{70824C1F-54CA-4AB7-B4A8-6FBEAB2F04C2}" = IMatch 3.6
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{711C92F8-D249-4E6C-957A-5593577170B0}" = Logicool Video Enumerator
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7366A90C-6B1E-47C0-AC8B-21040CAB53D6}" = Dicom Viewer DEMO (Rubo)
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{775B9052-3517-47FA-817D-1BB28363D43A}" = muvee autoProducer 6.0
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{886E3938-64F2-4E06-B430-A2D995074F89}" = Logicool Video User Mode Video Processing Layer (32-bit)
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AB564A3-40FC-4AED-9ECD-BF4F5FD43ACB}" = HPScanjet
    "{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
    "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9E67C25B-F733-4C73-B8F0-C6522E728ECE}" = NETGEAR XAV101 Configuration Utility
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
    "{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
    "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
    "{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C80891BA-86CD-44E4-BE07-6413C6DF9466}" = Memeo AutoBackup
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
    "{D79EB872-3E54-A9D4-F11E-F147BB7C31D9}" = Adobe® Content Viewer
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E31BF0CC-B6BC-4570-B9A3-729F2CC73D3B}" = Fidelity Active Trader Pro®
    "{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "ATT-SST" = AT&T Self Support Tool
    "Audacity_is1" = Audacity 1.2.6
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "ColorPlus" = ColorPlus
    "ColorVisionStartup" = ColorVisionStartup
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.dmp.contentviewer" = Adobe® Content Viewer
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "FileZilla" = FileZilla (remove only)
    "Flickr Uploadr" = Flickr Uploadr 3.2
    "Google Updater" = Google Updater
    "GoZone iSync" = GoZone iSync
    "HFRS_is1" = Trend Micro SafeSync
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "InstallShield_{9E67C25B-F733-4C73-B8F0-C6522E728ECE}" = NETGEAR XAV101 Configuration Utility
    "InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
    "InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
    "Intel(R) Configuration Center" = Intel® Viiv™ Software
    "Iomega QuikProtect" = Iomega QuikProtect
    "Iomega Storage Manager" = Iomega Storage Manager
    "IsoBuster_is1" = IsoBuster 2.4
    "LimeWire" = LimeWire 5.1.4
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Porta" = Porta
    "PROSet" = Intel(R) Network Connections Drivers
    "QcDrv" = Logicool® Camera Driver
    "Recuva" = Recuva
    "Rhapsody" = Rhapsody
    "Security Task Manager" = Security Task Manager 1.8g
    "sp6" = Logitech SetPoint 6.20
    "SpeedFan" = SpeedFan (remove only)
    "Spyder2express" = Spyder2express
    "SwiftCompare_is1" = SwiftCompare 1.3
    "SystemRequirementsLab" = System Requirements Lab
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax 2012" = TurboTax 2012
    "TurboTax Deluxe 2005" = TurboTax Deluxe 2005
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "TwonkyMediaTwonkyMedia" = TwonkyMedia
    "vReveal" = vReveal
    "vReveal 3" = vReveal 3
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
    "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.0.0.320
    "InstallShield_{C80891BA-86CD-44E4-BE07-6413C6DF9466}" = Memeo AutoBackup
    "Move Media Player" = Move Media Player
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/9/2013 10:48:08 AM | Computer Name = Kenny-PC | Source = Bonjour Service | ID = 100
    Description = 464: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error - 2/9/2013 10:48:08 AM | Computer Name = Kenny-PC | Source = Bonjour Service | ID = 100
    Description = ERROR: mDNSPlatformReadTCP - recv: 10053

    Error - 2/9/2013 10:48:08 AM | Computer Name = Kenny-PC | Source = Bonjour Service | ID = 100
    Description = 464: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error - 2/10/2013 6:45:25 PM | Computer Name = Kenny-PC | Source = VSS | ID = 12305
    Description =

    Error - 2/12/2013 5:38:58 AM | Computer Name = Kenny-PC | Source = Application Hang | ID = 1002
    Description = The program SDRootAlyzer.exe version 2.0.12.116 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: cb8 Start Time: 01ce08cdb3b16b70 Termination Time: 5

