Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting strange pop-ups


  • This topic is locked This topic is locked
16 replies to this topic

#1 robo122

robo122

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 15 July 2012 - 11:21 AM

hi,

i noticed earlier this week that i was getting strange pop-ups as i use IE8 when i do a google search and click on the link i wanted, i would then close the pop-up and then click the google link again and would get directed to the correct page. i have changed alot of the passwords i use from a different computer as a result of this.

i also noticed as i was writing an e-mail that it was not registering all of my keystrokes. i am not having this problem as i write this.

i then took a break from my computer for a few hours and i came back and as soon as i clicked on IE to open the program, i got a blue screen and the comp shut down, and restarted

i was not able to run the DDS scan, when i did it gave me all sorts of strange characters

as i am running 64-bit windows i did not do a GMER scan

i don't know where to start, please help me

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 July 2012 - 10:21 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 July 2012 - 04:23 PM

OTL.txt

OTL logfile created on: 7/17/2012 6:56:53 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob & Teresa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.12% Memory free
16.14 Gb Paging File | 13.90 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 418.71 Gb Free Space | 61.25% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.99 Gb Free Space | 53.28% Space Free | Partition Type: NTFS

Computer Name: ROBTERESA-PC | User Name: Rob & Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 06:55:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
PRC - [2012/06/23 09:24:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/12/08 20:54:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/10/29 02:06:44 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 08:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 14:58:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 13:33:00 | 003,290,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/17 18:05:02 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:54:59 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/11/20 09:54:59 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/11/20 09:54:59 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/11/20 09:54:59 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/20 09:54:59 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/11/20 09:54:59 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/01 05:12:26 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 09:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/18 11:59:08 | 000,949,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WMP110.sys -- (WMP110)
DRV:64bit: - [2007/06/07 21:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/03/08 17:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}
IE:64bit: - HKLM\..\SearchScopes\{3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yankees.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Rob & Teresa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/11/20 10:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/03/20 08:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 09:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks [2009/12/04 21:51:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Mozilla] C:\Users\Rob & Teresa\AppData\Local\PMB Files\Mozilla\ewvjntv.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.optimusexperience.com/us/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69EA13B3-2070-4D4B-AA04-F8A371D644A2}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFFF4C06-4B6D-452C-85D9-0203A6CAFCBC}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E476AE48-8195-44FF-9316-3154354A9472}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/08 20:08:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 06:55:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/16 20:29:11 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CE2DD31E-3A4F-469D-B723-F8647F869811}
[2012/07/16 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CFB69A43-6F5C-45CF-B882-320FE416905A}
[2012/07/15 06:53:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{F2712258-7C9B-40C8-8D64-222B312995A1}
[2012/07/15 06:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4862D3B1-E4CD-4DD8-8172-8721B7D106D5}
[2012/07/14 20:15:14 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/07/14 20:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/07/14 20:03:55 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Rob & Teresa\Desktop\MGADiag.exe
[2012/07/13 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CBAFBE4E-7419-46AB-BFEC-225E190BD9E2}
[2012/07/13 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{43D46D06-11DE-4ADD-91FD-7C155D75FD4F}
[2012/07/11 03:54:07 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C12633E9-AA8C-4C82-9B40-B5D634544006}
[2012/07/10 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A30DB61E-E62E-4920-857B-C9982B09A6A7}
[2012/07/10 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{8F982E91-D826-41D7-948C-35A89D39A775}
[2012/07/10 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{7D336145-B69B-46A8-8CFD-35321EFD2F50}
[2012/07/09 20:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{DA5EE426-732C-4546-994A-D12087897E7C}
[2012/07/09 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FD007480-B7BB-4695-93C4-0B3A2A2077E7}
[2012/07/09 08:08:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{550A4FB3-7FAD-400C-B9AD-01A5F7CD75A6}
[2012/07/09 08:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9D8096A7-2A8C-4EF1-A3CF-00C358921C1C}
[2012/07/08 06:23:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{79CDEB50-7CE4-40C1-B6C9-F1A9D4CE8335}
[2012/07/08 06:22:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9FD16888-F079-4EF5-B10D-0AA7D8CE18F5}
[2012/07/06 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{289B11B1-EA51-431D-8158-D9AA62CDAAD2}
[2012/07/06 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{86DE4BBE-B3EF-4D64-B757-63B42F88BEA0}
[2012/07/06 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CAF8E12F-F794-4F0C-B9AD-69B6DF35B5FB}
[2012/07/06 09:13:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{77EA964D-5871-4664-ACA9-ACBBFFD7EF23}
[2012/07/05 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CD00F6A4-1E10-43D0-BEDA-03E44600D058}
[2012/07/05 08:05:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D3504B8B-50A5-448F-A0CC-71222F5DC966}
[2012/06/30 07:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4D845BF2-EA71-4784-B635-44E92051A95B}
[2012/06/30 07:55:42 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{98D4652D-6BB5-43A3-B591-A39C0FBE9F59}
[2012/06/29 18:09:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{F7F9B670-8509-417E-B316-32A7EFC1E576}
[2012/06/29 18:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C34C3334-786A-4558-A420-AF50C0D1B7D8}
[2012/06/29 06:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{54259742-1270-4C5B-9537-89176225B913}
[2012/06/29 06:08:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{00A04CDC-E2F8-4E2C-AA93-CDCDBA9CE6EA}
[2012/06/28 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CEC5D7B6-72EB-4858-B6A2-9B1288A6A39E}
[2012/06/28 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B08CFD0E-006B-42FD-B56C-3830E007D253}
[2012/06/28 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5706A129-18E8-45D9-9C0F-F66A2B153B66}
[2012/06/28 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2D5C4BFA-EE31-42F4-8A2D-0CF4B7ECDEDE}
[2012/06/27 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{43F3DE2F-CE00-42C1-9CC5-05C10CEFBB5A}
[2012/06/27 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A46DE864-0120-4857-9CFB-68D5DCF09312}
[2012/06/26 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9A728C05-D209-4340-B91F-1D1FF252F948}
[2012/06/26 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5CC4C33F-4338-440D-ADBA-671FF05AD680}
[2012/06/26 09:06:18 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{60331546-AABD-4048-9945-03A86044CE9D}
[2012/06/26 09:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0583AA22-3C98-42B3-A336-3A569DE1CB84}
[2012/06/25 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{809FA752-DF44-4DDB-9E6C-CFC1C093CDF6}
[2012/06/25 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{BF8F5BBC-1D75-429E-8333-3033CB9DC955}
[2012/06/25 06:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{85314D85-5380-4362-9C54-6FCBD24C12F9}
[2012/06/25 06:45:32 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{6CDB4920-0E1F-4E09-9A6B-A24134EF2FE0}
[2012/06/24 08:58:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{24ABFCEB-4508-48A0-B51F-F6BE5A5C7110}
[2012/06/23 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{3F843821-19F2-4658-B932-5970A2444B1E}
[2012/06/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/23 09:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/23 08:57:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2FD27759-F5B3-40FD-9B82-F12919EBD074}
[2012/06/23 08:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EBFD6085-C12F-4F0F-A7A8-0A403CD5D011}
[2012/06/22 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D6EEA47E-801B-4807-A280-BA6D9CAAC174}
[2012/06/22 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C7B1DA5A-5315-4679-AD48-5263BF9FFFFF}
[2012/06/22 08:56:40 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E81F0E6D-CA05-4EA2-AE27-A484DB62B2DD}
[2012/06/22 08:56:29 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B25428BD-B38A-4740-98A4-0842AE887EFA}
[2012/06/21 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A7ACDFE8-3D97-4823-A714-F1B62FBD7F8D}
[2012/06/21 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{828328B8-50D0-4838-B1A4-0DDCA7760A93}
[2012/06/21 12:10:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 12:10:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 12:10:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 12:09:58 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 12:09:58 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 12:09:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 12:09:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 12:09:58 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 12:09:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 12:09:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 12:09:49 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 12:09:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 12:09:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/21 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D4AE068F-FE6F-4501-BDD7-C9DB73B30D4E}
[2012/06/21 08:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{1D041A7A-FCAA-4F14-B603-25BC2FB989A4}
[2012/06/20 20:55:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{18B3933A-06AB-4804-BE65-94CAAB2183A7}
[2012/06/20 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9AC4F500-DE64-4E34-B4DB-F9C45B941959}
[2012/06/20 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FC9EFE00-D2CF-4266-BBEE-D0238BB60450}
[2012/06/20 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{01B0D79E-8F6E-44A1-A3B7-0507EE406A19}
[2012/06/19 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EA38DE54-8F01-4263-9DE6-259A8D73BFB1}
[2012/06/19 20:53:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E7415C0D-6F28-4A20-A8AF-0F69F2A7BCC1}
[2012/06/19 08:53:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E98A4983-D8FC-4E09-AF33-0D3FF3D1A5BD}
[2012/06/19 08:53:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0686A83D-3511-4F3E-A7CB-64D2DB53215B}
[2009/07/22 13:34:38 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Rob & Teresa\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/17 06:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/17 06:55:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/17 06:49:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 06:09:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 06:09:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 20:30:41 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D1408BA-3CA6-493F-9D3B-1C7FBCF140A3}.job
[2012/07/16 20:27:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 16:10:04 | 000,456,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/16 16:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 12:11:05 | 000,000,000 | ---- | M] () -- C:\Users\Rob & Teresa\defogger_reenable
[2012/07/15 10:38:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/14 20:03:56 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Rob & Teresa\Desktop\MGADiag.exe
[2012/07/13 09:10:35 | 000,000,970 | ---- | M] () -- C:\Users\Rob & Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 14:58:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 14:58:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/10 20:27:14 | 851,756,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/10 06:39:50 | 000,002,609 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Excel.lnk
[2012/07/06 17:06:12 | 000,002,651 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Word.lnk
[2012/06/23 09:25:11 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/23 09:24:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/23 09:24:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/23 09:24:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/21 20:37:41 | 000,777,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 20:37:41 | 000,655,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 20:37:41 | 000,124,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/15 12:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Rob & Teresa\defogger_reenable
[2012/04/21 10:20:45 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/08 20:54:49 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/08 20:31:26 | 000,772,598 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 20:32:39 | 000,038,466 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/15 21:34:45 | 000,000,036 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\housecall.guid.cache
[2009/03/13 13:56:11 | 000,006,836 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\d3d9caps.dat
[2009/03/13 12:58:26 | 000,055,808 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

---------------------------------------------------------------------------------------

extras.txt

OTL Extras logfile created on: 7/17/2012 6:56:53 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob & Teresa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.12% Memory free
16.14 Gb Paging File | 13.90 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 418.71 Gb Free Space | 61.25% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.99 Gb Free Space | 53.28% Space Free | Partition Type: NTFS

Computer Name: ROBTERESA-PC | User Name: Rob & Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BB 8D 2D E9 CE 6A CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB06689-9BB6-43D0-AA74-6ED61FB36132}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0CECC573-F0E8-4B65-A451-D797A3AC93F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{122A8621-8067-41FD-8001-F05E25923C2C}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{18B07E40-4EDA-4464-9706-A10B229BC5F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36C8C9F1-1E2B-4987-B7CA-CB4AA1133763}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AAF78CB-E8FC-43DE-B0AA-A2CC51DA7D91}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D6DBF83-418C-4C35-9763-9CA5F23D4102}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AB8F8EE-1EAD-47BA-8AE5-4DB5E471CD5C}" = lport=138 | protocol=17 | dir=in | app=system |
"{5087F232-CB8F-4D29-9C75-7098039BFBD1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C16961A-F98E-4784-8CE1-9793FD03AFC4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6589238F-A794-475B-9C58-24BF64117D87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D33C0DB-F32B-4152-8F72-E30A86A01A89}" = lport=137 | protocol=17 | dir=in | app=system |
"{7ECF1A2F-7C88-45EA-B550-6E658BA547C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AEBB7E2-87ED-466B-A74A-5C8B5B35BBAE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{999C7E4B-5F01-4C88-9A97-6707C184E1F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1C8C77D-FF4E-4F2E-921E-AF4B200A76B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2228059-791A-449D-993B-8337E99A4B4C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A4013ABA-8A40-468A-928D-F434A4EC487C}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE54856D-835A-47AD-8735-D7ADE5C46FBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{B005830C-9087-482C-A738-9A4EA0C29F7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4BFB7A4-0A42-41CC-A0D6-231F83C117CE}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{D0DA0250-B699-4A52-8E40-E99513B478B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{E759BDCC-A376-43AC-9AD5-5E98733FFECA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA3AE81E-0058-4340-932B-F29F8E004769}" = rport=137 | protocol=17 | dir=out | app=system |
"{EAB1564A-A886-4D72-A713-A01EF8FED8FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDC5703E-EAF3-4CFC-8294-DBDC76F41083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0051B0D9-66FC-4341-8F8E-272DF9FB5364}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0C60F97E-26EF-42BB-9AD9-A4C628F92A33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D85B2E4-0465-4EF8-AB2E-85361D9E61CA}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{14B80E30-4762-4631-B107-92994715279A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1DF33916-4B27-4222-89A3-527BB9822EF9}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{1FEEEA59-8905-4120-A5FB-D018DBADAE87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34E3AE6B-19D8-4014-A12E-EB744AAE51C7}" = protocol=17 | dir=in | app=c:\users\rob & teresa\appdata\roaming\dropbox\bin\dropbox.exe |
"{35C0DD31-174D-4507-B87E-6737C28AEABB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4758CACF-D548-4D3C-9409-99A736C83814}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A0B8C77-EBEA-4604-BB28-2B74AF8FA3C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{4BB0C37E-FD91-4AFB-A5E6-DE628D791B33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FBF57A8-0D1B-4348-948D-1DCDF417F173}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{532F71D1-5D38-4316-B8D5-6737DCCE6229}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{565D6F73-E026-4D80-86C5-F18D0F75DA00}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A390701-895F-4409-B8D9-84C9FC1CBFEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BE05E92-FEA2-487B-B72A-0D66993638E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E3F23A9-9B5E-406F-B716-733BCB36D0EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{627A20EE-083E-4A06-967F-0790854EABB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65423ABB-D5D1-4A97-AC48-0C75A4920C98}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{657C9607-3E8E-4DFA-8C4B-5DB4F7B3A852}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6B844746-78DD-42FE-8D59-3EB8619B5CB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E4D1BA9-A6C6-4D69-842F-B53BE6861928}" = protocol=6 | dir=out | app=system |
"{7480A7DF-D02E-4893-9720-DF821D849D3F}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{763B2463-4999-46D3-9B3F-98DDD2A1F85A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{786A5F93-494D-42F9-B44D-AFFC1B2FFD72}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7989FA6B-0119-469B-8F0C-832A692938A6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A2E7204-BE56-448A-ACAA-32FE4998106B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D40D12A-D721-45F3-BE17-51DFBB43D55D}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{80372099-2F17-466F-8C3C-428D03AD3C24}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B66ED77-0005-4AE3-8B37-B0D18F946F01}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{8D040DA8-C4AF-4D1E-A86C-F76AC063B496}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D5C8C52-1547-43B5-9FFF-9648DCABE858}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E339719-5394-4673-9372-DC762D3757FE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{954FF1C4-5827-4648-BEA8-F907E8FD0F8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9AD6F23E-434A-4163-B597-1BE576A3B5D1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{A123E37E-E3EB-4474-980F-45B12E0645C6}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A180267E-9A03-4F4E-A4EF-1754EE786442}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A79E0B2E-2161-4A1D-AC56-EF9CAD184968}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADFD1CB2-03EE-48F1-AE5F-227D6F7F9919}" = protocol=6 | dir=in | app=c:\users\rob & teresa\appdata\roaming\dropbox\bin\dropbox.exe |
"{B79EB4CB-51C6-4E30-B78E-D9443C911196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8173C0B-A6A2-43F2-96D7-02A152F0FEF2}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{C8C45737-00BE-4CF8-987E-7AE5A05FAD5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA044E63-E0E9-4BB7-A4C9-85728EF5772A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CE380DD7-737E-4435-8075-58D20F9391E9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{CEEA1947-7465-4E54-8048-D540A700405B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D227EE6F-DB94-4F2B-9329-498DCF410048}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DBCE2825-1C29-443B-B440-EA482A28182B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6FD1BF3-35EB-48E7-B512-EB0FF6E7A6B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE298F5F-D897-4CD0-97B1-279A4C012405}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F49BCEC6-176F-4888-9AA5-E98A6C620125}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{04DA9A0F-7845-4F6F-A35C-6D32F1DE09E2}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{0A2E9174-3E07-46D0-829C-9C0BE7BF41FB}C:\users\rob & teresa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob & teresa\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2F6F2D7E-8C3A-4A90-B295-CE0F8ECF80FD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{E453F636-8C3C-4A37-A4C8-897A89979D41}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ED19212F-96A1-4F7D-8AAE-7E27EDBFAC7E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{EF278BDB-B99B-4B2E-8C66-CB36D299D102}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0EA53D6B-0D1E-4023-A02E-6720B697E20C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{21E08A60-68B7-4EAE-BB2E-F635E5482EB6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2953DF51-1EDF-4E55-9C8B-22ED5D543144}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{74F05B9A-1D67-4F9D-B3DF-26A5872CC669}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{D276051A-232B-460C-A7F0-0678242B7158}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{EE60E3B8-6099-4E25-9FF2-E2CCB384423E}C:\users\rob & teresa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob & teresa\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-6001-0409-0102-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C9F6831-F6A8-4178-01AD-83EA6F5D07EB}" = IDrop
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"AutoCAD 2012 - English SP1" = AutoCAD 2012 - English SP1
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
"{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard
"{2FF34494-2AD7-4210-8DCA-1EB5D39EF736}" = Program
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish
"{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese
"{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French
"{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
"{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
"{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian
"{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian
"{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional
"{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CBDD204-BF4E-4284-B117-465A02883B81}" = Linksys WMP110 RangePlus Wireless PCI Adapter Driver - WMP110
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German
"{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat (remove only)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion Web Plugin
"Google Updater" = Google Updater
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"REScheck 4.4.1" = REScheck 4.4.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2011 3:38:07 PM | Computer Name = RobTeresa-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3,
exception code 0xc000000d, fault offset 0x00014ba1, process id 0x12e0, application
start time 0x01cc6029de308dff.

Error - 8/22/2011 9:31:38 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2011 9:20:18 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2011 9:59:33 PM | Computer Name = RobTeresa-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/24/2011 9:40:25 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/25/2011 6:59:41 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2011 7:15:12 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2011 6:38:45 PM | Computer Name = RobTeresa-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 8/26/2011 6:39:27 PM | Computer Name = RobTeresa-PC | Source = System Restore | ID = 8193
Description =

Error - 8/26/2011 6:40:21 PM | Computer Name = RobTeresa-PC | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 11/28/2010 10:53:14 AM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2011 8:36:33 PM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1557
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 5/5/2011 8:37:10 PM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/11/2012 7:04:03 AM | Computer Name = RobTeresa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/11/2012 7:06:46 AM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/13/2012 8:14:31 PM | Computer Name = RobTeresa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/13/2012 8:14:57 PM | Computer Name = RobTeresa-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer hp psc 1310 series with
shared resource name hp psc 1310 series. Error 2114. The printer cannot be used
by others on the network.

Error - 7/13/2012 8:15:15 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/15/2012 6:23:25 AM | Computer Name = RobTeresa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/15/2012 6:23:46 AM | Computer Name = RobTeresa-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:21:51 AM on 7/15/2012 was unexpected.

Error - 7/15/2012 6:24:07 AM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/16/2012 4:09:34 PM | Computer Name = RobTeresa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/16/2012 4:10:36 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


---------------------------------------------------

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 16:45:09
-----------------------------
16:45:09.072 OS Version: Windows x64 6.0.6002 Service Pack 2
16:45:09.073 Number of processors: 4 586 0x1707
16:45:09.073 ComputerName: ROBTERESA-PC UserName: Rob & Teresa
16:45:12.474 Initialize success
16:45:52.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:45:52.091 Disk 0 Vendor: ST3750630AS DE13 Size: 715404MB BusType: 3
16:45:52.104 Disk 0 MBR read successfully
16:45:52.106 Disk 0 MBR scan
16:45:52.109 Disk 0 Windows VISTA default MBR code
16:45:52.112 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
16:45:52.116 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
16:45:52.127 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699980 MB offset 31586304
16:45:52.152 Disk 0 scanning C:\Windows\system32\drivers
16:46:01.300 Service scanning
16:46:16.880 Modules scanning
16:46:16.886 Disk 0 trace - called modules:
16:46:16.898 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:46:16.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ca73a0]
16:46:17.234 3 CLASSPNP.SYS[fffffa6000fd5c33] -> nt!IofCallDriver -> [0xfffffa80079bb9b0]
16:46:17.239 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800796e940]
16:46:17.243 Scan finished successfully
17:21:40.688 Disk 0 MBR has been saved successfully to "C:\Users\Rob & Teresa\Desktop\MBR.dat"
17:21:40.697 The log file has been saved successfully to "C:\Users\Rob & Teresa\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 17 July 2012 - 05:26 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 July 2012 - 08:39 PM

TDSS KILLER LOG

20:44:07.0577 5128 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:44:07.0904 5128 ============================================================
20:44:07.0904 5128 Current date / time: 2012/07/17 20:44:07.0904
20:44:07.0904 5128 SystemInfo:
20:44:07.0904 5128
20:44:07.0904 5128 OS Version: 6.0.6002 ServicePack: 2.0
20:44:07.0904 5128 Product type: Workstation
20:44:07.0904 5128 ComputerName: ROBTERESA-PC
20:44:07.0904 5128 UserName: Rob & Teresa
20:44:07.0904 5128 Windows directory: C:\Windows
20:44:07.0904 5128 System windows directory: C:\Windows
20:44:07.0904 5128 Running under WOW64
20:44:07.0905 5128 Processor architecture: Intel x64
20:44:07.0905 5128 Number of processors: 4
20:44:07.0905 5128 Page size: 0x1000
20:44:07.0905 5128 Boot type: Normal boot
20:44:07.0905 5128 ============================================================
20:44:08.0884 5128 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:08.0892 5128 ============================================================
20:44:08.0892 5128 \Device\Harddisk0\DR0:
20:44:08.0892 5128 MBR partitions:
20:44:08.0892 5128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
20:44:08.0892 5128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000
20:44:08.0892 5128 ============================================================
20:44:08.0917 5128 C: <-> \Device\Harddisk0\DR0\Partition1
20:44:08.0958 5128 D: <-> \Device\Harddisk0\DR0\Partition0
20:44:08.0958 5128 ============================================================
20:44:08.0958 5128 Initialize success
20:44:08.0958 5128 ============================================================
20:44:33.0821 3036 ============================================================
20:44:33.0821 3036 Scan started
20:44:33.0821 3036 Mode: Manual; TDLFS;
20:44:33.0821 3036 ============================================================
20:44:34.0980 3036 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:44:34.0985 3036 ACPI - ok
20:44:35.0127 3036 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:44:35.0129 3036 AdobeFlashPlayerUpdateSvc - ok
20:44:35.0180 3036 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:44:35.0186 3036 adp94xx - ok
20:44:35.0226 3036 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:44:35.0230 3036 adpahci - ok
20:44:35.0257 3036 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:44:35.0259 3036 adpu160m - ok
20:44:35.0276 3036 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:44:35.0279 3036 adpu320 - ok
20:44:35.0314 3036 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:44:35.0315 3036 AeLookupSvc - ok
20:44:35.0346 3036 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe
20:44:35.0349 3036 AERTFilters - ok
20:44:35.0389 3036 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:44:35.0394 3036 AFD - ok
20:44:35.0411 3036 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:44:35.0412 3036 agp440 - ok
20:44:35.0440 3036 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:44:35.0442 3036 aic78xx - ok
20:44:35.0453 3036 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:44:35.0455 3036 ALG - ok
20:44:35.0468 3036 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
20:44:35.0469 3036 aliide - ok
20:44:35.0482 3036 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:44:35.0484 3036 amdide - ok
20:44:35.0498 3036 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:44:35.0500 3036 AmdK8 - ok
20:44:35.0622 3036 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:44:35.0626 3036 Amsp - ok
20:44:35.0670 3036 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:44:35.0672 3036 Appinfo - ok
20:44:35.0750 3036 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:44:35.0751 3036 Apple Mobile Device - ok
20:44:35.0766 3036 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:44:35.0768 3036 arc - ok
20:44:35.0800 3036 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:44:35.0801 3036 arcsas - ok
20:44:35.0926 3036 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:44:35.0928 3036 aspnet_state - ok
20:44:35.0954 3036 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:44:35.0955 3036 AsyncMac - ok
20:44:35.0999 3036 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:44:36.0000 3036 atapi - ok
20:44:36.0055 3036 Ati External Event Utility (4b4e11dc0035c9b8fa97473ebf38d267) C:\Windows\system32\Ati2evxx.exe
20:44:36.0066 3036 Ati External Event Utility - ok
20:44:36.0230 3036 atikmdag (844115f01f9058335cdefd5e039ca112) C:\Windows\system32\DRIVERS\atikmdag.sys
20:44:36.0303 3036 atikmdag - ok
20:44:36.0408 3036 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:44:36.0415 3036 AudioEndpointBuilder - ok
20:44:36.0420 3036 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:44:36.0424 3036 AudioSrv - ok
20:44:36.0512 3036 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
20:44:36.0515 3036 Autodesk Content Service - ok
20:44:36.0598 3036 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
20:44:36.0600 3036 Autodesk Licensing Service - ok
20:44:36.0685 3036 BCM43XV (ad6d6894b48c702efcd8d85535e82777) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:44:36.0692 3036 BCM43XV - ok
20:44:36.0699 3036 BCM43XX (ad6d6894b48c702efcd8d85535e82777) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:44:36.0703 3036 BCM43XX - ok
20:44:36.0798 3036 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:44:36.0809 3036 BFE - ok
20:44:36.0891 3036 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
20:44:36.0925 3036 BITS - ok
20:44:36.0959 3036 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:44:36.0960 3036 blbdrive - ok
20:44:37.0042 3036 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:44:37.0045 3036 Bonjour Service - ok
20:44:37.0082 3036 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:44:37.0084 3036 bowser - ok
20:44:37.0102 3036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:44:37.0103 3036 BrFiltLo - ok
20:44:37.0119 3036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:44:37.0120 3036 BrFiltUp - ok
20:44:37.0147 3036 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:44:37.0150 3036 Browser - ok
20:44:37.0164 3036 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:44:37.0166 3036 Brserid - ok
20:44:37.0182 3036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:44:37.0184 3036 BrSerWdm - ok
20:44:37.0198 3036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:44:37.0199 3036 BrUsbMdm - ok
20:44:37.0207 3036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:44:37.0208 3036 BrUsbSer - ok
20:44:37.0220 3036 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:44:37.0222 3036 BTHMODEM - ok
20:44:37.0248 3036 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:44:37.0250 3036 cdfs - ok
20:44:37.0298 3036 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:44:37.0300 3036 cdrom - ok
20:44:37.0345 3036 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:44:37.0348 3036 CertPropSvc - ok
20:44:37.0362 3036 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
20:44:37.0363 3036 circlass - ok
20:44:37.0421 3036 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:44:37.0426 3036 CLFS - ok
20:44:37.0497 3036 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:37.0499 3036 clr_optimization_v2.0.50727_32 - ok
20:44:37.0555 3036 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:44:37.0558 3036 clr_optimization_v2.0.50727_64 - ok
20:44:37.0868 3036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:44:37.0869 3036 clr_optimization_v4.0.30319_32 - ok
20:44:37.0965 3036 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:44:37.0967 3036 clr_optimization_v4.0.30319_64 - ok
20:44:37.0993 3036 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:44:37.0995 3036 cmdide - ok
20:44:38.0018 3036 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
20:44:38.0019 3036 Compbatt - ok
20:44:38.0022 3036 COMSysApp - ok
20:44:38.0035 3036 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:44:38.0037 3036 crcdisk - ok
20:44:38.0087 3036 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
20:44:38.0089 3036 CryptSvc - ok
20:44:38.0162 3036 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:44:38.0172 3036 DcomLaunch - ok
20:44:38.0216 3036 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:44:38.0218 3036 DfsC - ok
20:44:38.0354 3036 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:44:38.0412 3036 DFSR - ok
20:44:38.0526 3036 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:44:38.0530 3036 Dhcp - ok
20:44:38.0581 3036 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:44:38.0583 3036 disk - ok
20:44:38.0631 3036 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:44:38.0634 3036 Dnscache - ok
20:44:38.0724 3036 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
20:44:38.0726 3036 DockLoginService - ok
20:44:38.0774 3036 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:44:38.0777 3036 dot3svc - ok
20:44:38.0799 3036 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:44:38.0802 3036 DPS - ok
20:44:38.0839 3036 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:44:38.0840 3036 drmkaud - ok
20:44:38.0914 3036 dump_wmimmc - ok
20:44:38.0995 3036 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:44:39.0009 3036 DXGKrnl - ok
20:44:39.0061 3036 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
20:44:39.0066 3036 e1express - ok
20:44:39.0082 3036 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:44:39.0084 3036 E1G60 - ok
20:44:39.0107 3036 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:44:39.0110 3036 EapHost - ok
20:44:39.0180 3036 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:44:39.0183 3036 Ecache - ok
20:44:39.0230 3036 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:44:39.0234 3036 ehRecvr - ok
20:44:39.0253 3036 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:44:39.0255 3036 ehSched - ok
20:44:39.0269 3036 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:44:39.0270 3036 ehstart - ok
20:44:39.0299 3036 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:44:39.0305 3036 elxstor - ok
20:44:39.0362 3036 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:44:39.0367 3036 EMDMgmt - ok
20:44:39.0394 3036 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
20:44:39.0395 3036 ErrDev - ok
20:44:39.0451 3036 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:44:39.0456 3036 EventSystem - ok
20:44:39.0502 3036 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:44:39.0504 3036 exfat - ok
20:44:39.0547 3036 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:44:39.0549 3036 fastfat - ok
20:44:39.0561 3036 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:44:39.0562 3036 fdc - ok
20:44:39.0588 3036 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:44:39.0589 3036 fdPHost - ok
20:44:39.0601 3036 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:44:39.0603 3036 FDResPub - ok
20:44:39.0613 3036 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:44:39.0614 3036 FileInfo - ok
20:44:39.0628 3036 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:44:39.0629 3036 Filetrace - ok
20:44:39.0737 3036 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:44:39.0742 3036 FLEXnet Licensing Service - ok
20:44:39.0832 3036 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:44:39.0841 3036 FLEXnet Licensing Service 64 - ok
20:44:39.0929 3036 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
20:44:39.0935 3036 FlipShare Service - ok
20:44:40.0034 3036 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
20:44:40.0041 3036 FlipShareServer - ok
20:44:40.0133 3036 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:44:40.0135 3036 flpydisk - ok
20:44:40.0203 3036 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:44:40.0206 3036 FltMgr - ok
20:44:40.0286 3036 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:44:40.0310 3036 FontCache - ok
20:44:40.0384 3036 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:44:40.0386 3036 FontCache3.0.0.0 - ok
20:44:40.0443 3036 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
20:44:40.0445 3036 fssfltr - ok
20:44:40.0644 3036 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:44:40.0671 3036 fsssvc - ok
20:44:40.0731 3036 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:44:40.0732 3036 Fs_Rec - ok
20:44:40.0759 3036 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:44:40.0760 3036 gagp30kx - ok
20:44:40.0803 3036 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:44:40.0804 3036 GEARAspiWDM - ok
20:44:40.0871 3036 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:44:40.0880 3036 gpsvc - ok
20:44:40.0907 3036 grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys
20:44:40.0908 3036 grmnusb - ok
20:44:40.0992 3036 gupdate1c9a41fe0b546e2 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:40.0994 3036 gupdate1c9a41fe0b546e2 - ok
20:44:40.0997 3036 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:40.0999 3036 gupdatem - ok
20:44:41.0066 3036 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:44:41.0068 3036 gusvc - ok
20:44:41.0127 3036 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
20:44:41.0131 3036 HdAudAddService - ok
20:44:41.0210 3036 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:44:41.0228 3036 HDAudBus - ok
20:44:41.0246 3036 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:44:41.0247 3036 HidBth - ok
20:44:41.0259 3036 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:44:41.0261 3036 HidIr - ok
20:44:41.0302 3036 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
20:44:41.0304 3036 hidserv - ok
20:44:41.0318 3036 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:44:41.0319 3036 HidUsb - ok
20:44:41.0338 3036 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:44:41.0341 3036 hkmsvc - ok
20:44:41.0375 3036 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:44:41.0376 3036 HpCISSs - ok
20:44:41.0444 3036 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:44:41.0452 3036 HTTP - ok
20:44:41.0468 3036 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:44:41.0469 3036 i2omp - ok
20:44:41.0491 3036 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:44:41.0493 3036 i8042prt - ok
20:44:41.0531 3036 iaStor (ceb53bb804b41c52ab0782505c8e2994) C:\Windows\system32\drivers\iastor.sys
20:44:41.0535 3036 iaStor - ok
20:44:41.0570 3036 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:44:41.0574 3036 iaStorV - ok
20:44:41.0674 3036 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:44:41.0685 3036 idsvc - ok
20:44:41.0702 3036 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:44:41.0703 3036 iirsp - ok
20:44:41.0757 3036 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:44:41.0764 3036 IKEEXT - ok
20:44:41.0833 3036 IntcAzAudAddService (0dd17d4b59d0ec40e3c86a505bb0b6dd) C:\Windows\system32\drivers\RTKVHD64.sys
20:44:41.0850 3036 IntcAzAudAddService - ok
20:44:41.0954 3036 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:44:41.0955 3036 intelide - ok
20:44:41.0972 3036 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:44:41.0973 3036 intelppm - ok
20:44:41.0998 3036 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:44:42.0003 3036 IPBusEnum - ok
20:44:42.0045 3036 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:42.0047 3036 IpFilterDriver - ok
20:44:42.0104 3036 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:44:42.0109 3036 iphlpsvc - ok
20:44:42.0112 3036 IpInIp - ok
20:44:42.0131 3036 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:44:42.0132 3036 IPMIDRV - ok
20:44:42.0151 3036 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:44:42.0152 3036 IPNAT - ok
20:44:42.0248 3036 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:44:42.0255 3036 iPod Service - ok
20:44:42.0271 3036 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:44:42.0272 3036 IRENUM - ok
20:44:42.0295 3036 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:44:42.0296 3036 isapnp - ok
20:44:42.0339 3036 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:44:42.0342 3036 iScsiPrt - ok
20:44:42.0356 3036 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:44:42.0357 3036 iteatapi - ok
20:44:42.0382 3036 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:44:42.0383 3036 iteraid - ok
20:44:42.0394 3036 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:44:42.0395 3036 kbdclass - ok
20:44:42.0437 3036 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:44:42.0439 3036 kbdhid - ok
20:44:42.0475 3036 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:42.0477 3036 KeyIso - ok
20:44:42.0627 3036 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
20:44:42.0640 3036 KSecDD - ok
20:44:42.0657 3036 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:44:42.0658 3036 ksthunk - ok
20:44:42.0693 3036 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:44:42.0699 3036 KtmRm - ok
20:44:42.0741 3036 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
20:44:42.0745 3036 LanmanServer - ok
20:44:42.0801 3036 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:44:42.0806 3036 LanmanWorkstation - ok
20:44:43.0032 3036 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:44:43.0034 3036 lltdio - ok
20:44:43.0068 3036 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:44:43.0073 3036 lltdsvc - ok
20:44:43.0094 3036 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:44:43.0096 3036 lmhosts - ok
20:44:43.0117 3036 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:44:43.0119 3036 LSI_FC - ok
20:44:43.0138 3036 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:44:43.0140 3036 LSI_SAS - ok
20:44:43.0152 3036 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:44:43.0154 3036 LSI_SCSI - ok
20:44:43.0174 3036 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:44:43.0175 3036 luafv - ok
20:44:43.0185 3036 LVPr2M64 - ok
20:44:43.0190 3036 LVRS64 - ok
20:44:43.0195 3036 LVUVC64 - ok
20:44:43.0226 3036 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
20:44:43.0227 3036 ManyCam - ok
20:44:43.0248 3036 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
20:44:43.0249 3036 mcaudrv_simple - ok
20:44:43.0271 3036 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:44:43.0274 3036 Mcx2Svc - ok
20:44:43.0292 3036 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:44:43.0293 3036 megasas - ok
20:44:43.0327 3036 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:44:43.0333 3036 MegaSR - ok
20:44:43.0344 3036 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:44:43.0347 3036 MMCSS - ok
20:44:43.0364 3036 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:44:43.0365 3036 Modem - ok
20:44:43.0391 3036 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:44:43.0393 3036 monitor - ok
20:44:43.0416 3036 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:44:43.0418 3036 mouclass - ok
20:44:43.0430 3036 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:44:43.0431 3036 mouhid - ok
20:44:43.0446 3036 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:44:43.0448 3036 MountMgr - ok
20:44:43.0464 3036 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:44:43.0466 3036 mpio - ok
20:44:43.0483 3036 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:44:43.0485 3036 mpsdrv - ok
20:44:43.0543 3036 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:44:43.0552 3036 MpsSvc - ok
20:44:43.0569 3036 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:44:43.0570 3036 Mraid35x - ok
20:44:43.0592 3036 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:44:43.0594 3036 MRxDAV - ok
20:44:43.0635 3036 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:43.0638 3036 mrxsmb - ok
20:44:43.0723 3036 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:43.0727 3036 mrxsmb10 - ok
20:44:43.0741 3036 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:43.0743 3036 mrxsmb20 - ok
20:44:43.0761 3036 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
20:44:43.0762 3036 msahci - ok
20:44:43.0778 3036 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:44:43.0780 3036 msdsm - ok
20:44:43.0813 3036 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:44:43.0816 3036 MSDTC - ok
20:44:43.0837 3036 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:44:43.0838 3036 Msfs - ok
20:44:43.0862 3036 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:44:43.0863 3036 msisadrv - ok
20:44:43.0889 3036 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:44:43.0892 3036 MSiSCSI - ok
20:44:43.0895 3036 msiserver - ok
20:44:43.0917 3036 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:43.0918 3036 MSKSSRV - ok
20:44:43.0934 3036 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:43.0935 3036 MSPCLOCK - ok
20:44:43.0948 3036 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:44:43.0949 3036 MSPQM - ok
20:44:44.0002 3036 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:44:44.0006 3036 MsRPC - ok
20:44:44.0018 3036 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:44.0019 3036 mssmbios - ok
20:44:44.0039 3036 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:44:44.0040 3036 MSTEE - ok
20:44:44.0059 3036 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:44:44.0060 3036 Mup - ok
20:44:44.0116 3036 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:44:44.0123 3036 napagent - ok
20:44:44.0186 3036 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:44.0188 3036 NativeWifiP - ok
20:44:44.0254 3036 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:44:44.0263 3036 NDIS - ok
20:44:44.0284 3036 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:44.0285 3036 NdisTapi - ok
20:44:44.0298 3036 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:44.0299 3036 Ndisuio - ok
20:44:44.0339 3036 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:44.0342 3036 NdisWan - ok
20:44:44.0354 3036 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:44:44.0356 3036 NDProxy - ok
20:44:44.0371 3036 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:44:44.0373 3036 NetBIOS - ok
20:44:44.0419 3036 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:44:44.0422 3036 netbt - ok
20:44:44.0439 3036 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:44.0441 3036 Netlogon - ok
20:44:44.0513 3036 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:44:44.0529 3036 Netman - ok
20:44:44.0633 3036 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:44.0636 3036 NetMsmqActivator - ok
20:44:44.0639 3036 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:44.0641 3036 NetPipeActivator - ok
20:44:44.0672 3036 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:44:44.0677 3036 netprofm - ok
20:44:44.0680 3036 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:44.0683 3036 NetTcpActivator - ok
20:44:44.0686 3036 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:44.0688 3036 NetTcpPortSharing - ok
20:44:44.0711 3036 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:44:44.0712 3036 nfrd960 - ok
20:44:44.0730 3036 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:44:44.0735 3036 NlaSvc - ok
20:44:44.0773 3036 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:44:44.0775 3036 Npfs - ok
20:44:44.0777 3036 npggsvc - ok
20:44:44.0782 3036 NPPTNT2 - ok
20:44:44.0794 3036 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:44:44.0796 3036 nsi - ok
20:44:44.0812 3036 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:44:44.0813 3036 nsiproxy - ok
20:44:44.0902 3036 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:44:44.0957 3036 Ntfs - ok
20:44:45.0015 3036 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:44:45.0017 3036 Null - ok
20:44:45.0040 3036 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:44:45.0042 3036 nvraid - ok
20:44:45.0061 3036 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:44:45.0062 3036 nvstor - ok
20:44:45.0091 3036 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:44:45.0093 3036 nv_agp - ok
20:44:45.0096 3036 NwlnkFlt - ok
20:44:45.0101 3036 NwlnkFwd - ok
20:44:45.0156 3036 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
20:44:45.0158 3036 OA002Afx - ok
20:44:45.0194 3036 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
20:44:45.0197 3036 OA002Ufd - ok
20:44:45.0227 3036 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
20:44:45.0230 3036 OA002Vid - ok
20:44:45.0330 3036 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:44:45.0336 3036 odserv - ok
20:44:45.0399 3036 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:44:45.0401 3036 ohci1394 - ok
20:44:45.0422 3036 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:45.0426 3036 ose - ok
20:44:45.0546 3036 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:45.0562 3036 p2pimsvc - ok
20:44:45.0569 3036 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:45.0575 3036 p2psvc - ok
20:44:45.0623 3036 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:44:45.0624 3036 Parport - ok
20:44:45.0664 3036 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
20:44:45.0665 3036 partmgr - ok
20:44:45.0681 3036 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:44:45.0684 3036 PcaSvc - ok
20:44:45.0734 3036 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:44:45.0736 3036 pci - ok
20:44:45.0790 3036 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
20:44:45.0791 3036 pciide - ok
20:44:45.0814 3036 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:44:45.0816 3036 pcmcia - ok
20:44:45.0853 3036 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:44:45.0861 3036 PEAUTH - ok
20:44:45.0979 3036 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:44:45.0981 3036 PerfHost - ok
20:44:46.0066 3036 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:44:46.0097 3036 pla - ok
20:44:46.0145 3036 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:44:46.0150 3036 PlugPlay - ok
20:44:46.0214 3036 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:46.0221 3036 PNRPAutoReg - ok
20:44:46.0229 3036 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:46.0236 3036 PNRPsvc - ok
20:44:46.0295 3036 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:44:46.0303 3036 PolicyAgent - ok
20:44:46.0366 3036 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:46.0368 3036 PptpMiniport - ok
20:44:46.0386 3036 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:44:46.0387 3036 Processor - ok
20:44:46.0435 3036 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:44:46.0439 3036 ProfSvc - ok
20:44:46.0470 3036 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:46.0471 3036 ProtectedStorage - ok
20:44:46.0527 3036 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:44:46.0529 3036 PSched - ok
20:44:46.0549 3036 PxHelp20 - ok
20:44:46.0584 3036 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
20:44:46.0585 3036 PxHlpa64 - ok
20:44:46.0639 3036 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:44:46.0661 3036 ql2300 - ok
20:44:46.0681 3036 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:44:46.0682 3036 ql40xx - ok
20:44:46.0718 3036 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:44:46.0723 3036 QWAVE - ok
20:44:46.0732 3036 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:44:46.0733 3036 QWAVEdrv - ok
20:44:46.0891 3036 R300 (844115f01f9058335cdefd5e039ca112) C:\Windows\system32\DRIVERS\atikmdag.sys
20:44:46.0921 3036 R300 - ok
20:44:47.0014 3036 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:47.0016 3036 RasAcd - ok
20:44:47.0049 3036 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:44:47.0052 3036 RasAuto - ok
20:44:47.0097 3036 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:47.0099 3036 Rasl2tp - ok
20:44:47.0154 3036 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:44:47.0159 3036 RasMan - ok
20:44:47.0198 3036 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:47.0200 3036 RasPppoe - ok
20:44:47.0246 3036 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:47.0247 3036 RasSstp - ok
20:44:47.0301 3036 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:47.0305 3036 rdbss - ok
20:44:47.0314 3036 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:47.0316 3036 RDPCDD - ok
20:44:47.0342 3036 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:44:47.0346 3036 rdpdr - ok
20:44:47.0349 3036 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:44:47.0351 3036 RDPENCDD - ok
20:44:47.0391 3036 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
20:44:47.0394 3036 RDPWD - ok
20:44:47.0424 3036 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:44:47.0427 3036 RemoteAccess - ok
20:44:47.0474 3036 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:44:47.0478 3036 RemoteRegistry - ok
20:44:47.0506 3036 RLDesignVirtualAudioCableWdm (cf1eee81fd32238fc51adca9f2266b7d) C:\Windows\system32\DRIVERS\livecamv.sys
20:44:47.0507 3036 RLDesignVirtualAudioCableWdm - ok
20:44:47.0523 3036 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:44:47.0525 3036 RpcLocator - ok
20:44:47.0619 3036 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:44:47.0625 3036 RpcSs - ok
20:44:47.0646 3036 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:47.0647 3036 rspndr - ok
20:44:47.0697 3036 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:44:47.0701 3036 RTL8169 - ok
20:44:47.0736 3036 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:47.0737 3036 SamSs - ok
20:44:47.0758 3036 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:44:47.0759 3036 sbp2port - ok
20:44:47.0806 3036 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:44:47.0810 3036 SCardSvr - ok
20:44:47.0881 3036 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:44:47.0892 3036 Schedule - ok
20:44:47.0960 3036 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:44:47.0961 3036 SCPolicySvc - ok
20:44:48.0533 3036 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:44:48.0537 3036 SDRSVC - ok
20:44:48.0678 3036 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:44:48.0680 3036 SeaPort - ok
20:44:48.0730 3036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:44:48.0732 3036 secdrv - ok
20:44:48.0748 3036 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:44:48.0750 3036 seclogon - ok
20:44:48.0765 3036 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
20:44:48.0767 3036 SENS - ok
20:44:48.0778 3036 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:44:48.0779 3036 Serenum - ok
20:44:48.0794 3036 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:44:48.0796 3036 Serial - ok
20:44:48.0812 3036 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:44:48.0813 3036 sermouse - ok
20:44:48.0833 3036 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:44:48.0837 3036 SessionEnv - ok
20:44:48.0852 3036 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:44:48.0853 3036 sffdisk - ok
20:44:48.0875 3036 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:48.0876 3036 sffp_mmc - ok
20:44:48.0887 3036 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:44:48.0888 3036 sffp_sd - ok
20:44:48.0900 3036 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:44:48.0901 3036 sfloppy - ok
20:44:48.0977 3036 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:44:48.0983 3036 SharedAccess - ok
20:44:49.0043 3036 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:44:49.0048 3036 ShellHWDetection - ok
20:44:49.0060 3036 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:44:49.0062 3036 SiSRaid2 - ok
20:44:49.0120 3036 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:44:49.0121 3036 SiSRaid4 - ok
20:44:49.0316 3036 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:44:49.0336 3036 Skype C2C Service - ok
20:44:49.0413 3036 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:44:49.0415 3036 SkypeUpdate - ok
20:44:49.0570 3036 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:44:49.0620 3036 slsvc - ok
20:44:49.0741 3036 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:44:49.0744 3036 SLUINotify - ok
20:44:49.0794 3036 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:44:49.0795 3036 Smb - ok
20:44:49.0809 3036 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:44:49.0812 3036 SNMPTRAP - ok
20:44:49.0852 3036 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:44:49.0853 3036 spldr - ok
20:44:49.0920 3036 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:44:49.0924 3036 Spooler - ok
20:44:49.0972 3036 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:44:49.0977 3036 srv - ok
20:44:50.0013 3036 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:44:50.0017 3036 srv2 - ok
20:44:50.0044 3036 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:50.0047 3036 srvnet - ok
20:44:50.0074 3036 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:44:50.0078 3036 SSDPSRV - ok
20:44:50.0092 3036 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:44:50.0096 3036 SstpSvc - ok
20:44:50.0155 3036 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:44:50.0165 3036 stisvc - ok
20:44:50.0265 3036 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:44:50.0266 3036 stllssvr - ok
20:44:50.0288 3036 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:44:50.0289 3036 swenum - ok
20:44:50.0348 3036 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:44:50.0355 3036 swprv - ok
20:44:50.0368 3036 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:44:50.0370 3036 Symc8xx - ok
20:44:50.0385 3036 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:44:50.0386 3036 Sym_hi - ok
20:44:50.0400 3036 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:44:50.0401 3036 Sym_u3 - ok
20:44:50.0470 3036 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:44:50.0481 3036 SysMain - ok
20:44:50.0500 3036 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:44:50.0503 3036 TabletInputService - ok
20:44:50.0550 3036 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:44:50.0555 3036 TapiSrv - ok
20:44:50.0566 3036 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:44:50.0569 3036 TBS - ok
20:44:50.0646 3036 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
20:44:50.0674 3036 Tcpip - ok
20:44:50.0687 3036 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:50.0697 3036 Tcpip6 - ok
20:44:50.0754 3036 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:44:50.0756 3036 tcpipreg - ok
20:44:50.0778 3036 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:44:50.0780 3036 TDPIPE - ok
20:44:50.0795 3036 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:44:50.0796 3036 TDTCP - ok
20:44:50.0839 3036 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:44:50.0841 3036 tdx - ok
20:44:50.0888 3036 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:44:50.0889 3036 TermDD - ok
20:44:50.0978 3036 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:44:50.0986 3036 TermService - ok
20:44:51.0041 3036 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:44:51.0045 3036 Themes - ok
20:44:51.0066 3036 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:44:51.0067 3036 THREADORDER - ok
20:44:51.0115 3036 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
20:44:51.0116 3036 tmactmon - ok
20:44:51.0167 3036 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
20:44:51.0169 3036 tmcomm - ok
20:44:51.0183 3036 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
20:44:51.0185 3036 tmevtmgr - ok
20:44:51.0225 3036 tmlwf (5922b1f5741bbdbaf7f7b4cbd2b7c4a5) C:\Windows\system32\DRIVERS\tmlwf.sys
20:44:51.0227 3036 tmlwf - ok
20:44:51.0239 3036 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
20:44:51.0240 3036 tmtdi - ok
20:44:51.0289 3036 tmwfp (0a2e3899cc72ad4cc85ea3d50a5331cc) C:\Windows\system32\DRIVERS\tmwfp.sys
20:44:51.0294 3036 tmwfp - ok
20:44:51.0318 3036 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:44:51.0322 3036 TrkWks - ok
20:44:51.0384 3036 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:44:51.0386 3036 TrustedInstaller - ok
20:44:51.0409 3036 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:51.0410 3036 tssecsrv - ok
20:44:51.0435 3036 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:44:51.0436 3036 tunmp - ok
20:44:51.0486 3036 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:51.0487 3036 tunnel - ok
20:44:51.0505 3036 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:44:51.0506 3036 uagp35 - ok
20:44:51.0554 3036 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:44:51.0558 3036 udfs - ok
20:44:51.0575 3036 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:44:51.0578 3036 UI0Detect - ok
20:44:51.0596 3036 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:44:51.0598 3036 uliagpkx - ok
20:44:51.0625 3036 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:44:51.0628 3036 uliahci - ok
20:44:51.0651 3036 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:44:51.0653 3036 UlSata - ok
20:44:51.0673 3036 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:44:51.0676 3036 ulsata2 - ok
20:44:51.0692 3036 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:44:51.0694 3036 umbus - ok
20:44:51.0713 3036 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:44:51.0719 3036 upnphost - ok
20:44:51.0762 3036 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:44:51.0763 3036 USBAAPL64 - ok
20:44:51.0822 3036 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
20:44:51.0823 3036 usbaudio - ok
20:44:51.0845 3036 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:51.0847 3036 usbccgp - ok
20:44:51.0862 3036 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:44:51.0863 3036 usbcir - ok
20:44:51.0880 3036 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:51.0881 3036 usbehci - ok
20:44:51.0919 3036 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:51.0924 3036 usbhub - ok
20:44:51.0942 3036 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:44:51.0943 3036 usbohci - ok
20:44:51.0962 3036 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:51.0963 3036 usbprint - ok
20:44:51.0987 3036 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
20:44:51.0988 3036 usbscan - ok
20:44:52.0030 3036 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:52.0031 3036 USBSTOR - ok
20:44:52.0052 3036 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:52.0053 3036 usbuhci - ok
20:44:52.0074 3036 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
20:44:52.0076 3036 usbvideo - ok
20:44:52.0115 3036 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:44:52.0117 3036 UxSms - ok
20:44:52.0171 3036 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:44:52.0178 3036 vds - ok
20:44:52.0187 3036 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:52.0189 3036 vga - ok
20:44:52.0200 3036 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:44:52.0201 3036 VgaSave - ok
20:44:52.0212 3036 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:44:52.0213 3036 viaide - ok
20:44:52.0229 3036 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:44:52.0231 3036 volmgr - ok
20:44:52.0282 3036 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:44:52.0287 3036 volmgrx - ok
20:44:52.0348 3036 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:44:52.0352 3036 volsnap - ok
20:44:52.0369 3036 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:44:52.0372 3036 vsmraid - ok
20:44:52.0457 3036 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:44:52.0487 3036 VSS - ok
20:44:52.0534 3036 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:44:52.0540 3036 W32Time - ok
20:44:52.0565 3036 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:44:52.0566 3036 WacomPen - ok
20:44:52.0608 3036 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:52.0609 3036 Wanarp - ok
20:44:52.0613 3036 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:52.0614 3036 Wanarpv6 - ok
20:44:52.0641 3036 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:44:52.0650 3036 wcncsvc - ok
20:44:52.0668 3036 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:44:52.0671 3036 WcsPlugInService - ok
20:44:52.0685 3036 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:44:52.0686 3036 Wd - ok
20:44:52.0728 3036 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:44:52.0738 3036 Wdf01000 - ok
20:44:52.0762 3036 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:44:52.0765 3036 WdiServiceHost - ok
20:44:52.0768 3036 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:44:52.0770 3036 WdiSystemHost - ok
20:44:52.0785 3036 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:44:52.0790 3036 WebClient - ok
20:44:52.0856 3036 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:44:52.0860 3036 Wecsvc - ok
20:44:52.0873 3036 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:44:52.0876 3036 wercplsupport - ok
20:44:52.0891 3036 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:44:52.0895 3036 WerSvc - ok
20:44:52.0927 3036 WinDefend - ok
20:44:52.0936 3036 WinHttpAutoProxySvc - ok
20:44:53.0089 3036 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:44:53.0092 3036 Winmgmt - ok
20:44:53.0214 3036 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:44:53.0252 3036 WinRM - ok
20:44:53.0891 3036 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:44:53.0900 3036 Wlansvc - ok
20:44:53.0971 3036 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:44:53.0973 3036 wlcrasvc - ok
20:44:54.0158 3036 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:44:54.0172 3036 wlidsvc - ok
20:44:54.0248 3036 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
20:44:54.0249 3036 WmiAcpi - ok
20:44:54.0327 3036 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:44:54.0331 3036 wmiApSrv - ok
20:44:54.0408 3036 WMP110 (a64e13873806fbdb9c0081002336ff72) C:\Windows\system32\DRIVERS\WMP110.sys
20:44:54.0419 3036 WMP110 - ok
20:44:54.0494 3036 WMPNetworkSvc - ok
20:44:54.0525 3036 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:44:54.0530 3036 WPCSvc - ok
20:44:54.0581 3036 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:44:54.0584 3036 WPDBusEnum - ok
20:44:54.0623 3036 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
20:44:54.0624 3036 WpdUsb - ok
20:44:54.0795 3036 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:44:54.0808 3036 WPFFontCache_v0400 - ok
20:44:54.0830 3036 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:44:54.0832 3036 ws2ifsl - ok
20:44:54.0870 3036 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
20:44:54.0873 3036 wscsvc - ok
20:44:54.0876 3036 WSearch - ok
20:44:55.0012 3036 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:44:55.0030 3036 wuauserv - ok
20:44:55.0175 3036 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:55.0178 3036 WUDFRd - ok
20:44:55.0207 3036 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:44:55.0212 3036 wudfsvc - ok
20:44:55.0235 3036 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:44:55.0599 3036 \Device\Harddisk0\DR0 - ok
20:44:55.0624 3036 Boot (0x1200) (31e6ca1007c7fef5e461ab7f68734e49) \Device\Harddisk0\DR0\Partition0
20:44:55.0626 3036 \Device\Harddisk0\DR0\Partition0 - ok
20:44:55.0629 3036 Boot (0x1200) (2ca48132261161463085765b12dcd95d) \Device\Harddisk0\DR0\Partition1
20:44:55.0631 3036 \Device\Harddisk0\DR0\Partition1 - ok
20:44:55.0632 3036 ============================================================
20:44:55.0632 3036 Scan finished
20:44:55.0632 3036 ============================================================
20:44:55.0643 4380 Detected object count: 0
20:44:55.0643 4380 Actual detected object count: 0
20:45:13.0774 4568 Deinitialize success

-------------------------------------------------------------------------------

COMBOFIX LOG

ComboFix 12-07-16.01 - Rob & Teresa 07/17/2012 20:49:43.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8189.5764 [GMT -4:00]
Running from: c:\users\Rob & Teresa\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob & Teresa\AppData\Local\PMB Files\Mozilla\ewvjntv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-15 00:15 . 2012-07-15 00:15 -------- d-----w- C:\MGADiagToolOutput
2012-07-15 00:14 . 2012-07-15 00:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-07-11 10:41 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-23 13:25 . 2012-06-23 13:25 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-06-21 16:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 16:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 16:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 16:09 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:09 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 16:09 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 16:09 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:58 . 2012-04-26 11:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 18:58 . 2011-06-27 10:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:24 . 2011-11-30 14:41 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-23 13:24 . 2011-11-30 14:41 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-19 13:11 . 2012-05-19 13:11 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-19 13:11 . 2010-05-31 00:50 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-15 06:37 . 2012-06-13 06:53 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-15 06:32 . 2012-06-13 06:53 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 06:53 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 06:53 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 06:53 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-15 05:01 . 2012-06-13 06:53 385024 ----a-w- c:\windows\SysWow64\html.iec
2012-05-15 03:26 . 2012-06-13 06:53 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 06:53 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 02:19 . 2012-06-13 06:53 1147392 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 02:15 . 2012-06-13 06:53 56832 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 02:14 . 2012-06-13 06:53 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 02:14 . 2012-06-13 06:53 77312 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 02:14 . 2012-06-13 06:53 132096 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 01:21 . 2012-06-13 06:53 479232 ----a-w- c:\windows\system32\html.iec
2012-05-15 00:40 . 2012-06-13 06:53 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 00:39 . 2012-06-13 06:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:29 . 2012-06-13 06:53 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:25 . 2012-06-13 06:53 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:25 . 2012-06-13 06:53 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:25 . 2012-06-13 06:53 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 06:53 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-23 16:00 . 2012-06-13 06:53 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 06:53 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-22 13:51 . 2012-04-21 14:20 21520 ----a-w- c:\windows\DCEBoot64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-03-26 2937528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-03-20 442499]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-23 296056]
.
c:\users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Dropbox.lnk - c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-28 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 18:58]
.
2012-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-18 12:25]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 21:08]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-13 21:08]
.
2012-07-18 c:\windows\Tasks\User_Feed_Synchronization-{0D1408BA-3CA6-493F-9D3B-1C7FBCF140A3}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rob & Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yankees.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.optimusexperience.com/us/Plugin/DFusionHomeWebPlugIn.Installer.exe
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-(Default) - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-07-17 21:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 01:24
.
Pre-Run: 449,349,447,680 bytes free
Post-Run: 449,804,296,192 bytes free
.
- - End Of File - - 8E9362A4923BAFE35EDDF506ACAB7060

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 17 July 2012 - 10:09 PM

Please do this next:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 July 2012 - 04:16 PM

i did the MBAM scan and the results are below, it seems like all these scans that i am doing are finding nothing. is that true?

-----------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19272
Rob & Teresa :: ROBTERESA-PC [administrator]

Protection: Enabled

7/18/2012 6:45:24 AM
mbam-log-2012-07-18 (06-45-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452224
Time elapsed: 2 hour(s), 6 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 18 July 2012 - 05:30 PM

I'm not finding much at all. Are you still having issues with the computer? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • Are you still having issues with the computer?
  • OTL fix log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 July 2012 - 05:50 AM

i don't seem to be having the pop-ups anymore, but almost everytime i visit pages, i am getting 2 security warnings that i am leaving a secure webpage, i never got those before.

i updated my java as you requested

i ran the ESET Scan, and it found 2 threats, but i followed your on-screen instructions and i was not able to find a log that was created that showed those threats, i will post the log that was created on my C:/., as well as the location of the 2 files that it found. when i look at one of those files, and click properties, it seems to have been created when my problems began on july 10.

----------------------------------------------------------------------------------

OTL Log

OTL logfile created on: 7/18/2012 10:01:54 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob & Teresa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.46% Memory free
16.13 Gb Paging File | 13.73 Gb Available in Paging File | 85.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 419.15 Gb Free Space | 61.32% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.99 Gb Free Space | 53.28% Space Free | Partition Type: NTFS

Computer Name: ROBTERESA-PC | User Name: Rob & Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 06:55:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
PRC - [2012/07/11 13:58:27 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/23 09:24:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/17 15:28:52 | 000,509,456 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarHelper.dll
MOD - [2011/02/17 15:28:52 | 000,029,200 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuSetting.dll
MOD - [2011/02/17 15:28:52 | 000,029,200 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuHelp.dll
MOD - [2011/02/16 23:42:44 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/02/16 23:42:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/12/08 20:54:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/10/29 02:06:44 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 08:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 14:58:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 13:33:00 | 003,290,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/17 18:05:02 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:54:59 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/11/20 09:54:59 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/11/20 09:54:59 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/11/20 09:54:59 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/20 09:54:59 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/11/20 09:54:59 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/01 05:12:26 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 09:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/18 11:59:08 | 000,949,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WMP110.sys -- (WMP110)
DRV:64bit: - [2007/06/07 21:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/03/08 17:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}
IE:64bit: - HKLM\..\SearchScopes\{3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yankees.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Rob & Teresa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/11/20 10:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/03/20 08:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 09:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks [2009/12/04 21:51:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/07/17 21:21:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.optimusexperience.com/us/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69EA13B3-2070-4D4B-AA04-F8A371D644A2}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFFF4C06-4B6D-452C-85D9-0203A6CAFCBC}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E476AE48-8195-44FF-9316-3154354A9472}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/08 20:08:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/18 21:54:51 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 21:54:14 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 21:54:14 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 06:41:21 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Roaming\Malwarebytes
[2012/07/18 06:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 06:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/18 06:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/18 06:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/18 06:40:17 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rob & Teresa\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/17 21:25:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/17 21:21:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/17 21:08:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\temp
[2012/07/17 20:47:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/17 20:47:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/17 20:47:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/17 20:47:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/17 20:46:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/17 20:42:13 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Rob & Teresa\Desktop\ComboFix.exe
[2012/07/17 07:21:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rob & Teresa\Desktop\aswMBR.exe
[2012/07/17 06:55:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/16 22:11:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob & Teresa\Desktop\TDSSKiller.exe
[2012/07/16 20:29:11 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CE2DD31E-3A4F-469D-B723-F8647F869811}
[2012/07/16 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CFB69A43-6F5C-45CF-B882-320FE416905A}
[2012/07/15 06:53:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{F2712258-7C9B-40C8-8D64-222B312995A1}
[2012/07/15 06:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4862D3B1-E4CD-4DD8-8172-8721B7D106D5}
[2012/07/14 20:15:14 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/07/14 20:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/07/14 20:03:55 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Rob & Teresa\Desktop\MGADiag.exe
[2012/07/13 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CBAFBE4E-7419-46AB-BFEC-225E190BD9E2}
[2012/07/13 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{43D46D06-11DE-4ADD-91FD-7C155D75FD4F}
[2012/07/11 03:54:07 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C12633E9-AA8C-4C82-9B40-B5D634544006}
[2012/07/10 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A30DB61E-E62E-4920-857B-C9982B09A6A7}
[2012/07/10 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{8F982E91-D826-41D7-948C-35A89D39A775}
[2012/07/10 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{7D336145-B69B-46A8-8CFD-35321EFD2F50}
[2012/07/09 20:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{DA5EE426-732C-4546-994A-D12087897E7C}
[2012/07/09 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FD007480-B7BB-4695-93C4-0B3A2A2077E7}
[2012/07/09 08:08:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{550A4FB3-7FAD-400C-B9AD-01A5F7CD75A6}
[2012/07/09 08:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9D8096A7-2A8C-4EF1-A3CF-00C358921C1C}
[2012/07/08 06:23:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{79CDEB50-7CE4-40C1-B6C9-F1A9D4CE8335}
[2012/07/08 06:22:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9FD16888-F079-4EF5-B10D-0AA7D8CE18F5}
[2012/07/06 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{289B11B1-EA51-431D-8158-D9AA62CDAAD2}
[2012/07/06 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{86DE4BBE-B3EF-4D64-B757-63B42F88BEA0}
[2012/07/06 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CAF8E12F-F794-4F0C-B9AD-69B6DF35B5FB}
[2012/07/06 09:13:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{77EA964D-5871-4664-ACA9-ACBBFFD7EF23}
[2012/07/05 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CD00F6A4-1E10-43D0-BEDA-03E44600D058}
[2012/07/05 08:05:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D3504B8B-50A5-448F-A0CC-71222F5DC966}
[2012/06/30 07:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4D845BF2-EA71-4784-B635-44E92051A95B}
[2012/06/30 07:55:42 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{98D4652D-6BB5-43A3-B591-A39C0FBE9F59}
[2012/06/29 18:09:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{F7F9B670-8509-417E-B316-32A7EFC1E576}
[2012/06/29 18:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C34C3334-786A-4558-A420-AF50C0D1B7D8}
[2012/06/29 06:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{54259742-1270-4C5B-9537-89176225B913}
[2012/06/29 06:08:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{00A04CDC-E2F8-4E2C-AA93-CDCDBA9CE6EA}
[2012/06/28 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CEC5D7B6-72EB-4858-B6A2-9B1288A6A39E}
[2012/06/28 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B08CFD0E-006B-42FD-B56C-3830E007D253}
[2012/06/28 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5706A129-18E8-45D9-9C0F-F66A2B153B66}
[2012/06/28 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2D5C4BFA-EE31-42F4-8A2D-0CF4B7ECDEDE}
[2012/06/27 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{43F3DE2F-CE00-42C1-9CC5-05C10CEFBB5A}
[2012/06/27 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A46DE864-0120-4857-9CFB-68D5DCF09312}
[2012/06/26 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9A728C05-D209-4340-B91F-1D1FF252F948}
[2012/06/26 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5CC4C33F-4338-440D-ADBA-671FF05AD680}
[2012/06/26 09:06:18 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{60331546-AABD-4048-9945-03A86044CE9D}
[2012/06/26 09:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0583AA22-3C98-42B3-A336-3A569DE1CB84}
[2012/06/25 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{809FA752-DF44-4DDB-9E6C-CFC1C093CDF6}
[2012/06/25 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{BF8F5BBC-1D75-429E-8333-3033CB9DC955}
[2012/06/25 06:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{85314D85-5380-4362-9C54-6FCBD24C12F9}
[2012/06/25 06:45:32 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{6CDB4920-0E1F-4E09-9A6B-A24134EF2FE0}
[2012/06/24 08:58:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{24ABFCEB-4508-48A0-B51F-F6BE5A5C7110}
[2012/06/23 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{3F843821-19F2-4658-B932-5970A2444B1E}
[2012/06/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/23 09:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/23 08:57:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2FD27759-F5B3-40FD-9B82-F12919EBD074}
[2012/06/23 08:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EBFD6085-C12F-4F0F-A7A8-0A403CD5D011}
[2012/06/22 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D6EEA47E-801B-4807-A280-BA6D9CAAC174}
[2012/06/22 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C7B1DA5A-5315-4679-AD48-5263BF9FFFFF}
[2012/06/22 08:56:40 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E81F0E6D-CA05-4EA2-AE27-A484DB62B2DD}
[2012/06/22 08:56:29 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B25428BD-B38A-4740-98A4-0842AE887EFA}
[2012/06/21 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A7ACDFE8-3D97-4823-A714-F1B62FBD7F8D}
[2012/06/21 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{828328B8-50D0-4838-B1A4-0DDCA7760A93}
[2012/06/21 12:10:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 12:10:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 12:10:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 12:09:58 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 12:09:58 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 12:09:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 12:09:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 12:09:58 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 12:09:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 12:09:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 12:09:49 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 12:09:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 12:09:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/21 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D4AE068F-FE6F-4501-BDD7-C9DB73B30D4E}
[2012/06/21 08:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{1D041A7A-FCAA-4F14-B603-25BC2FB989A4}
[2012/06/20 20:55:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{18B3933A-06AB-4804-BE65-94CAAB2183A7}
[2012/06/20 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9AC4F500-DE64-4E34-B4DB-F9C45B941959}
[2012/06/20 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FC9EFE00-D2CF-4266-BBEE-D0238BB60450}
[2012/06/20 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{01B0D79E-8F6E-44A1-A3B7-0507EE406A19}
[2012/06/19 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EA38DE54-8F01-4263-9DE6-259A8D73BFB1}
[2012/06/19 20:53:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E7415C0D-6F28-4A20-A8AF-0F69F2A7BCC1}
[2012/06/19 08:53:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E98A4983-D8FC-4E09-AF33-0D3FF3D1A5BD}
[2012/06/19 08:53:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0686A83D-3511-4F3E-A7CB-64D2DB53215B}
[2009/07/22 13:34:38 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Rob & Teresa\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/18 22:06:16 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D1408BA-3CA6-493F-9D3B-1C7FBCF140A3}.job
[2012/07/18 21:58:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 21:58:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 21:58:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 21:54:03 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 21:54:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 21:54:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 21:54:02 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/07/18 21:54:02 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/18 21:50:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 21:49:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 19:58:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 10:38:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/18 06:41:11 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 06:40:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rob & Teresa\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/17 21:21:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/17 20:43:34 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob & Teresa\Desktop\TDSSKiller.exe
[2012/07/17 20:42:20 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Rob & Teresa\Desktop\ComboFix.exe
[2012/07/17 20:42:01 | 002,117,152 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\tdsskiller.zip
[2012/07/17 17:21:40 | 000,000,512 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\MBR.dat
[2012/07/17 07:21:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rob & Teresa\Desktop\aswMBR.exe
[2012/07/17 06:55:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/16 16:10:04 | 000,456,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/15 12:11:05 | 000,000,000 | ---- | M] () -- C:\Users\Rob & Teresa\defogger_reenable
[2012/07/14 20:03:56 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Rob & Teresa\Desktop\MGADiag.exe
[2012/07/13 09:10:35 | 000,000,970 | ---- | M] () -- C:\Users\Rob & Teresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 14:58:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 14:58:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/10 20:27:14 | 851,756,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/10 06:39:50 | 000,002,609 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Excel.lnk
[2012/07/06 17:06:12 | 000,002,651 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Word.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 09:25:11 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/23 09:24:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/23 09:24:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/23 09:24:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/21 20:37:41 | 000,777,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 20:37:41 | 000,655,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 20:37:41 | 000,124,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/18 06:41:11 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 20:47:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/17 20:47:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/17 20:47:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/17 20:47:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/17 20:47:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/17 20:42:01 | 002,117,152 | ---- | C] () -- C:\Users\Rob & Teresa\Desktop\tdsskiller.zip
[2012/07/17 17:21:40 | 000,000,512 | ---- | C] () -- C:\Users\Rob & Teresa\Desktop\MBR.dat
[2012/07/15 12:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Rob & Teresa\defogger_reenable
[2012/04/21 10:20:45 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/08 20:54:49 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/08 20:31:26 | 000,772,598 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 20:32:39 | 000,038,466 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/15 21:34:45 | 000,000,036 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\housecall.guid.cache
[2009/03/13 13:56:11 | 000,006,836 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\d3d9caps.dat
[2009/03/13 12:58:26 | 000,055,808 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< :Commands >

< [EmptyTemp] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


--------------------------------------------------------------------------------------

here is the only ESET log i could find anywhere on my hard drive

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

------------------------------------------------------------------------------------------
here are the 2 file locations that it found to be threats

1. C:\Qoobox\Quarantine\C\Users\Rob & Teresa\AppData\Local\PMB Files\Mozilla\ewvjntv.dll.vir
2. C:\Users\Rob & Teresa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\68c15ced-60a3ec3a

i have noticied that alot of my scans are coming up with stuff for mozilla, i no longer have that program installed on my computer, is it possible to remove all the remnants of what was left behind when the program was uninstalled?

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 19 July 2012 - 04:43 PM

This LINK has instructions to disable those notifications you are getting.

I need you to try that OTL fix again - you pressed "Scan" instead of "Run Fix" Once that fix is run properly it will take care of those ESET detections:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Please include the following in your next post:
  • OTL fix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 July 2012 - 08:26 PM

sorry about that


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rob & Teresa
->Temp folder emptied: 582890 bytes
->Temporary Internet Files folder emptied: 12800037 bytes
->Java cache emptied: 39873667 bytes
->Flash cache emptied: 2829599 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07192012_182123

Files\Folders moved on Reboot...
C:\Users\Rob & Teresa\AppData\Local\Temp\Low\REGA156.tmp moved successfully.
C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R131H8KP\aclk[1].htm moved successfully.
C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7NSB2LMY\si[1].htm moved successfully.
C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7NSB2LMY\topic460765[1].html moved successfully.
C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
File C:\Users\Rob & Teresa\AppData\Local\Temp\Low\REGA156.tmp not found!
File C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R131H8KP\aclk[1].htm not found!
File C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7NSB2LMY\si[1].htm not found!
File C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7NSB2LMY\topic460765[1].html not found!
File C:\Users\Rob & Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 20 July 2012 - 10:01 PM

That looks good! Go to Control Panel > Programs > Uninstall a program and tell me if you see "Mozilla Firefox" in the list of programs.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 July 2012 - 05:38 AM

i do not see mozilla firefox in the uninstall list.

but when i look on my c:/ there is a folder there with 1 file in it, in program files (x86)

after i correctly ran the OTL fix, i did another ESET scan, and this time it found only 1 threat, but still did not produce a log.
the file is the same as last time "C:\Qoobox\Quarantine\C\Users\Rob & Teresa\AppData\Local\PMB Files\Mozilla\ewvjntv.dll.vir a variant of Win32/Kryptik.AIGB trojan"

and like i said last time, the file that was found, when i click porperties, it was created on the day when i first noticed the pop-ups and having problems. coincidence?

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 21 July 2012 - 10:30 PM

Your logs look good. That ESET detection is safely in the ComboFix quarantine and will be permanently removed when we uninstall ComboFix. It sounds like Firefox left behind the folder containing your profile information and settings for the browser. You may manually delete that folder, or reinstall Firefox then use something like Revo Uninstaller to completely remove it.

All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 robo122

robo122
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 July 2012 - 05:41 PM

thank you for all of your help. i don't see to be having any pop-ups anymore.

do you think it is safe to resume using my computer as i previously was? i have yet to log into any sites using a password.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users