Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tojan, Google Redirect, and BCD Issues...Please Help!


  • This topic is locked This topic is locked
26 replies to this topic

#1 mcoupe

mcoupe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 01 June 2012 - 06:06 PM

Hello, I came accross this forum while searching for help with the google redirect issue. Seems IE searches and Google searches via url area are redirecting to search-results.

Prior to this the machine crashed using IE and causing a corrupt file. System Repair, Restore, could not fix the problem. I did some searching and was able to recover by recreating the BCD store. The machine rebooted successfully and after a MB scan I found and removed Torjan.Happili.xgen2. Machine worked fine for two days and the same thing happened again but this time System Repair got caught in an infinite loop. Rebuilding the BCD store allowed me to recover but the Happilli virus appeared again.

That was as of this morning and I am now noticing the google redirect. However, MB, TDSKiller, HitMan Pro, Bitdefender, and MS Security Essentials are not finding anything. I know it says not to run combofix but I did that before coming accross this site.

I would really appreciate and be grateful for any help that could be provided. Here is my DDS info:

Thanks in Advance,
Larry

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Family Laptop at 18:51:58 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.3814 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\x64\3\lxecserv.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\SysWOW64\cscript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FAStartup]
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4C007613-F8BE-455A-8EC1-6784DB083669} : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}\2375942554138313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}\2656167686F6374753 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}\34963736F61333238303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}\34963736F6B413434323 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}\E4D4D44323 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [FAStartup]
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys --> C:\WINDOWS\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\system32\Drivers\PxHlpa64.sys --> C:\WINDOWS\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\WINDOWS\system32\DRIVERS\vwififlt.sys --> C:\WINDOWS\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\system32\atiesrxx.exe --> C:\WINDOWS\system32\atiesrxx.exe [?]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\lxecserv.exe [2011-12-4 45736]
R2 rimspci;rimspci;C:\WINDOWS\system32\DRIVERS\rimspe64.sys --> C:\WINDOWS\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\WINDOWS\system32\DRIVERS\risdpe64.sys --> C:\WINDOWS\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\WINDOWS\system32\DRIVERS\rixdpe64.sys --> C:\WINDOWS\system32\DRIVERS\rixdpe64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\system32\DRIVERS\btwl2cap.sys --> C:\WINDOWS\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys --> C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\WINDOWS\system32\DRIVERS\itecir.sys --> C:\WINDOWS\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\system32\DRIVERS\k57nd60a.sys --> C:\WINDOWS\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\WINDOWS\system32\DRIVERS\NETw5s64.sys --> C:\WINDOWS\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\WINDOWS\system32\DRIVERS\vwifimp.sys --> C:\WINDOWS\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FACAP;facap, FastAccess Video Capture;C:\WINDOWS\system32\DRIVERS\facap.sys --> C:\WINDOWS\system32\DRIVERS\facap.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-7 1038088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 NisDrv;Microsoft Network Inspection System;C:\WINDOWS\system32\DRIVERS\NisDrvWFP.sys --> C:\WINDOWS\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-29 79360]
S3 TsUsbFlt;TsUsbFlt;C:\WINDOWS\system32\drivers\tsusbflt.sys --> C:\WINDOWS\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl64.sys --> C:\WINDOWS\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\WINDOWS\system32\Wat\WatAdminSvc.exe --> C:\WINDOWS\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-01 22:43:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D20EBCE5-4147-4956-9D03-CFA28D04FC6E}\offreg.dll
2012-06-01 22:36:08 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6384CEB4-EC94-4DBF-872E-998858975EA4}\gapaengine.dll
2012-06-01 22:36:05 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D20EBCE5-4147-4956-9D03-CFA28D04FC6E}\mpengine.dll
2012-06-01 22:35:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-01 22:35:12 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-01 22:34:51 -------- d-----w- C:\b7ed7f8cc23c8ebbfb995e4b56848046
2012-06-01 22:00:33 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBC84952-55E5-48D9-A74F-95DDBF5C145E}\mpengine.dll
2012-05-25 11:13:55 81408 ----a-w- C:\WINDOWS\System32\imagehlp.dll
2012-05-25 11:13:55 5120 ----a-w- C:\WINDOWS\SysWow64\wmi.dll
2012-05-25 11:13:55 5120 ----a-w- C:\WINDOWS\System32\wmi.dll
2012-05-25 11:13:55 23408 ----a-w- C:\WINDOWS\System32\drivers\fs_rec.sys
2012-05-25 11:13:55 220672 ----a-w- C:\WINDOWS\System32\wintrust.dll
2012-05-25 11:13:55 172544 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2012-05-25 11:13:55 159232 ----a-w- C:\WINDOWS\SysWow64\imagehlp.dll
2012-05-10 00:33:00 1544704 ----a-w- C:\WINDOWS\System32\DWrite.dll
2012-05-10 00:33:00 1077248 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2012-05-10 00:28:34 5559664 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2012-05-10 00:28:34 3146240 ----a-w- C:\WINDOWS\System32\win32k.sys
2012-05-10 00:28:33 3968368 ----a-w- C:\WINDOWS\SysWow64\ntkrnlpa.exe
2012-05-10 00:28:33 3913072 ----a-w- C:\WINDOWS\SysWow64\ntoskrnl.exe
2012-05-10 00:25:56 75120 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2012-05-10 00:25:04 1918320 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2012-05-10 00:25:03 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 00:25:03 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:25:02 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:25:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 00:25:02 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2012-03-21 00:44:12 98688 ----a-w- C:\WINDOWS\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\WINDOWS\System32\drivers\MpFilter.sys
2012-03-12 22:22:48 116016 ----a-w- C:\WINDOWS\System32\drivers\98420296.sys
.
============= FINISH: 18:52:24.64 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 02 June 2012 - 05:37 PM

Hi,

could you please post the ComboFix log(s) (located on your C:\ drive)

then please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you will need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 02:56 PM

Hi, sorry for the delay. I thought had email notifications set up correctly. Here is the requested info and thanks for the help.


ComboFix 12-06-01.03 - Family Laptop 06/01/2012 18:16:25.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4393 [GMT -4:00]
Running from: c:\users\Family Laptop\Documents\Rogueremoval 2012\ComboFix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 22:23 . 2012-06-01 22:23 -------- d-----w- c:\users\Mcx1-FAMILYLAPTOP\AppData\Local\temp
2012-06-01 22:23 . 2012-06-01 22:23 -------- d-----w- c:\users\Larry\AppData\Local\temp
2012-06-01 22:23 . 2012-06-01 22:23 -------- d-----w- c:\users\Jane\AppData\Local\temp
2012-06-01 22:23 . 2012-06-01 22:23 -------- d-----w- c:\users\HOME\AppData\Local\temp
2012-06-01 22:23 . 2012-06-01 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 11:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-25 11:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-25 11:13 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-25 11:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-25 11:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-25 11:13 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-25 11:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-25 11:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-10 00:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 00:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 00:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 00:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 00:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 00:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-02-14 02:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 22:22 . 2012-03-12 22:22 116016 ----a-w- c:\windows\system32\drivers\98420296.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_20.59.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-01 21:49 35502 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-30 13:12 . 2012-06-01 21:49 12098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-169505164-714495948-86067946-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-06-01 21:05 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-01 21:45 . 2012-06-01 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-01 14:20 . 2012-06-01 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 21:45 . 2012-06-01 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-01 14:20 . 2012-06-01 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-01 21:50 627354 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 20:47 627354 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-01 21:50 107638 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 20:47 107638 c:\windows\system32\perfc009.dat
+ 2010-04-30 13:36 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
- 2010-04-30 13:36 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2012-06-01 14:20 510828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-01 21:27 510828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-14 07:17 . 2012-06-01 21:27 26245028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-169505164-714495948-86067946-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"FAStartup"="" [BU]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-07 1038088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-03-29 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 73275709
*NewlyCreated* - WS2IFSL
*Deregistered* - 73275709
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001Core.job
- c:\users\Family Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 02:35]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001UA.job
- c:\users\Family Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-01 18:26:06
ComboFix-quarantined-files.txt 2012-06-01 22:26
ComboFix2.txt 2012-06-01 21:01
.
Pre-Run: 151,375,110,144 bytes free
Post-Run: 150,949,363,712 bytes free
.
- - End Of File - - 3F831E8E756412F272DA73F7A94C50B4


Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 15:48:15
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] [x]
HKU\Family Laptop\...\Policies\system: [LogonHoursAction] 2
HKU\Family Laptop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\HOME\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-04] (Valve Corporation)
HKU\Jane\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-04] (Valve Corporation)
HKU\Jane\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Jane\...\Policies\system: [LogonHoursAction] 2
HKU\Jane\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Larry\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Larry\...\Policies\system: [LogonHoursAction] 2
HKU\Larry\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-FAMILYLAPTOP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli
FAPassSync
Startup: C:\Users\HOME\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Jane\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Mcx1-FAMILYLAPTOP\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-05-07] (Acresso Software Inc.)
2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 FAService; "c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [60416 2009-03-09] (ITE Tech. Inc. )
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 15:47 - 2012-06-04 15:48 - 0000000 ____D C:\FRST
2012-06-04 11:29 - 2012-06-04 11:29 - 1395739 ____A C:\Users\Family Laptop\Downloads\FRST64.exe
2012-06-01 15:16 - 2012-06-01 15:16 - 0000000 __SHD C:\$RECYCLE.BIN
2012-06-01 14:54 - 2012-06-01 14:54 - 0009567 ____A C:\Users\Family Laptop\Desktop\Attach.txt
2012-06-01 14:53 - 2012-06-01 14:53 - 0022478 ____A C:\Users\Family Laptop\Desktop\DDS.txt
2012-06-01 14:51 - 2012-06-01 14:51 - 0607260 ____R (Swearware) C:\Users\Family Laptop\Desktop\dds.scr
2012-06-01 14:50 - 2012-06-01 14:50 - 0000488 ____A C:\Users\Family Laptop\Desktop\defogger_disable.log
2012-06-01 14:50 - 2012-06-01 14:50 - 0000000 ____A C:\Users\Family Laptop\defogger_reenable
2012-06-01 14:48 - 2012-06-01 14:48 - 0050477 ____A C:\Users\Family Laptop\Desktop\Defogger.exe
2012-06-01 14:35 - 2012-06-01 14:35 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-01 14:35 - 2012-06-01 14:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-01 14:26 - 2012-06-01 14:26 - 0018668 ____A C:\ComboFix.txt
2012-06-01 14:13 - 2012-06-01 14:14 - 0127144 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_18.13.24_log.txt
2012-06-01 14:12 - 2012-06-01 14:12 - 0000346 ____A C:\TDSSKiller.2.7.9.0_01.06.2012_18.12.06_log.txt
2012-06-01 13:44 - 2012-06-04 11:35 - 0003666 ____A C:\Windows\PFRO.log
2012-06-01 13:24 - 2012-06-01 13:24 - 2787328 ____A C:\Users\Family Laptop\Downloads\dft32_v416_b00.iso
2012-06-01 13:12 - 2012-06-01 13:12 - 1210048 ____A C:\Users\Family Laptop\Downloads\bitdefender_isecurity_[quickscan].exe
2012-06-01 13:04 - 2012-06-04 11:37 - 0000168 ____A C:\Windows\setupact.log
2012-06-01 13:04 - 2012-06-01 13:04 - 0000000 ____A C:\Windows\setuperr.log
2012-06-01 12:48 - 2012-06-01 14:26 - 0000000 ____D C:\Windows\ERDNT
2012-06-01 12:36 - 2012-06-01 12:36 - 0015644 ____A C:\Users\Family Laptop\Documents\cc_20120601_163641.reg
2012-06-01 12:25 - 2012-06-01 12:25 - 0080758 ____A C:\TDSSKiller.2.7.20.0_01.06.2012_16.25.03_log.txt
2012-06-01 12:24 - 2012-06-01 12:24 - 0000346 ____A C:\TDSSKiller.2.7.9.0_01.06.2012_16.24.33_log.txt
2012-05-30 18:03 - 2012-05-30 18:13 - 0014682 ____A C:\Users\Family Laptop\Documents\Jane Bissett5.docx
2012-05-30 00:38 - 2012-05-30 00:38 - 0079322 ____A C:\TDSSKiller.2.6.21.0_30.05.2012_04.38.09_log.txt
2012-05-30 00:37 - 2012-05-30 00:37 - 0000348 ____A C:\TDSSKiller.2.7.20.0_30.05.2012_04.37.39_log.txt
2012-05-30 00:36 - 2012-05-30 00:36 - 0000346 ____A C:\TDSSKiller.2.7.9.0_30.05.2012_04.36.46_log.txt
2012-05-29 23:47 - 2012-05-31 23:25 - 0024576 ____A C:\BCD_Backup
2012-05-29 23:47 - 2012-05-31 23:25 - 0021504 __ASH C:\BCD_Backup.LOG
2012-05-29 23:47 - 2012-05-29 23:47 - 0000000 __ASH C:\BCD_Backup.LOG2
2012-05-29 23:47 - 2012-05-29 23:47 - 0000000 __ASH C:\BCD_Backup.LOG1
2012-05-25 03:20 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-25 03:20 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-25 03:20 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-25 03:20 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-25 03:20 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-25 03:20 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-25 03:20 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-25 03:20 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-25 03:20 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-25 03:20 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-25 03:20 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-25 03:20 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-25 03:20 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-25 03:20 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-25 03:20 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-25 03:20 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-25 03:20 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-25 03:20 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-25 03:20 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-25 03:20 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-25 03:20 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-25 03:20 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-25 03:20 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-25 03:20 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-25 03:20 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-25 03:20 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-25 03:13 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-25 03:13 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-25 03:13 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-25 03:13 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-25 03:13 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-25 03:13 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-25 03:13 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-21 12:40 - 2012-06-01 14:13 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\Family Laptop\Desktop\TDSSKiller.exe
2012-05-11 17:18 - 2012-05-11 17:25 - 1769258986 ____A C:\Users\Family Laptop\Downloads\Gstring.7z
2012-05-09 16:33 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 16:33 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 16:28 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 16:28 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 16:28 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 16:28 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 16:25 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 16:25 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-04 15:48 - 2012-06-04 15:47 - 0000000 ____D C:\FRST
2012-06-04 11:37 - 2012-06-01 13:04 - 0000168 ____A C:\Windows\setupact.log
2012-06-04 11:37 - 2010-04-30 04:17 - 527826944 __ASH C:\hiberfil.sys
2012-06-04 11:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-04 11:35 - 2012-06-01 13:44 - 0003666 ____A C:\Windows\PFRO.log
2012-06-04 11:32 - 2012-03-12 08:46 - 1715596 ____A C:\Windows\WindowsUpdate.log
2012-06-04 11:31 - 2009-07-13 21:13 - 0733968 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-04 11:29 - 2012-06-04 11:29 - 1395739 ____A C:\Users\Family Laptop\Downloads\FRST64.exe
2012-06-04 10:51 - 2012-01-11 18:35 - 0000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001UA.job
2012-06-03 17:51 - 2012-01-11 18:35 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001Core.job
2012-06-03 16:25 - 2010-04-30 14:56 - 0000000 ____D C:\Program Files (x86)\Steam
2012-06-02 14:03 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-02 14:03 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-01 15:16 - 2012-06-01 15:16 - 0000000 __SHD C:\$RECYCLE.BIN
2012-06-01 14:54 - 2012-06-01 14:54 - 0009567 ____A C:\Users\Family Laptop\Desktop\Attach.txt
2012-06-01 14:53 - 2012-06-01 14:53 - 0022478 ____A C:\Users\Family Laptop\Desktop\DDS.txt
2012-06-01 14:51 - 2012-06-01 14:51 - 0607260 ____R (Swearware) C:\Users\Family Laptop\Desktop\dds.scr
2012-06-01 14:50 - 2012-06-01 14:50 - 0000488 ____A C:\Users\Family Laptop\Desktop\defogger_disable.log
2012-06-01 14:50 - 2012-06-01 14:50 - 0000000 ____A C:\Users\Family Laptop\defogger_reenable
2012-06-01 14:50 - 2010-04-30 03:25 - 0000000 ____D C:\users\Family Laptop
2012-06-01 14:48 - 2012-06-01 14:48 - 0050477 ____A C:\Users\Family Laptop\Desktop\Defogger.exe
2012-06-01 14:35 - 2012-06-01 14:35 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-01 14:35 - 2012-06-01 14:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-01 14:35 - 2011-02-13 20:11 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-01 14:35 - 2011-02-13 20:10 - 0748118 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-01 14:26 - 2012-06-01 14:26 - 0018668 ____A C:\ComboFix.txt
2012-06-01 14:26 - 2012-06-01 12:48 - 0000000 ____D C:\Windows\ERDNT
2012-06-01 14:24 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-06-01 14:14 - 2012-06-01 14:13 - 0127144 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_18.13.24_log.txt
2012-06-01 14:13 - 2012-05-21 12:40 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\Family Laptop\Desktop\TDSSKiller.exe
2012-06-01 14:12 - 2012-06-01 14:12 - 0000346 ____A C:\TDSSKiller.2.7.9.0_01.06.2012_18.12.06_log.txt
2012-06-01 14:12 - 2010-12-31 21:14 - 0002254 ____A C:\Users\Family Laptop\Desktop\eula.txt
2012-06-01 13:24 - 2012-06-01 13:24 - 2787328 ____A C:\Users\Family Laptop\Downloads\dft32_v416_b00.iso
2012-06-01 13:12 - 2012-06-01 13:12 - 1210048 ____A C:\Users\Family Laptop\Downloads\bitdefender_isecurity_[quickscan].exe
2012-06-01 13:12 - 2012-03-12 15:16 - 0000000 ____D C:\Users\Family Laptop\AppData\Roaming\QuickScan
2012-06-01 13:09 - 2012-04-09 15:49 - 0000000 ____D C:\Users\Family Laptop\AppData\Roaming\Skype
2012-06-01 13:04 - 2012-06-01 13:04 - 0000000 ____A C:\Windows\setuperr.log
2012-06-01 12:59 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-01 12:38 - 2012-03-12 08:52 - 0014781 ____A C:\Users\Family Laptop\Documents\hijackthis.log
2012-06-01 12:36 - 2012-06-01 12:36 - 0015644 ____A C:\Users\Family Laptop\Documents\cc_20120601_163641.reg
2012-06-01 12:35 - 2010-11-12 15:09 - 0000975 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-01 12:35 - 2010-05-31 08:16 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-06-01 12:25 - 2012-06-01 12:25 - 0080758 ____A C:\TDSSKiller.2.7.20.0_01.06.2012_16.25.03_log.txt
2012-06-01 12:24 - 2012-06-01 12:24 - 0000346 ____A C:\TDSSKiller.2.7.9.0_01.06.2012_16.24.33_log.txt
2012-06-01 06:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-01 03:53 - 2010-05-31 12:31 - 0000000 ____D C:\users\Mcx1-FAMILYLAPTOP
2012-06-01 03:53 - 2010-05-14 14:56 - 0000000 ____D C:\users\Larry
2012-06-01 03:53 - 2010-05-02 17:10 - 0000000 ____D C:\users\HOME
2012-06-01 03:53 - 2010-05-02 05:15 - 0000000 ____D C:\users\Jane
2012-06-01 03:52 - 2010-05-07 11:06 - 0000000 ____D C:\Users\Family Laptop\AppData\Roaming\ArcSoft
2012-06-01 03:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-06-01 03:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-31 23:25 - 2012-05-29 23:47 - 0024576 ____A C:\BCD_Backup
2012-05-31 23:25 - 2012-05-29 23:47 - 0021504 __ASH C:\BCD_Backup.LOG
2012-05-31 13:20 - 2010-09-19 11:09 - 0000000 ____D C:\Users\Family Laptop\Documents\LarryA Stuff
2012-05-30 18:27 - 2011-05-16 13:30 - 0000000 ____D C:\Users\Family Laptop\Documents\Jane
2012-05-30 18:13 - 2012-05-30 18:03 - 0014682 ____A C:\Users\Family Laptop\Documents\Jane Bissett5.docx
2012-05-30 17:31 - 2010-06-08 09:10 - 0000000 ____D C:\Users\Family Laptop\Documents\KellyStuff
2012-05-30 00:38 - 2012-05-30 00:38 - 0079322 ____A C:\TDSSKiller.2.6.21.0_30.05.2012_04.38.09_log.txt
2012-05-30 00:37 - 2012-05-30 00:37 - 0000348 ____A C:\TDSSKiller.2.7.20.0_30.05.2012_04.37.39_log.txt
2012-05-30 00:36 - 2012-05-30 00:36 - 0000346 ____A C:\TDSSKiller.2.7.9.0_30.05.2012_04.36.46_log.txt
2012-05-29 23:47 - 2012-05-29 23:47 - 0000000 __ASH C:\BCD_Backup.LOG2
2012-05-29 23:47 - 2012-05-29 23:47 - 0000000 __ASH C:\BCD_Backup.LOG1
2012-05-29 15:51 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-25 05:00 - 2009-07-13 20:45 - 3081008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-25 03:23 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-05-25 03:13 - 2010-03-29 05:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-25 03:13 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-23 17:53 - 2012-01-11 18:35 - 0002441 ____A C:\Users\Family Laptop\Desktop\Google Chrome.lnk
2012-05-22 16:09 - 2010-05-02 14:14 - 0000000 ____D C:\Users\Family Laptop\AppData\Local\Apple
2012-05-11 17:25 - 2012-05-11 17:18 - 1769258986 ____A C:\Users\Family Laptop\Downloads\Gstring.7z
2012-05-03 19:46 - 2011-12-28 08:14 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-03 19:46 - 2011-02-13 18:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 15:26 - 2012-05-03 15:26 - 0031496 ____A C:\Users\Family Laptop\Documents\cc_20120503_192615.reg
2012-05-03 15:25 - 2011-05-28 12:25 - 0000000 ____D C:\Windows\Minidump
2012-05-01 15:29 - 2012-05-01 15:29 - 4336640 ____A C:\Users\Family Laptop\Documents\Common_Functionality_Initial_Wireframes_EDITS.vsd
2012-04-29 08:25 - 2012-04-29 08:25 - 0023552 ____A C:\Users\Family Laptop\Documents\Packing List for Johnsonburg.doc
2012-04-26 16:03 - 2010-04-30 04:58 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-26 13:03 - 2012-04-26 13:03 - 0012997 ____A C:\Users\Family Laptop\Documents\birthday in a box poster thingy.docx
2012-04-24 11:46 - 2012-04-24 11:46 - 0014133 ____A C:\Users\Family Laptop\Documents\Nametags.docx
2012-04-19 18:00 - 2012-04-19 17:56 - 0014894 ____A C:\Users\Family Laptop\Documents\MasterSched.docx
2012-04-19 17:18 - 2012-04-19 16:51 - 0000000 ____D C:\Users\Family Laptop\Documents\Avery Templates
2012-04-14 21:00 - 2010-08-16 18:20 - 0000000 ____D C:\Users\Family Laptop\AppData\Local\ElevatedDiagnostics
2012-04-04 11:56 - 2011-02-13 18:09 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 17:32 - 2012-03-31 17:32 - 2048294 ____A C:\Users\Family Laptop\Downloads\743216f814475eec01d411471f862bc2.zip
2012-03-31 17:01 - 2012-03-31 17:01 - 3620022 ____A C:\Users\Family Laptop\Downloads\dd0f53fe13ac05f72b198136a964cb6b.zip
2012-03-31 16:59 - 2012-03-31 16:59 - 1055576 ____A C:\Users\Family Laptop\Downloads\031be3bb8db296ad4183d4f12117d4b8.zip
2012-03-31 16:57 - 2012-03-31 16:57 - 0748495 ____A C:\Users\Family Laptop\Downloads\2b9ea2521285da767f6d346fb4f579a1.zip
2012-03-31 16:56 - 2012-03-31 16:56 - 5835055 ____A C:\Users\Family Laptop\Downloads\abca30db22dc608971e0189415e7854c.zip
2012-03-31 16:55 - 2012-03-31 16:55 - 0008485 ____A C:\Users\Family Laptop\Downloads\7a97e3cfcacbd37955eedcddf8acf543.zip
2012-03-31 16:44 - 2012-03-31 16:44 - 1296053 ____A C:\Users\Family Laptop\Downloads\e647e181863c29b78f59a78fc0cb37f0.zip
2012-03-31 16:44 - 2012-03-31 16:44 - 1296053 ____A C:\Users\Family Laptop\Downloads\e647e181863c29b78f59a78fc0cb37f0 (1).zip
2012-03-31 16:43 - 2012-03-31 16:43 - 24939835 ____A C:\Users\Family Laptop\Downloads\e8a412f562757c1c4a40b0cbd2339164.zip
2012-03-31 16:34 - 2012-03-31 16:34 - 10523642 ____A C:\Users\Family Laptop\Downloads\6f56fca26f319c53e8cbb27687136a01.zip
2012-03-31 16:32 - 2012-03-31 16:32 - 2254967 ____A C:\Users\Family Laptop\Downloads\ea1c2ff8ee5458802fd923124df10b6d.zip
2012-03-31 16:31 - 2012-03-31 16:30 - 2660788 ____A C:\Users\Family Laptop\Downloads\29f3e5676c49adc0ffb5e1bff99adf43.zip
2012-03-31 16:30 - 2012-03-31 16:30 - 3941230 ____A C:\Users\Family Laptop\Downloads\a163cb9b26c98a8e5ce51dc7833a0d6f.zip
2012-03-31 16:29 - 2012-03-31 16:28 - 7744069 ____A C:\Users\Family Laptop\Downloads\037fca3100a89749c76b2c1360843931.zip
2012-03-31 16:27 - 2012-03-31 16:27 - 2594308 ____A C:\Users\Family Laptop\Downloads\ffef4f14b8de629f2a2989bf43bb9fda.zip
2012-03-30 22:05 - 2012-05-09 16:28 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 16:28 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 16:28 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 16:28 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 16:25 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 15:42 - 2012-03-26 15:38 - 0972994 ____A C:\Users\Family Laptop\Documents\BissettTitleScan.pdf
2012-03-20 16:44 - 2012-03-20 16:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-16 23:58 - 2012-05-09 16:25 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-12 16:30 - 2010-04-30 03:25 - 0131872 ____A C:\Users\Family Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-12 16:21 - 2012-03-12 16:21 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2012-03-12 16:21 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-03-12 16:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-12 16:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-12 15:36 - 2011-07-06 18:37 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-03-12 15:25 - 2010-06-19 13:07 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-12 15:22 - 2012-03-12 15:22 - 0000020 ____A C:\Windows\ ú¾
2012-03-12 15:16 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-12 15:10 - 2012-03-12 15:10 - 0011798 ____A C:\Users\Family Laptop\Documents\cc_20120312_191037.reg
2012-03-12 15:09 - 2010-05-11 12:54 - 0000000 ____D C:\Users\Family Laptop\Tracing
2012-03-12 15:03 - 2011-10-07 09:50 - 0000000 ____D C:\Program Files (x86)\Squeezebox
2012-03-12 14:24 - 2012-03-12 14:22 - 0082858 ____A C:\TDSSKiller.2.7.20.0_12.03.2012_18.22.47_log.txt
2012-03-12 14:22 - 2012-03-12 14:22 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\98420296.sys
2012-03-12 14:22 - 2012-03-12 14:22 - 0000346 ____A C:\TDSSKiller.2.7.9.0_12.03.2012_18.22.12_log.txt
2012-03-12 14:21 - 2012-03-12 14:21 - 0000346 ____A C:\TDSSKiller.2.7.9.0_12.03.2012_18.21.42_log.txt
2012-03-12 14:15 - 2012-03-12 14:13 - 0000000 ____D C:\Users\Family Laptop\Documents\Rogueremoval 2012
2012-03-12 14:13 - 2012-03-12 14:12 - 33764315 ____A C:\Users\Family Laptop\Downloads\rogueremoval (1).zip
2012-03-12 08:52 - 2012-03-12 08:52 - 0388608 ____A (Trend Micro Inc.) C:\Users\Family Laptop\Downloads\HijackThis.exe
2012-03-11 20:30 - 2012-03-11 20:30 - 0007605 ____A C:\Users\Family Laptop\AppData\Local\Resmon.ResmonCfg
2012-03-11 20:25 - 2012-03-11 20:25 - 0000000 ____D C:\Program Files\HitmanPro
2012-03-11 20:25 - 2012-03-11 20:24 - 0082554 ____A C:\TDSSKiller.2.7.20.0_12.03.2012_00.24.32_log.txt
2012-03-11 20:24 - 2012-03-11 20:24 - 0000000 ____D C:\Users\Family Laptop\Documents\tdsskiller
2012-03-11 20:24 - 2012-03-11 20:23 - 0000348 ____A C:\TDSSKiller.2.6.21.0_12.03.2012_00.23.53_log.txt

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 6132.5 MB
Available physical RAM: 5193.19 MB
Total Pagefile: 6130.65 MB
Available Pagefile: 5179.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:140.33 GB) NTFS
2 Drive e: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
3 Drive f: (TRAVELDRIVE) (Removable) (Total:0.96 GB) (Free:0.22 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.1 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 984 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 983 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TRAVELDRIVE FAT Removable 983 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-28 20:34

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 03:14 PM

Hi,

we have a bit more digging to do,

please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT



Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 04:16 PM

Hi, okay here are my results.

I could not get ESET to run as the update failed with a "Is proxy configured" question. I checked my LAN settings and there is no check in the box for using proxy.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 16:40:15
-----------------------------
16:40:15.386 OS Version: Windows x64 6.1.7601 Service Pack 1
16:40:15.386 Number of processors: 8 586 0x1E05
16:40:15.386 ComputerName: FAMILYLAPTOP UserName:
16:40:16.696 Initialize success
16:40:40.009 AVAST engine defs: 12060401
16:40:44.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:44.330 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
16:40:44.346 Disk 0 MBR read successfully
16:40:44.346 Disk 0 MBR scan
16:40:44.424 Disk 0 Windows 7 default MBR code
16:40:44.439 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 39 MB offset 63
16:40:44.439 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:40:44.486 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461897 MB offset 30801920
16:40:44.548 Disk 0 scanning C:\WINDOWS\system32\drivers
16:41:04.439 Service scanning
16:41:44.593 Modules scanning
16:41:44.609 Disk 0 trace - called modules:
16:41:44.640 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:41:44.655 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800642f790]
16:41:44.671 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061c7050]
16:41:46.231 AVAST engine scan C:\WINDOWS
16:41:48.867 AVAST engine scan C:\WINDOWS\system32
16:46:22.055 AVAST engine scan C:\WINDOWS\system32\drivers
16:46:41.384 AVAST engine scan C:\Users\Family Laptop
16:49:54.824 Disk 0 MBR has been saved successfully to "C:\Users\Family Laptop\Desktop\MBR.dat"
16:49:54.902 The log file has been saved successfully to "C:\Users\Family Laptop\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   571bytes   1 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 04:51 PM

Hi

what browser are you using for the ESET scan?

Please try deleting all your browser history and cookies and give it another try or try an alternate browser

if it still wont run, try it in safe mode with networking;

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 07:44 PM

Ah, clearing everything worked. Here are the results. Looks like that found something. Thanks.

C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q4XSANB\136[1].htm HTML/Iframe.B.Gen virus

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 08:06 PM

Hi,

Please run the following, allow ComboFix to update if it asks to do so.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q4XSANB\136[1].htm 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Your Java is out of date, please go to Start > Control Panel > Programs and Features and remove the Java program(s) that's installed, then download and install the latest Java version 7 update 4 from the following link:


http://java.com/en/download/index.jsp


NEXT


Please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 08:38 PM

Here is the combofix log. Computer seems to be running good. One question about google redirect though. My results were redirecting to search-results. I was able to delete this in Google but in IE I'm only able to disable the add on and not remove it as the button is grayed out. Do I need to worry about this? Is there a way to remove it entirely? It's status is set to Default even though it's disabled. Thanks.


ComboFix 12-06-04.02 - Family Laptop 06/04/2012 21:17:51.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.3812 [GMT -4:00]
Running from: c:\users\Family Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Family Laptop\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q4XSANB\136[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q4XSANB\136[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 01:25 . 2012-06-05 01:25 -------- d-----w- c:\users\Mcx1-FAMILYLAPTOP\AppData\Local\temp
2012-06-04 23:47 . 2012-06-04 23:49 -------- d-----w- C:\FRST
2012-06-04 20:48 . 2012-06-04 20:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9D8A782-EECB-44A1-B05E-25B93587B06D}\offreg.dll
2012-06-04 01:04 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9D8A782-EECB-44A1-B05E-25B93587B06D}\mpengine.dll
2012-06-03 05:44 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 22:36 . 2012-06-01 22:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6384CEB4-EC94-4DBF-872E-998858975EA4}\gapaengine.dll
2012-06-01 22:35 . 2012-06-01 22:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-01 22:35 . 2012-06-01 22:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-01 22:00 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBC84952-55E5-48D9-A74F-95DDBF5C145E}\mpengine.dll
2012-05-25 11:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-25 11:13 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-25 11:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-25 11:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-25 11:13 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-25 11:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-25 11:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-10 00:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 00:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 00:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 00:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 00:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 00:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 00:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 00:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-02-14 02:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 22:22 . 2012-03-12 22:22 116016 ----a-w- c:\windows\system32\drivers\98420296.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-07 1038088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-03-29 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001Core.job
- c:\users\Family Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 02:35]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001UA.job
- c:\users\Family Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 21:27:01
ComboFix-quarantined-files.txt 2012-06-05 01:27
ComboFix2.txt 2012-06-01 22:26
.
Pre-Run: 150,316,171,264 bytes free
Post-Run: 150,311,198,720 bytes free
.
- - End Of File - - 5B142F794C36754E32DE8E840C19997A

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 09:01 PM

Let's see if it will show up on the following log


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 09:17 PM

Hi, here are the two log files:


OTL logfile created on: 6/4/2012 10:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Family Laptop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 60.59% Memory free
11.98 Gb Paging File | 9.85 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 140.89 Gb Free Space | 31.23% Space Free | Partition Type: NTFS

Computer Name: FAMILYLAPTOP | User Name: Family Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 22:04:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Family Laptop\Desktop\OTL.exe
PRC - [2012/01/03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/08/17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/24 17:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/06/24 17:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/06/24 17:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/06/24 17:32:34 | 000,089,352 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAIEExtension.dll
MOD - [2009/06/24 17:31:46 | 000,059,144 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAib.dll
MOD - [2009/06/24 17:31:00 | 000,234,760 | ---- | M] () -- C:\WINDOWS\SysWOW64\FACrashRpt.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\LXECsm.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/07 16:21:00 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/04/14 16:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 16:08:23 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/11/18 01:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2012/04/26 17:31:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/07 16:19:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/14 16:08:23 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/29 09:18:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/24 17:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/11/20 02:25:42 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/11/18 02:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/29 21:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/23 23:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/09 04:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D528AAD6-DD33-4D54-A3D9-B2D07F36D78A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{70E6E1FF-FF1E-43C6-AA30-C4C789CE6AB7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\SearchScopes\{E08C33D6-33F2-460F-825E-E4C658FF8371}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AD2&o=102164&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=JH&apn_dtid=YYYYYYYYUS&apn_uid=b4648404-4bc2-49da-8860-6642bf621129&apn_sauid=A6FA52A7-F556-4D8A-88FA-301108113518&
IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Family Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Family Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Family Laptop\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Family Laptop\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Family Laptop\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Family Laptop\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Family Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Family Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Family Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/04 21:25:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\WINDOWS\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1-FAMILYLAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169505164-714495948-86067946-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C007613-F8BE-455A-8EC1-6784DB083669}: DhcpNameServer = 167.206.245.130 167.206.245.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBB4296-2873-47CB-98B6-E54494BE8171}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 22:04:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Family Laptop\Desktop\OTL.exe
[2012/06/04 21:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/04 21:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/04 21:28:22 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2012/06/04 21:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/04 21:14:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/04 19:47:49 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/04 16:39:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Family Laptop\Desktop\aswMBR.exe
[2012/06/01 18:51:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Family Laptop\Desktop\dds.scr
[2012/06/01 18:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/01 18:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/01 16:48:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Family Laptop\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/04 22:04:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Family Laptop\Desktop\OTL.exe
[2012/06/04 21:51:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001UA.job
[2012/06/04 21:51:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-169505164-714495948-86067946-1001Core.job
[2012/06/04 21:25:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2012/06/04 16:51:28 | 000,000,571 | ---- | M] () -- C:\Users\Family Laptop\Desktop\MBR.zip
[2012/06/04 16:49:54 | 000,000,512 | ---- | M] () -- C:\Users\Family Laptop\Desktop\MBR.dat
[2012/06/04 16:39:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Family Laptop\Desktop\aswMBR.exe
[2012/06/04 16:00:58 | 000,733,968 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2012/06/04 16:00:58 | 000,629,482 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2012/06/04 16:00:58 | 000,108,666 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2012/06/04 15:59:54 | 000,014,240 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 15:59:54 | 000,014,240 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 15:52:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 15:52:15 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 18:51:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Family Laptop\Desktop\dds.scr
[2012/06/01 18:50:32 | 000,000,000 | ---- | M] () -- C:\Users\Family Laptop\defogger_reenable
[2012/06/01 18:48:47 | 000,050,477 | ---- | M] () -- C:\Users\Family Laptop\Desktop\Defogger.exe
[2012/06/01 18:35:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/01 18:35:16 | 000,748,118 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/06/01 18:13:03 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Family Laptop\Desktop\TDSSKiller.exe
[2012/06/01 16:36:45 | 000,015,644 | ---- | M] () -- C:\Users\Family Laptop\Documents\cc_20120601_163641.reg
[2012/06/01 16:35:33 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 03:25:19 | 000,024,576 | ---- | M] () -- C:\BCD_Backup
[2012/05/30 04:34:23 | 000,001,099 | ---- | M] () -- C:\Users\Family Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/25 09:00:39 | 003,081,008 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2012/05/23 21:53:38 | 000,002,441 | ---- | M] () -- C:\Users\Family Laptop\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/06/04 16:51:28 | 000,000,571 | ---- | C] () -- C:\Users\Family Laptop\Desktop\MBR.zip
[2012/06/04 16:49:54 | 000,000,512 | ---- | C] () -- C:\Users\Family Laptop\Desktop\MBR.dat
[2012/06/01 18:50:32 | 000,000,000 | ---- | C] () -- C:\Users\Family Laptop\defogger_reenable
[2012/06/01 18:48:47 | 000,050,477 | ---- | C] () -- C:\Users\Family Laptop\Desktop\Defogger.exe
[2012/06/01 18:35:24 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/01 16:36:43 | 000,015,644 | ---- | C] () -- C:\Users\Family Laptop\Documents\cc_20120601_163641.reg
[2012/05/30 03:47:12 | 000,024,576 | ---- | C] () -- C:\BCD_Backup
[2012/03/12 00:30:07 | 000,007,605 | ---- | C] () -- C:\Users\Family Laptop\AppData\Local\Resmon.ResmonCfg
[2012/03/05 16:48:57 | 000,222,760 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/12/04 18:41:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxecinpa.dll
[2011/12/04 18:41:01 | 000,344,064 | ---- | C] () -- C:\WINDOWS\SysWow64\lxeccomx.dll
[2011/12/04 18:41:01 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeciesc.dll
[2011/12/04 18:41:01 | 000,331,776 | ---- | C] () -- C:\WINDOWS\SysWow64\LXECinst.dll
[2011/12/04 18:41:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\lxecinsr.dll
[2011/12/04 18:41:01 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\lxecjswr.dll
[2011/12/04 18:41:00 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxecserv.dll
[2011/12/04 18:41:00 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxecusb1.dll
[2011/12/04 18:41:00 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxechbn3.dll
[2011/12/04 18:41:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxecpmui.dll
[2011/12/04 18:41:00 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeclmpm.dll
[2011/12/04 18:41:00 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxecih.exe
[2011/12/04 18:41:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\SysWow64\lxecins.dll
[2011/12/04 18:41:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\SysWow64\lxecinsb.dll
[2011/12/04 18:41:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\SysWow64\lxeccu.dll
[2011/12/04 18:41:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\lxeccub.dll
[2011/12/04 18:41:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SysWow64\lxeccur.dll
[2011/12/04 18:40:59 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeccomc.dll
[2011/12/04 18:40:59 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeccoms.exe
[2011/12/04 18:40:59 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeccomm.dll
[2011/12/04 18:40:58 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeccfg.exe
[2011/10/29 12:52:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/10/13 11:54:10 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011/02/14 00:10:45 | 000,748,118 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/01/03 13:25:50 | 000,000,179 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2010/12/03 14:37:48 | 000,299,008 | ---- | C] () -- C:\WINDOWS\SysWow64\LXECsm.dll
[2010/12/03 14:37:48 | 000,023,552 | ---- | C] () -- C:\WINDOWS\SysWow64\LXECsmr.dll

========== LOP Check ==========

[2010/05/07 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\Family Laptop\AppData\Roaming\EPSON
[2010/05/07 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\Family Laptop\AppData\Roaming\Leadertech
[2010/05/24 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Family Laptop\AppData\Roaming\Moyea
[2010/12/09 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Family Laptop\AppData\Roaming\Pro800-Pro900 Series
[2012/06/01 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\Family Laptop\AppData\Roaming\QuickScan
[2010/05/11 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\Epson
[2010/12/08 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\Pro800-Pro900 Series
[2010/05/14 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Epson
[2010/12/04 09:12:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Pro800-Pro900 Series
[2011/03/26 22:11:28 | 000,032,556 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/13 21:59:46 | 000,721,199 | ---- | M] () MD5=13826977A8E7CEAC8DA079FEA3C9A12E -- C:\Users\Family Laptop\Documents\RKill\eXplorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/02/13 21:59:51 | 000,721,199 | ---- | M] () MD5=13826977A8E7CEAC8DA079FEA3C9A12E -- C:\Users\Family Laptop\Documents\RKill\uSeRiNiT.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/02/13 21:59:52 | 000,721,199 | ---- | M] () MD5=13826977A8E7CEAC8DA079FEA3C9A12E -- C:\Users\Family Laptop\Documents\RKill\WiNlOgOn.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS725050A9A362
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Lexmark USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15770583040
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\System32\config\systemprofile\AppData\Local\Application Data] -> F:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\WINDOWS\System32\config\systemprofile\AppData\Local\History] -> F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\WINDOWS\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\WINDOWS\System32\config\systemprofile\Application Data] -> F:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\WINDOWS\System32\config\systemprofile\Local Settings] -> F:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> F:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\History] -> F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\Application Data] -> F:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\Local Settings] -> F:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >




OTL Extras logfile created on: 6/4/2012 10:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Family Laptop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 60.59% Memory free
11.98 Gb Paging File | 9.85 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 140.89 Gb Free Space | 31.23% Space Free | Partition Type: NTFS

Computer Name: FAMILYLAPTOP | User Name: Family Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0285B418-ADE0-4D72-8ADD-02EAA0A32ECB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{046AB1EE-A595-4E60-927C-D21F6B226652}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0580EC38-AB31-4CA9-AADE-5FE887B70966}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A1BBA24-63B9-4F49-BD7B-7A35FA416DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14D2142B-F2D0-453B-BCC2-8D5B4B5E6583}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{22DBA14C-410F-4017-8DD9-9835947F3552}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2B17A405-D29E-4740-896D-B5CDF0807DBB}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D3C143F-CA19-4E91-8A99-24E296442267}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35323AF4-80D6-4BE7-A06E-DE121198EBDF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{36E57544-7A09-4CB3-A4EC-5FC65DA362B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37D2988B-F267-4380-BDC5-BCC5D37B4857}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3851F35C-0691-4CB0-AC9B-CA84DA6CA0C3}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39932E74-0E20-4F0F-8297-70C39DEC0C67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B538D4B-E627-4DE4-80CC-639B5894598C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4BFD6514-1B3B-4383-B283-353F5C24C1C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C6ABDB1-2D92-43CC-8E7A-E1C989E79044}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D5E367A-96A2-46E0-BA36-7703ED0DD3FC}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4DFA7F15-A2BD-41A5-84C7-71EC86F17940}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{512FF027-19F4-45D0-8092-CD01BA3B58D3}" = lport=139 | protocol=6 | dir=in | app=system |
"{52E8A044-9168-4D19-A2AA-F0F322DD80F7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5ABFB6C3-9D42-45AE-8A3F-7915CB3D3B99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6663F38C-4019-4022-B084-46AE7E1F84D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B194BDE-4A36-4EBF-A247-A23A5D30E767}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C27BEF9-1EFE-4CE9-ACCB-40D7985EA650}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703AB416-6F2A-491D-A816-E9099EA6DE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{776F319C-F83C-4E06-97D4-2EF32B05630C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82248149-949F-4074-8A21-00DC4F497AB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{826FBD5D-3777-4748-BE9C-2AE0C63669DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85F7FA9D-FFAC-470F-B9C5-55045135178A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8A941D8E-1F4C-4DFE-A966-A841BA315171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C4E219A-7761-4A81-AC83-2E74E8649CF8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9039BBBE-EFB1-4D28-A7D8-06438867E7CE}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{93D96332-8FBF-4F6A-9CAA-24FBFA1FB995}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9517FD2B-CC8E-4B80-A3AE-54D39234F472}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F453F65-1BE9-45E2-8F7C-781B5B9D96B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE393899-0B2A-4B9F-828D-11F33EBAA27E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B38887CC-BF12-4500-B5C4-EBD220776B77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3C16EC6-1E1D-4DB9-817D-C7DBDFA42051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B5EED8D7-3CE0-4B84-A7EC-EEE5BD66961E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B6EA25BE-E8C0-49CB-8D17-869E8356F438}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB1F6CF0-42E9-4A59-B47C-2D0DDFBBC0F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0E8F98F-A9BE-48F5-9665-DBB56005F90F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C50E7228-58FE-4DB8-AD6D-32015890A477}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5EDEF88-0B79-4C03-A3DC-BD1366DC81F2}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{CCAE738E-0D65-4A01-990E-C8D000C9530A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE73B1B4-D957-47BA-9676-8B665EEC60DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1326C3C-D580-492A-B360-8DADFBB60C2A}" = rport=138 | protocol=17 | dir=out | app=system |
"{D858A6EF-DFA6-49A1-9FFC-836095F6CB04}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1D3CE88-B13E-4E4A-ACFA-D03799C3FAAA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E51403D0-7365-43F7-9887-DAB104692FAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E53BDD62-9A41-4730-8549-914B63A92790}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5E5D869-ED19-492F-9C6E-0AD0433E2339}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E674D8B4-D4E2-45FA-8706-E4E80DFAA395}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EBC8A5CE-27DD-43AF-8021-ACC56E47B4B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{F699E9F0-BC44-4CF2-AB38-9280F158239B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FF1331FF-B0B9-42CB-AA15-26189FA3BCAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F3E0F5-D31E-4A95-BE7A-1518AA15FB86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{04167C98-AECE-4997-B7D8-DF8328D5B07F}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{043231A1-85AD-4614-AAD8-687CF201F397}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0443218E-F172-499E-BA9D-BD0C7B5397C6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{048D7FC3-5142-4739-9F0E-321F876429D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{0667BDCD-21F6-4D2E-B4C0-4922A29FBD76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{0A7BC59A-50BE-4430-9F34-ADD5FD00D60A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecupld.exe |
"{0ADB0459-FD40-4454-B88C-E69056FEBF4E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D650ABB-B31E-417D-9D3F-0B82BAA3E7E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{1460F3C1-2188-4550-B0CE-35485DEFC69F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life source\hl2.exe |
"{21BDA0CF-5006-4AA1-884E-8D7145609364}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecjswx.exe |
"{220E5269-91D9-4201-A3D7-A1AF55ED3FB5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecjswx.exe |
"{25D5F2C7-B047-42BC-8E46-C22A55479707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2647CBC2-5B84-4D54-9599-C444A0860017}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life\hl.exe |
"{29A2F214-9894-46E8-BCBB-5810EDCA8D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{29B0A438-FF19-4CB9-9EAB-6C2E720E8C63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\opposing force\hl.exe |
"{2ADDD8A3-76D8-4419-B07C-7649F209FED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E2841D4-D24B-4D7E-9E60-29918A2E2822}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2FFC4DDB-84D2-4CA3-9591-E730ACE1DED2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life source\hl2.exe |
"{30000B24-DA47-423A-8143-9A0102AC8CA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{34C8873A-3ABD-4380-8642-F21ACFBBC8C4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecupld.exe |
"{350A3C98-C201-43DF-A283-8F40B63AFBB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{356B82C1-97AC-499E-B25F-6372C1878053}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\zombie panic! source\hl2.exe |
"{36D88F4F-EFD5-4252-A524-5D00EAB41EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\sourcesdk\bin\sdklauncher.exe |
"{37314158-BD06-4FC7-AC08-CFBBC05BD7AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AF4DCCF-F1A8-4666-8A07-4FF09E896A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{3B3D37D2-879E-4905-A318-13758C1EFE3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{3BCCD546-94DB-4D9D-BCD6-7622E7E6BFF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3E2BEF62-5B59-41FD-BBBB-3F77919E911B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40CE0628-D2AC-479A-B266-8F75F9A769F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{42E324A1-6164-4EE1-BD50-E80BEAC37D1D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{42EC8B49-A6AC-43E3-8696-266898F09204}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42F35A14-083E-409A-80E3-B34432B782B5}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{430D5903-13C5-4EFA-9F7F-56FEDB29362F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\zombie panic! source\hl2.exe |
"{44034BB6-352A-47CB-82F8-876A84BCAFB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{44B401C5-61F1-4AFC-850F-8E823166716F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45DF0E52-1126-42A4-A48C-2F21D5CA36E3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4616BB6F-44C6-4656-B35A-5907F66BD38B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecview.exe |
"{463DF9CC-224E-4737-8A62-BDDD9C54DA05}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{48CF43B6-9FD4-46B4-9DB0-A13C5C8115F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\opposing force\hl.exe |
"{49905FD0-ED5E-4DB6-A58A-6E3B3190BE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\team fortress classic\hl.exe |
"{4BE1788C-EC33-4BE2-827F-5A3177257503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3BAF62-3878-4CB9-8624-CEC675013005}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life source\hl2.exe |
"{4F6AD4AF-2780-452C-BB42-33D8716A5F4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{50ABC8B8-6C37-412A-BD85-B95C4997CA19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{52D50C45-CB39-48FF-A31B-55E87A73AC41}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{5339F6C6-FC8A-4833-B73B-C4FF218E594B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5404EC30-7196-4685-8FCD-D1729615049E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{57F01E5E-C951-426C-AB59-9600AFD58597}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{59504376-E997-413C-BA7B-4F95B1D0C373}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A2F9068-6A91-4EAB-965D-45FBAA78A4E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\opposing force\hl.exe |
"{600CED5F-25C3-4466-8277-3789D7FC6E3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life source\hl2.exe |
"{600CEEA7-B02B-4F76-B334-1B649DA1281D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{682CBEEB-4737-4A96-9434-1C9E8F365D04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{68C35CA9-9A7A-400C-8445-EC0D43B08FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\team fortress classic\hl.exe |
"{6B8ED275-421F-4488-9896-A4D943A4621D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\source sdk base 2007\hl2.exe |
"{6F10EFC1-5868-4EC0-ACFF-8D0C88670ADD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxectime.exe |
"{70330B04-16DA-4632-8D29-3D424D976413}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{70CF74E5-2EA7-4DAB-8576-FED7D54A6E7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{711B83B2-D9E3-448D-B433-0CC20B983464}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71A82370-99B7-4A29-A56B-7D24DDE983B1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecview.exe |
"{741E4D53-66B4-4B6F-A11C-8806AE00C11A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{743D7D5E-67B7-4DFD-A5EF-2DD7ECC80412}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxeccfgx.exe |
"{76694F05-99EE-4B6F-BF76-EB57AE364F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\source sdk base 2007\hl2.exe |
"{779DE0BE-A386-4929-A0EA-BEF86E02F36C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{792A8D4B-CE91-4322-8442-A7DD679F14E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79DE44E1-32E2-4ADA-98FF-31498544C2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{80204D8A-B95E-424C-A8E3-8804B3415583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\garrysmod\hl2.exe |
"{80E02F93-3EE7-4E17-AB43-0D74F292A969}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\sourcesdk\bin\sdklauncher.exe |
"{82CEB88A-B503-4E65-9FB3-3EADE45CB6C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{85A9AFA7-32D4-4804-9459-BACAB91DA2AB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecwupd.exe |
"{8A2F666B-34A7-4FEA-AEED-0D0F3A99E8A4}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A59DD26-C9EE-472E-AA9B-0C616C1CCD6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B2D0794-6FD0-4B95-8658-EEF2F6837F80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B4D7A98-3000-4FC6-BF0E-BEAE285FEE34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8C3A6265-D4BC-4472-A992-89F234EC6E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{8CB2119B-70F1-4763-BF03-3A9FB779375B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{90721AB8-4800-4F4F-BE1F-88B72B09D492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90B6EA38-263F-41D3-93CD-99E53403D06B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\deadspace2.exe |
"{91612FF7-644F-4AE0-A4F5-3E46E339F90F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{931A4A9E-2E43-4889-BC8E-18FF53B8AE99}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecwbgw.exe |
"{93904318-4454-43A1-AC59-8CBD5CE25731}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\source sdk base 2007\hl2.exe |
"{93A439D7-F926-41F1-A77F-5FFEF8A1DE80}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{955EAFE5-D0E6-4A3F-A2C6-9F0A3F8C249C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{95863EF9-0E90-4B97-953D-28C82725F250}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9703B8DC-4099-4BFF-B786-AEAF22C76D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life\hl.exe |
"{97156DA4-6F19-4248-84DB-434DECE25AE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{98AC322C-639E-4AC3-9A07-C8E9E7A3F452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{999CE344-2167-49AC-9437-F1DB42AFAC16}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecwbgw.exe |
"{9AA6E9E1-C0C1-4557-9E94-64355A2792C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{9B8D51F9-9F78-45A4-B1DF-25C3394DC95A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{9D5A3D88-E0DE-4C56-B25F-A4242E2F9D29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life\hl.exe |
"{9DAFAA26-0373-456C-963A-D544B3BC0AE7}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9EA8933C-E083-4F6F-A681-25CDDBAD7E0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\garrysmod\hl2.exe |
"{9F847B36-78B3-48A5-BB9F-36648A412D20}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxeccfgx.exe |
"{A3B060B3-4FF6-495D-B7F2-BBB296D7FEBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\team fortress classic\hl.exe |
"{A4B473B1-5421-468B-A0E8-EC754D5F8147}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\garrysmod\hl2.exe |
"{A4F23E73-F8E0-4BC7-BCE9-0709FF8FDA62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{A8725FBC-C6CF-41E8-8F8F-8C7B88673411}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AB832E4D-AA69-447B-BDA7-D6019FCC060C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecserv.exe |
"{AC04EB38-FAB6-40FD-AEFA-77F3764B921A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AD2CEE7F-D500-48B4-9914-C0F682CB3344}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecwupd.exe |
"{AFA5C727-953F-47C6-AA0F-09E6433A8536}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxectime.exe |
"{B010A515-84F5-491C-A832-4FEC5E3D2FBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B246C223-25E8-4C40-A51C-B58DAA6D0EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B65028C2-FE17-4E1A-939B-A80791C7CDA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B69D9F59-A326-4D20-B64B-9D56A78F0F27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\garrysmod\hl2.exe |
"{B72FC0C4-4BE9-415B-8517-2AFFD59F7F74}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B7C9EDBB-7D9E-4883-A807-E1DDC93A5EF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{B8988383-3677-42EF-BA23-958425E896D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{B8E4CF75-F6CC-4D88-AB0B-4147FF2077C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{BD89B29F-9200-42E1-A795-725F6C7F828B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{BE2F909F-332F-4D70-A036-8799EEED36B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\zombie panic! source\hl2.exe |
"{C017A07D-EEDD-4C20-893A-2C2FAC8D9DD8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{C212DDB8-770A-4D84-836E-7D92FF031F88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{C2B8AD5E-120C-4DE2-9DCF-DAC4F87FB3A9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C37AD3C6-FA3D-476F-B6A7-068316EFBB57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{C578D0F0-4C97-4BCE-9292-86BD171531FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C807435C-CBA9-4F90-945B-F6C31732B4B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\team fortress classic\hl.exe |
"{CB46BA43-9553-44F7-BC56-9FA6EC32554E}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{CB78A8EC-C4FD-4FDE-94A1-E77C78819E2E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBD496BE-2416-479C-8BDA-913C260A28FF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecserv.exe |
"{CC6C8CD0-DA6D-4B7F-B77D-3E8813E1FF56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{CD9EB8BD-A5CE-4FB9-B495-8AFCED140F00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE05241D-61D4-41A6-874C-09AA223D1E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\source sdk base 2007\hl2.exe |
"{CE09F676-A2DD-465B-8753-7C6625AD78BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CEAC21D2-BEE1-4D33-9A74-3B39F5F7D7AE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D24E790B-5918-4AEC-8F26-FBECBE7C7B18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D30FAD12-1E28-48D0-8FE1-D41D528A56BE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D6CB2DE8-DE70-4CC6-9C1B-BABB0088FAB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\zombie panic! source\hl2.exe |
"{D7131692-F104-4EED-B04D-B831D37C2546}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecpswx.exe |
"{D8ABC146-07D6-40EF-A2E5-84B94DAE8D39}" = protocol=6 | dir=out | app=system |
"{D9B009E5-8364-46D4-B66B-121B71DFE04E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBCF6649-6A6E-4EA0-B2ED-EFEB3A2835C7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DCA026AB-8F02-48D5-8D7E-073E5A4CC189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life\hl.exe |
"{DCBCF1F1-AD92-4DF9-857C-4C4D50315EB2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{DD53CDB7-180B-4C96-8780-8751F2CEBBA2}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DE882B0B-9324-4273-8561-88BB9C80CD13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E851F4EE-AFEA-4AF7-9851-BF41717B7C41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\sourcesdk\bin\sdklauncher.exe |
"{E85223D5-CF7B-4072-AE47-4A740B8587CB}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{EBB1DECC-ABF6-4316-B35F-8A9650BBDCD6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxecpswx.exe |
"{EF9B6BAB-8856-491A-B837-0D2EC49C0A13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{EFD530EB-9CE2-4C13-A0AD-CFCC3C862B11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F115F173-6304-4F54-BD98-59488B155293}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F1177834-FD4A-4FDE-945D-ACD9ADFA967C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1355AE5-A9A2-47D9-93C3-937D7DC6C7A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1634E47-C3A1-44E3-9D4A-20A41D5CB5CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\opposing force\hl.exe |
"{F1B7C6C3-96D6-490F-8B68-A24C6828F8F3}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F2541141-0667-4814-9486-F80E00857397}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\sourcesdk\bin\sdklauncher.exe |
"{F61B49C4-7819-4C03-AA6F-1CB92AB868DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F99FC989-375E-4CD0-8A05-FD18C8A7551E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{FA079B4E-EA1B-474A-9611-4F606A2D5EBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FBF404B8-A9BB-4E17-B392-61F42D5C6537}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"TCP Query User{23DB3E1D-5A9A-4BA1-9567-5D0FC5F61990}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{33A0AA6A-0C5B-428B-8EDD-FACAEA8FEA4E}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{35ED6A35-4C39-48AC-9BF1-B61DF076C984}C:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe |
"TCP Query User{8180F337-2DCE-4030-91ED-AD0DC32A4217}C:\users\larry\appdata\local\temp\lmi3c1d.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\larry\appdata\local\temp\lmi3c1d.tmp\lmi_rescue.exe |
"TCP Query User{8DFA7528-F940-4800-9DCD-889FEF6B727A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{8F7A4DD3-F06D-4E5A-BB58-C8290422A77F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{A3155CC4-81EE-43E6-B67A-527320DDF56C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A98B91DE-A5BD-40F8-8D07-DDF61C8D81A7}C:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe |
"TCP Query User{C404A94C-DE56-4384-9597-043FC285936E}C:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe |
"TCP Query User{D2737C3D-E417-43BD-B213-592E0984C73C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{D41447AB-DE8D-43A4-B763-2EE971E11318}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{F691B887-D3F8-4277-9924-DDA4212667AB}C:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe |
"UDP Query User{02437E9E-FFE5-44FE-8428-33063BA78F5E}C:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe |
"UDP Query User{585D4176-8F57-4CDB-96D4-C0E7157CEFE2}C:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life blue shift\hl.exe |
"UDP Query User{737BAA31-4745-4D40-A4F7-94692F875828}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{965041E4-663D-4F42-8823-086BC2E8FA48}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A0E5FDAC-D937-4203-B827-C9C58A42EF15}C:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe |
"UDP Query User{A4DEE233-448F-41D1-B438-F6095BCF0E67}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B13C1841-DBE2-4317-9828-5F7F8E88CA62}C:\users\larry\appdata\local\temp\lmi3c1d.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\larry\appdata\local\temp\lmi3c1d.tmp\lmi_rescue.exe |
"UDP Query User{B540036B-6772-4B24-8A6D-ADB5E28678F5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{BDF8C523-D5EB-4C7F-A38F-74473D975049}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{DCE074C4-4976-4F08-9790-BB932FCEF0ED}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E5B190F7-955A-4B91-95E1-FCCEFE4CFB22}C:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\beaghost\half-life deathmatch source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro36" = HitmanPro 3.6
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A760067A-C07E-1033-0000-A764AC000008}" = Avery Template
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 17500" = Zombie Panic Source
"Steam App 20" = Team Fortress Classic
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47780" = Dead Space 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-169505164-714495948-86067946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2012 10:15:20 PM | Computer Name = FamilyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1126390

Error - 6/3/2012 12:31:21 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/3/2012 12:31:25 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/3/2012 12:32:46 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/3/2012 6:58:49 PM | Computer Name = FamilyLaptop | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.1065.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1cf0 Start
Time: 01cd41dc55e79368 Termination Time: 16 Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report
Id: ac34b1e5-adcf-11e1-8891-b8ac6f5e103b

Error - 6/4/2012 12:30:35 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/4/2012 12:30:37 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/4/2012 12:31:28 AM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/4/2012 3:52:53 PM | Computer Name = FamilyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2012 10:04:25 PM | Computer Name = FamilyLaptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Family Laptop\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 6/4/2012 3:37:24 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 6/4/2012 3:37:28 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 6/4/2012 3:37:29 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7038
Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/4/2012 3:37:29 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1069

Error - 6/4/2012 3:52:40 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 6/4/2012 3:52:44 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 6/4/2012 9:22:22 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/4/2012 9:24:48 PM | Computer Name = FamilyLaptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/4/2012 9:24:48 PM | Computer Name = FamilyLaptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/4/2012 9:25:16 PM | Computer Name = FamilyLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 09:34 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-169505164-714495948-86067946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 09:50 PM

Here is a copy of the file. Looks like it's gone as it does not appear in IEs add ons or in the registry. Speaking of the registry, the only other suspect thing I noticed when searching for the string "search" is an entry for the searchqutoolbar under AppDataLow. Is this something I should be concerned about?

I really appreciate all the timely help!


All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-169505164-714495948-86067946-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
HKU\S-1-5-21-169505164-714495948-86067946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Family Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Family Laptop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Family Laptop
->Temp folder emptied: 2018 bytes
->Temporary Internet Files folder emptied: 10353298 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 20677967 bytes
->Flash cache emptied: 3127797 bytes

User: HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 86857491 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 74171 bytes

User: Larry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1161540647 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16164272 bytes
->Flash cache emptied: 89402 bytes

User: Mcx1-FAMILYLAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1754 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,239.00 mb


OTL by OldTimer - Version 3.2.46.0 log created on 06042012_223747

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:03 PM

Posted 04 June 2012 - 09:58 PM

What's the exact path of searchqu

it's not showing in the logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 mcoupe

mcoupe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 04 June 2012 - 10:06 PM

it shows as searchqutoolbar

HKEY_USERS\S-1-5-21-169505164-714495948-86067946-1001\Software\AppDataLow\Software\searchqutoolbar

The settings on the right show as:
Default REG_SZ (value not set)
AutoSearchDisabled REG_DWORD 0x00000000
Toolbar_Enabled REG_DWORD 0x00000000
Toolbar_Hide_Time REG_DWORD 0x4f2c89f2 (1328318962)

I don't understand how these values work which I why I'm mentioning it.

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users