    Error - 2/13/2013 12:22:54 PM | Computer Name = Kenny-PC | Source = Application Hang | ID = 1002
    Description = The program HP_IZE.exe version 1.12.0.46 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1eb0 Start Time: 01ce0a062f0237dd Termination Time: 32

    Error - 2/15/2013 7:43:49 AM | Computer Name = Kenny-PC | Source = Perflib | ID = 1010
    Description =

    Error - 2/16/2013 3:08:32 PM | Computer Name = Kenny-PC | Source = Windows Search Service | ID = 3079
    Description =

    Error - 2/16/2013 8:22:01 PM | Computer Name = Kenny-PC | Source = VSS | ID = 8194
    Description =

    Error - 2/16/2013 8:23:24 PM | Computer Name = Kenny-PC | Source = VSS | ID = 8194
    Description =

    [ Media Center Events ]
    Error - 7/10/2009 3:25:24 PM | Computer Name = Kenny-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/3/2009 3:26:30 PM | Computer Name = Kenny-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/22/2009 5:31:11 PM | Computer Name = Kenny-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 10/4/2008 4:37:32 PM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 385
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 10/4/2008 4:37:43 PM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/20/2009 4:57:23 PM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95604
    seconds with 1320 seconds of active time. This session ended with a crash.

    Error - 10/11/2010 9:42:19 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146778
    seconds with 1800 seconds of active time. This session ended with a crash.

    Error - 3/23/2011 10:19:42 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13464
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/24/2011 8:46:55 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 55552
    seconds with 1020 seconds of active time. This session ended with a crash.

    Error - 5/28/2011 7:45:49 PM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 26226
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 6/29/2011 7:51:37 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 154
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/25/2011 6:45:55 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 168710
    seconds with 4320 seconds of active time. This session ended with a crash.

    Error - 9/17/2012 4:09:37 AM | Computer Name = Kenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 135001
    seconds with 780 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2/16/2013 1:59:55 PM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/16/2013 2:00:19 PM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/16/2013 2:31:20 PM | Computer Name = Kenny-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 2/17/2013 7:23:17 AM | Computer Name = Kenny-PC | Source = DCOM | ID = 10010
    Description =

    Error - 2/17/2013 7:28:26 AM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/17/2013 7:28:41 AM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/17/2013 7:58:35 AM | Computer Name = Kenny-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 2/17/2013 8:30:41 AM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/17/2013 8:31:10 AM | Computer Name = Kenny-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/17/2013 8:46:54 AM | Computer Name = Kenny-PC | Source = BROWSER | ID = 8032
    Description =


    < End of report >
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    No sign of anything malicious in that log, could you please go to the dubious redirect and then copy and post the full web address so I can check it.

    Please try this and see if it fixes the issue:


    • Exit all programs, including Internet Explorer (if it is running).
    • Click on the Start button [​IMG] and type the following command in the Search box, inetcpl.cpl and then press Enter
    • The Internet Options dialog box appears.
    • Click the Advanced tab.
    • Under Reset Internet Explorer settings, click Reset. Then click Reset again.
    • Click to select the Delete personal settings check box to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
    • When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.
    • Start Internet Explorer again.
     
  11. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The web address gives the impression that is not a redirect, are you seeing the same as this attachment. Please post a screenshot if it is different.
     

    Attached Files:

  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I just tried to go back to that link you posted and get the screen shown below I doubt very much there would be a time out on a phishing page. If this is a phishing scam I would be quite surprised. I can only suggest you contact them and send a screenshot of the suspect web page so they can confirm that it is genuine to put your mind at rest.
     

    Attached Files:

  14. Kennyr

    Kennyr Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    13
    It is most definitely a phishing page. It was confirmed by Wells Fargo security. the page I get is not the one you see. I get a page hosted on a W3.org website. I can send you the coode but will have to black some of it out since it actually contains the information direct from my Wells Fargo account.

    As best I can tell in layman's terms this is what it does. When I try to log on to Wells Fargo it intercepts the page that Wells Fargo is serving me with my account information and then serves me the phishing page instead. If I completely fill out and submit the phishing page it then serves me the original page from Wells Fargo. Do you want me to send you the code from the phishing page?
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Better not send that code in as it could reveal security information.

    I am going to ask other Malware Experts if they know how to find the cause of this as everything I have tried so far is coming up with a dead end.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089756

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice