bob765

Members

View Profile See their activity

Posts
9
Joined
July 7, 2012
Last visited
July 19, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by bob765

chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

that was it!!!! wow! So did that video converter program have a Trojan in it ??? No more default extension!! thanks for the help Maniac your the best!!!!!
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

hey Maniac. That scan took ~5 hrs but didn't leave a log where you indicated. A search of my hardrive showed there is no C:\Program Files\EsetOnlineScanner directy Below is the log from the scan window :\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\Default\Default\aadeggdcgcdhgfdhdbgcdhgcdegddcdd\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined C:\Users\Public\Downloads\allllll\QuickTimeInstaller.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

hey Maniac, https://www.virustotal.com/file/c777e50151b3146f745a5b227f602e902e60961f67839db9ff4d27669ff4f4c3/analysis/1341921885/
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

Hey Maniac, Here is the log ComboFix 12-07-08.03 - Joe Dell2 07/09/2012 20:41:58.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5770 [GMT -4:00] Running from: c:\users\Joe Dell2\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\invokesi.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 00:50 . 2012-07-10 00:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-10 00:50 . 2012-07-10 00:50 -------- d-----w- c:\users\Kathleen\AppData\Local\temp 2012-07-09 21:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{164513E5-84B2-4261-9128-7070F87AE56B}\mpengine.dll 2012-07-09 00:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 13:48 . 2012-07-08 13:48 -------- d-----w- c:\users\TEMP 2012-07-08 13:40 . 2012-07-08 13:40 -------- d-----w- C:\_OTL 2012-07-06 22:28 . 2012-07-06 22:28 -------- d-----w- c:\program files\CCleaner 2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\users\Joe Dell2\AppData\Roaming\Malwarebytes 2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\programdata\Malwarebytes 2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-06 22:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-04 12:17 . 2012-07-04 12:17 16200 ----a-w- c:\windows\stinger.sys 2012-07-04 12:16 . 2012-07-04 14:37 -------- d-----w- c:\program files (x86)\stinger 2012-07-04 12:10 . 2012-07-04 12:10 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-07-04 12:10 . 2012-07-05 21:20 -------- d-----w- c:\program files (x86)\McAfee 2012-07-04 11:35 . 2012-06-16 12:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-04 11:35 . 2012-06-16 12:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16138CD3-D960-4FBB-89E9-E0B7A9832262}\gapaengine.dll 2012-06-30 16:06 . 2012-06-30 16:06 -------- d-----w- c:\program files\iPod 2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\program files\iTunes 2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\program files (x86)\iTunes 2012-06-30 16:05 . 2012-06-30 16:05 -------- d-----w- c:\program files\Common Files\Apple 2012-06-30 16:04 . 2012-06-30 16:05 -------- d-----w- c:\program files\Bonjour 2012-06-30 16:04 . 2012-06-30 16:05 -------- d-----w- c:\program files (x86)\Bonjour 2012-06-19 10:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 10:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 10:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 10:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 10:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 10:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 10:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 10:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 10:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 19:38 . 2012-06-18 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-18 19:37 . 2012-06-18 19:37 -------- d-----w- c:\program files (x86)\Oracle 2012-06-18 19:37 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-16 21:25 . 2012-06-16 21:26 -------- d-----w- c:\users\Rachel 2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-16 12:32 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-16 12:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-15 22:54 . 2012-06-15 22:54 -------- d-----w- c:\users\Joe Dell2\AppData\Local\Evernote 2012-06-15 22:52 . 2012-06-15 22:52 -------- d-----w- c:\program files (x86)\Evernote 2012-06-15 11:02 . 2012-06-15 11:02 -------- d-----w- c:\windows\Options 2012-06-15 11:02 . 2010-01-05 23:23 1847296 ----a-w- c:\windows\system32\drivers\athurx.sys 2012-06-15 11:02 . 2010-01-05 23:23 1847296 ----a-r- c:\windows\system32\athurx.sys 2012-06-15 11:02 . 2012-06-15 11:02 -------- d-----w- c:\programdata\TP-LINK . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-05-04 23:29 . 2010-04-18 01:33 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-25 16:11 . 2012-04-25 16:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-04-25 16:11 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616] "DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2009-12-17 55808] "ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-10-22 53248] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048] "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112] Warner Bros.lnk - e:\video\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A] Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-1-5 117344] Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624] WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2010-1-5 98304] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/07/31 08:23;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360] R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 16:52;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176] R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-01 136192] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 31744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 w4shwdrv;w4shwdrv;c:\users\JOEDEL~1\AppData\Local\Temp\w4s7150.tmp [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-08 63760] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/31 08:24];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640] S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296] S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2009-08-11 1562368] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-25 174184] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_1628BCEA *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:07] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:07] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001Core.job - c:\users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 12:11] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001UA.job - c:\users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 12:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe SafeBoot-mcmscsvc SafeBoot-MCODS HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe AddRemove-YInstHelper - c:\windows\system32\regsvr32 AddRemove-1279152301.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv] "ImagePath"="\??\c:\users\JOEDEL~1\AppData\Local\Temp\w4s7150.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe c:\program files (x86)\Virtual Account Numbers\CitiVAN.exe c:\windows\SysWOW64\OBroker.exe c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2012-07-09 21:01:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-10 01:01 . Pre-Run: 647,209,123,840 bytes free Post-Run: 646,927,257,600 bytes free . - - End Of File - - FFD21CD8B14B5A4AF0D6EABA64AA6924
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

Hey Maniac, No the extension still shows up in the browser. I'll delete it and exit out of Chrome. Then go back into chrome and that extension will be back. -b
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

hey Maniac, here is the Otl fix log All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found. Registry key HKEY_USERS\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ deleted successfully. File C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ not found. File C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Starting removal of ActiveX control {15589FA1-C456-11CE-BF01-00AA0055595A} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found. ========== FILES ========== File\Folder C:\Program Files (x86)\freecordertoolbar not found. File\Folder C:\Program Files (x86)\Ask.com not found. File\Folder C:\Program Files (x86)\Yontoo Layers Runtime not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Joe Dell2\Downloads\cmd.bat deleted successfully. C:\Users\Joe Dell2\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes ->Flash cache emptied: 56466 bytes User: Joe Dell2 ->Temp folder emptied: 1303692 bytes ->Temporary Internet Files folder emptied: 11692569 bytes ->Java cache emptied: 1802578 bytes ->Google Chrome cache emptied: 416730266 bytes ->Flash cache emptied: 57789 bytes User: Kathleen ->Temp folder emptied: 432316 bytes ->Temporary Internet Files folder emptied: 16792646 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 57232 bytes User: Public User: Rachel ->Temp folder emptied: 630598 bytes ->Temporary Internet Files folder emptied: 177734029 bytes ->Java cache emptied: 8954 bytes ->Flash cache emptied: 124645 bytes User: TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16148 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 599.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07082012_094025 Files\Folders moved on Reboot... C:\Users\Joe Dell2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\JETF9B9.tmp moved successfully. PendingFileRenameOperations files... File C:\Users\Joe Dell2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\JETF9B9.tmp not found! Registry entries deleted on Reboot...
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

Hey Manic, Here is Extras.txt and aswMBR OTL Extras logfile created on: 7/7/2012 10:29:36 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Joe Dell2\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.06% Memory free 15.98 Gb Paging File | 13.66 Gb Available in Paging File | 85.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.82 Gb Total Space | 599.23 Gb Free Space | 65.36% Space Free | Partition Type: NTFS Drive D: | 116.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 1397.26 Gb Total Space | 684.46 Gb Free Space | 48.99% Space Free | Partition Type: NTFS Computer Name: BIGDELL | User Name: Joe Dell2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E9F17E7-A029-48D6-9705-8CAEE9B6CC07}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1AE38F2F-3ED0-4ECD-9802-E6AB226FB214}" = rport=138 | protocol=17 | dir=out | app=system | "{25E40602-D033-47D9-B6F3-BD6790AF13A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27C1E706-8793-424D-BE95-8E34D6BB189F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2DF5C363-9BDD-4A1F-9527-620B1C7FE21A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E3EA2B2-14EF-4BB5-988A-4B533F269868}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe | "{2F2F6ED5-0A7B-400F-8D65-730CDBBDD796}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{37993DE1-28C0-41E6-BA9B-897653A6194F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3CE1A0F2-DEDB-4F16-8541-25B6D5079E2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{443701A2-90E9-4F3C-88A9-0469E6BB2D89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47227D9D-A5BF-47F7-9EED-B3D4003FE296}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{47A31189-0825-45AE-AA5C-36A60BC09547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4E07EB93-754E-49B4-A284-A1DEE7F042A7}" = lport=2869 | protocol=6 | dir=in | app=system | "{4E3CB2E0-2E01-4495-B667-EBCD91C5FEDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5579EB13-8CC2-40D8-9892-396CC67A4D64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{688EB171-0E5E-4615-AE58-DFE36F686861}" = lport=10243 | protocol=6 | dir=in | app=system | "{7F585186-1B9A-404A-9ACA-01FD143FA296}" = rport=137 | protocol=17 | dir=out | app=system | "{80FFFE8E-CB43-4171-BCA5-5B89ABB2A98F}" = lport=139 | protocol=6 | dir=in | app=system | "{919ADAEF-96FA-4DFD-A6FE-AE4A37F0B4BA}" = rport=10243 | protocol=6 | dir=out | app=system | "{9AFBBE49-1E69-46C8-B1C4-3377F7F99339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B36F0457-41F6-432D-B6B0-4956DA84CD1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B4DEADB0-16C6-44AA-8D4B-D4217536E0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B885F413-6942-4375-870D-03354812050E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9954CBA-658E-4E83-853D-E598C3C6F099}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4D4D201-C4B2-47FE-8CF7-258374825D1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D167C06A-6807-421F-BD51-CE56AE643171}" = lport=137 | protocol=17 | dir=in | app=system | "{D228F991-1591-4A73-9361-22FE90F9F32E}" = lport=445 | protocol=6 | dir=in | app=system | "{D9A132D0-307C-4269-A991-A8341BA405C6}" = rport=445 | protocol=6 | dir=out | app=system | "{E4115002-A85B-4CBF-B18E-33CCDC3A6E44}" = rport=139 | protocol=6 | dir=out | app=system | "{EF202866-4179-4242-B721-7B4010A5E89B}" = lport=138 | protocol=17 | dir=in | app=system | "{F109EEBF-402D-480B-BCBE-95916FCEDFE7}" = lport=2869 | protocol=6 | dir=in | app=system | "{F2EC9235-470D-478E-9A94-37888DA166F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F6EA0F2F-E52C-4BEE-B735-E75A826F094C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F78D296C-0352-42A8-8803-7D45E41C7957}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F7E03C1A-467C-4A2B-855D-6CDE828F81F1}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe | "{FB47F9F5-A100-45C5-B21F-D0A8AC977318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{FFF64803-232A-4D33-B364-5A4D8CF63865}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02070DEA-8751-4EA3-BBF2-C7B794655109}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0F89E6DA-7FCE-4127-BB19-E8052C73AA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0F9DBE15-A752-4F87-9E0A-BCAF7DE695C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{11D95903-B04C-4238-8183-2A0A0381DEFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{122B3456-34AC-4B10-9273-0BE971BB2832}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{12B84768-1543-4346-95FC-EE0869F029F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{14C5FA33-27A9-408D-8355-072D81BFC4A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{18CC7D59-0F54-4E51-BD33-698AF07AE1D8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{198C01C1-865C-40CA-B815-D35098B9BD18}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{1FCDB717-EE21-4818-AA93-07E198E4FFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{23BD7789-B943-4D2D-8E26-BD43142B45B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{29088443-D445-4EA0-A513-78692D122241}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{305671BC-2479-4471-B9FE-A99BDE163736}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{3723E1F0-049A-4BA5-8736-11E5CE29B3FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3BEA4455-0E6D-4792-8B1F-5E6403543388}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3C2D1EDB-4F79-422A-9A8A-6C1F9EA2E4D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{46986915-33A2-44DB-B728-69308256AF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{5B8C3125-475E-44C3-8B9A-5AF7C99480DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6727B361-17CE-4D44-97CB-58BA5CFDF8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{750B2C14-F4F7-4DD6-848B-BDDD8D8A7C42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{787D8F7E-7D74-46D9-84C4-2577BA7A0F2E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{79742250-23FE-43EE-B9B7-F61DAF6791A5}" = protocol=17 | dir=in | app=c:\users\joe dell2\appdata\local\google\google talk plugin\googletalkplugin.exe | "{7A721077-3A55-44A4-878E-C913D48BD463}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{839C665A-DBAE-4BA9-87A6-F5799F0B8822}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{84742E03-66E2-48D8-B7C1-142F71567567}" = protocol=6 | dir=in | app=c:\program files\synergy\launcher.exe | "{88D68B5C-5E54-4873-B736-DD413EE0C803}" = protocol=6 | dir=in | app=c:\users\joe dell2\appdata\local\google\google talk plugin\googletalkplugin.exe | "{8CD63560-B780-4697-A939-6ACBA4E3B349}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{8F3AD978-BBDB-445D-8C95-E3FE8E404204}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9379C467-D809-4797-9255-6A6FEA490BF8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{93E167B9-7883-4492-8D40-9CA88362C993}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{9B75002B-50E4-4082-B3E3-3907581EDC2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7176C17-A76B-4C96-B63B-067E73122036}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB7B753B-7780-4A2F-9692-EF52E9508EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{AC2A264A-7A78-4B4B-947E-63514FFA2C7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B05DD427-C9CE-4EF9-BBF7-571F1DFF34AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B1B9483C-B862-4771-95FF-07AFCFB58D7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C11EBFD1-3D0A-4A3B-A2D0-7FBF3E8556D6}" = protocol=6 | dir=out | app=system | "{C39CEF57-8438-436A-9354-6F9A098E9155}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D06F00AF-4086-4402-A69D-8C62C353D442}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D0976E32-B82F-4186-B269-591287D1F0C3}" = protocol=17 | dir=in | app=c:\program files\synergy\launcher.exe | "{D2F63234-4143-4496-91E2-B9ABF6842546}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3FA6E62-3AB9-45FC-B18D-0CF89FBA8631}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4BD2285-A5E2-41DE-8BE8-62764E08F4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{D6E408FD-190E-4334-825F-A9E104201068}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D8E063F7-3C37-4987-89C2-9ED63801C82B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E35514C3-227F-4958-8D08-4E2087C4C3F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F2BC3B5B-FA6D-49F5-911D-379EA92D61DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FBDF60AC-0C56-44D2-ACE0-F6D6F2DEEB70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{ADCA76F6-B365-4962-A782-C34DC12825A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{E731F687-397A-472B-939C-D32B015D7333}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{275BF4CE-5E37-41AA-93C5-20B7E5A5EB7C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{30F139C0-ACFE-4E81-B44C-432C3686D3BE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit) "{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b "EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "Microsoft Security Client" = Microsoft Security Essentials "PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit) "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312 "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7 "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials "{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1" = Foxreal YouTube FLV Downloader version: 1.0.1.1 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0 "{2D30D92F-AD5C-428F-8029-5A913104F262}" = hppTLBXFXCM1312 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312 "{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{369B36BE-3D64-4641-9AEA-808D436FE134}" = Microsoft Digital Image Pro 7.0 "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension "{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312 "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312 "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7 "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Color Correct Utility "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{66036093-7AE1-4391-BE89-79EC990B3DAF}" = Clip Art Collection "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312 "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility "{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00 "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AEF68ACB-1B00-4FCA-A33C-C26DBADD8C5B}" = Microsoft Office Live Meeting 2007 "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2 "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB95E8A9-DC43-4490-92EA-F3952FA19C78}" = Video Download Studio "{EBC3147B-36BE-4846-9A3D-0C6292B78350}" = hppPQVideoCM1312 "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312 "{ED88DCA3-E0F7-4C30-9230-6B33D0666E1C}" = PSTViewer Pro "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0 "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "1381-5408-0515-7060" = RAIDar 4.3.1 "Adobe AIR" = Adobe AIR "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12 "Audacity_is1" = Audacity 1.2.6 "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager "dcmsvc_is1" = dcmsvc 1.0 "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "DVD Identifier_is1" = DVD Identifier "DYMO Label Software" = DYMO Label Software "DYMO Label v.8" = DYMO Label v.8 "EPSON Scanner" = EPSON Scan "foobar2000" = foobar2000 v1.1.8 beta 4 "Free Video Converter_is1" = Free Video Converter V 3.0 "Freecorder5.02" = Freecorder 5 "freecordertoolbar" = Freecorder Toolbar "Google Chrome" = Google Chrome "Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility "Hauppauge WinTV 7" = Hauppauge WinTV 7 "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "IrfanView" = IrfanView (remove only) "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "ODC AdminManager" = AdminManager(OKI Setup Utility) "Photodex Presenter" = Photodex Presenter "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PrimoPDF" = PrimoPDF -- by Nitro PDF Software "ProShow Gold" = ProShow Gold "Rapport_msi" = Rapport "Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery "Stellar Phoenix Windows Data Recovery - Home_is1" = Stellar Phoenix Windows Data Recovery - Home "Switch" = Switch Sound File Converter "Synergy" = Synergy "SystemRequirementsLab" = System Requirements Lab "TurboTax 2009" = TurboTax 2009 "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "Yahoo! Widget Engine" = Yahoo! Widgets "YInstHelper" = Yahoo! Install Manager "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "1279152301.www1.movie-promo.com" = PNY Movie Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/16/2012 3:12:30 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/16/2012 3:12:37 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/16/2012 3:12:38 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/16/2012 3:12:40 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/16/2012 3:12:49 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/16/2012 3:29:47 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515 Description = Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error - 6/16/2012 3:29:47 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511 Description = Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error - 6/16/2012 8:34:22 AM | Computer Name = BigDell | Source = VSS | ID = 8193 Description = Error - 6/16/2012 9:47:19 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515 Description = Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error - 6/16/2012 9:47:19 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511 Description = Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error - 6/16/2012 10:02:35 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515 Description = Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error - 6/16/2012 10:02:35 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511 Description = Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error - 6/16/2012 4:25:58 PM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515 Description = Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error - 6/16/2012 4:25:58 PM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511 Description = Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. [ Media Center Events ] Error - 12/22/2011 9:39:31 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 8:39:24 AM - Error connecting to the internet. 8:39:24 AM - Unable to contact server.. Error - 12/22/2011 10:40:08 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 9:40:08 AM - Error connecting to the internet. 9:40:08 AM - Unable to contact server.. Error - 12/22/2011 10:40:44 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 9:40:37 AM - Error connecting to the internet. 9:40:37 AM - Unable to contact server.. Error - 12/22/2011 7:26:03 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 6:26:03 PM - Error connecting to the internet. 6:26:03 PM - Unable to contact server.. Error - 12/22/2011 7:26:38 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 6:26:32 PM - Error connecting to the internet. 6:26:32 PM - Unable to contact server.. Error - 2/26/2012 2:30:50 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 1:30:50 PM - Error connecting to the internet. 1:30:50 PM - Unable to contact server.. Error - 2/26/2012 2:32:16 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 1:30:55 PM - Error connecting to the internet. 1:30:55 PM - Unable to contact server.. Error - 2/26/2012 4:46:43 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 3:41:44 PM - Error connecting to the internet. 3:41:44 PM - Unable to contact server.. Error - 3/10/2012 8:29:33 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 7:29:32 PM - Error connecting to the internet. 7:29:32 PM - Unable to contact server.. Error - 3/10/2012 8:30:17 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0 Description = 7:30:03 PM - Error connecting to the internet. 7:30:03 PM - Unable to contact server.. [ System Events ] Error - 7/6/2012 8:58:29 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7022 Description = The Windows Search service hung on starting. Error - 7/6/2012 9:44:40 PM | Computer Name = BigDell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 Error - 7/6/2012 9:44:42 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7000 Description = The MSCamSvc service failed to start due to the following error: %%2 Error - 7/6/2012 9:44:42 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%2 Error - 7/6/2012 9:46:05 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 7/6/2012 9:46:07 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: RxFilter Error - 7/7/2012 8:17:42 AM | Computer Name = BigDell | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 7/7/2012 8:18:03 AM | Computer Name = BigDell | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 7/7/2012 10:28:17 AM | Computer Name = BigDell | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 7/7/2012 10:28:38 AM | Computer Name = BigDell | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. < End of report > aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-07 10:40:13 ----------------------------- 10:40:13.862 OS Version: Windows x64 6.1.7601 Service Pack 1 10:40:13.862 Number of processors: 4 586 0x1E05 10:40:13.862 ComputerName: BIGDELL UserName: 10:40:16.194 Initialize success 10:40:38.442 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 10:40:38.444 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3 10:40:38.445 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4 10:40:38.447 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3 10:40:38.460 Disk 0 MBR read successfully 10:40:38.462 Disk 0 MBR scan 10:40:38.464 Disk 0 Windows VISTA default MBR code 10:40:38.466 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 10:40:38.477 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 10:40:38.494 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938828 MB offset 30801920 10:40:38.512 Disk 0 scanning C:\Windows\system32\drivers 10:40:43.729 Service scanning 10:40:54.825 Modules scanning 10:40:54.833 Disk 0 trace - called modules: 10:40:54.856 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 10:40:54.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dd8060] 10:40:54.864 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007ad2520] 10:40:54.868 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ad4060] 10:40:54.871 Scan finished successfully 10:41:03.003 Disk 0 MBR has been saved successfully to "C:\Users\Joe Dell2\Desktop\MBR.dat" 10:41:03.008 The log file has been saved successfully to "C:\Users\Joe Dell2\Desktop\aswMBR.txt"
chrome default extention redirect

bob765 replied to bob765's topic in Resolved Malware Removal Logs

Hey Maniac thanks for your time. below are otl log and attached are extra and aswmbr.log... I tried to C and P into this reply but I got a "post too big error" let me know what other info you need thanks again Bob OTL logfile created on: 7/7/2012 10:29:36 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Joe Dell2\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.06% Memory free 15.98 Gb Paging File | 13.66 Gb Available in Paging File | 85.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.82 Gb Total Space | 599.23 Gb Free Space | 65.36% Space Free | Partition Type: NTFS Drive D: | 116.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 1397.26 Gb Total Space | 684.46 Gb Free Space | 48.99% Space Free | Partition Type: NTFS Computer Name: BIGDELL | User Name: Joe Dell2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/07 10:15:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Joe Dell2\Downloads\OTL.exe PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/07/23 07:28:48 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/03/24 03:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe PRC - [2011/03/01 11:23:28 | 000,144,616 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/05/14 01:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe PRC - [2009/12/17 16:49:26 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/09/22 17:02:26 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe PRC - [2009/09/22 17:02:14 | 000,315,392 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe PRC - [2009/09/22 17:01:46 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe PRC - [2009/09/01 23:46:00 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe PRC - [2009/07/17 18:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe PRC - [2009/07/10 17:53:52 | 000,372,736 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe PRC - [2009/07/10 17:50:36 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe PRC - [2007/06/21 22:56:14 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2007/06/01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/06/01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/06/16 03:33:22 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll MOD - [2012/06/16 03:32:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/16 03:32:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/13 03:37:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/13 03:33:56 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/13 03:33:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/13 03:33:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/13 03:33:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/07/08 21:41:36 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll MOD - [2010/07/08 21:41:36 | 000,770,048 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll MOD - [2010/07/08 21:41:36 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2010/07/08 21:41:36 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll MOD - [2010/07/08 21:41:36 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll MOD - [2010/07/08 21:41:36 | 000,232,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2010/07/08 21:41:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2010/07/08 21:41:35 | 002,052,096 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll MOD - [2010/07/08 21:41:35 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll MOD - [2010/07/08 21:41:35 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll MOD - [2010/07/08 21:41:35 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MEshim.dll MOD - [2010/07/08 21:41:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2010/07/08 21:41:34 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2010/07/08 21:41:34 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2010/07/08 21:41:33 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2010/07/08 21:41:33 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2010/07/08 21:41:33 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2010/07/08 21:41:33 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2010/07/08 21:41:33 | 000,247,808 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2010/07/08 21:41:33 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2010/07/08 21:41:33 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2010/07/08 21:41:33 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2010/07/08 21:41:33 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2010/07/08 21:41:32 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2010/07/08 21:41:32 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2010/07/08 21:41:32 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2010/07/08 21:41:32 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2010/07/08 21:41:32 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2010/07/08 21:41:32 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2010/07/08 21:41:31 | 001,041,408 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2010/07/08 21:41:31 | 000,667,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2010/07/08 21:41:31 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2010/07/08 21:41:31 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/09/22 17:01:46 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll MOD - [2009/09/11 14:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/07/10 17:50:24 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll MOD - [2009/06/16 04:07:30 | 000,219,632 | ---- | M] () -- c:\Program Files (x86)\Roxio\SonicHDDemuxer.dll MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll MOD - [2008/03/18 20:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll MOD - [2008/03/18 20:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll MOD - [2008/01/08 18:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/07/23 07:28:48 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess) SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/03/01 11:23:42 | 000,240,360 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe -- (CLKMSVC10_1628BCEA) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/05/14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2009/09/22 17:01:46 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer) SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/01/05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009/08/11 06:11:32 | 001,562,368 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89) DRV:64bit: - [2009/08/06 11:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2011/12/15 19:15:19 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302) DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) DRV - [2009/05/11 17:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/07/31 08:24:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{02088366-3131-4C28-9425-CA4D5B51C854}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{566A4195-37C0-4E9D-934E-01FEEF8CF2D9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9'>http://www.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes,DefaultScope = {BD9AC73F-0588-4538-BC1D-4A8520694690} IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{9F5D0075-CE8E-4FEE-A809-43E9F9C3BB6F}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{A4367F6B-1AAA-4AAA-A856-7F633013F549}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{B92D6243-1F3B-4A97-8132-E5FE858BC399}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{BD9AC73F-0588-4538-BC1D-4A8520694690}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joe Dell2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joe Dell2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2010/11/13 13:26:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/05 17:21:51 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll CHR - Extension: SiteAdvisor = C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ O1 HOSTS File: ([2012/07/04 07:38:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.) O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll () O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S548C.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O4 - Startup: C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837CCF47-8A08-413B-9368-6CF040F7098F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/13 05:48:04 | 000,385,024 | R--- | M] (TP-LINK TECHNOLOGIES CO., LTD.) - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009/02/07 12:10:22 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6d8f915a-7d59-11e0-9f4e-002564da3ca4}\Shell - "" = AutoRun O33 - MountPoints2\{6d8f915a-7d59-11e0-9f4e-002564da3ca4}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O33 - MountPoints2\{d125c5e1-ef7f-11de-8ad6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d125c5e1-ef7f-11de-8ad6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2010/03/13 05:48:04 | 000,385,024 | R--- | M] (TP-LINK TECHNOLOGIES CO., LTD.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 18:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/07/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/07/06 18:27:41 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Roaming\Malwarebytes [2012/07/06 18:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/06 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/06 18:27:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/06 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/04 08:17:32 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/07/04 08:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012/07/04 08:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012/07/04 08:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012/06/30 12:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/06/30 12:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/06/30 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/06/30 12:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/06/30 12:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/06/26 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Roaming\Mozilla [2012/06/19 16:54:54 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Local\{8A4DA3A9-F9E2-4177-9098-C0780BC14C8A} [2012/06/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/06/18 15:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/06/18 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/16 08:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/06/16 08:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/16 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\Documents\HE2_7D12 [2012/06/15 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Local\Evernote [2012/06/15 18:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012/06/15 18:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2012/06/15 07:02:48 | 001,847,296 | R--- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys [2012/06/15 07:02:48 | 001,847,296 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys [2012/06/15 07:02:48 | 000,000,000 | ---D | C] -- C:\Windows\Options [2012/06/15 07:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2010/01/09 19:37:48 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Joe Dell2\AppData\Roaming\DataSafeDotNet.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/07 10:27:28 | 000,050,804 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\aswMBR.exe [2012/07/07 10:16:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001UA.job [2012/07/07 10:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/07 10:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/06 21:53:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 21:53:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 21:50:56 | 000,031,620 | ---- | M] () -- C:\logfile [2012/07/06 21:45:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/06 21:44:15 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 18:28:19 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/06 18:27:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/06 18:17:28 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001Core.job [2012/07/04 11:03:31 | 000,001,917 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\Microsoft Security Essentials.lnk [2012/07/04 08:17:32 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/07/04 07:38:18 | 000,877,166 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\census.cache [2012/07/04 07:38:05 | 000,174,556 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\ars.cache [2012/07/04 07:37:25 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012/07/04 07:28:46 | 000,000,036 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\housecall.guid.cache [2012/06/30 12:07:05 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/30 12:02:29 | 000,734,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/30 12:02:29 | 000,629,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/30 12:02:29 | 000,108,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/19 12:50:01 | 000,747,038 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/19 10:22:28 | 000,001,136 | ---- | M] () -- C:\Users\Joe Dell2\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2012/06/19 10:22:28 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012/06/16 09:23:43 | 000,001,009 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\DVD Identifier.lnk [2012/06/16 08:41:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/16 03:26:16 | 000,626,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/15 18:54:40 | 000,001,133 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012/06/15 18:52:56 | 000,000,936 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\Evernote.lnk [2012/06/14 21:39:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/07 10:27:33 | 000,050,804 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\aswMBR.exe [2012/07/06 18:28:19 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/06 18:27:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/04 11:03:31 | 000,001,917 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\Microsoft Security Essentials.lnk [2012/07/04 07:38:18 | 000,877,166 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\census.cache [2012/07/04 07:38:05 | 000,174,556 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\ars.cache [2012/07/04 07:37:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012/07/04 07:28:46 | 000,000,036 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\housecall.guid.cache [2012/06/30 12:07:05 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/19 10:22:28 | 000,001,136 | ---- | C] () -- C:\Users\Joe Dell2\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2012/06/19 10:22:28 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012/06/16 09:23:43 | 000,001,009 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\DVD Identifier.lnk [2012/06/16 08:41:32 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/06/16 08:41:25 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/06/16 08:41:21 | 000,747,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/15 18:54:40 | 000,001,133 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012/06/15 18:52:56 | 000,000,936 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\Evernote.lnk [2012/06/15 07:02:48 | 000,017,326 | R--- | C] () -- C:\Windows\SysNative\netathurx.inf [2012/06/15 07:02:48 | 000,007,484 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat [2012/06/14 21:39:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/03/26 21:12:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011/12/27 10:59:19 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhsa.INI [2011/12/20 20:03:15 | 000,000,339 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Drives Meter_Settings.ini [2011/12/06 23:21:54 | 000,000,079 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\CrystalDiskMark30.ini [2011/11/28 21:41:46 | 000,000,272 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\.backup.dm [2011/07/23 16:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Guides [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Graphics [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grapher [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Generic [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Gems [2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Galaxy Swirl [2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011/06/01 09:56:36 | 000,884,736 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2011/06/01 09:56:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2011/06/01 09:56:36 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2011/06/01 09:56:36 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011/06/01 09:56:36 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2011/05/30 19:54:11 | 000,001,940 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2010/12/05 18:42:09 | 000,000,039 | ---- | C] () -- C:\Windows\JcAdmin32.ini [2010/12/05 18:42:04 | 000,053,248 | ---- | C] () -- C:\Windows\aduninst.exe [2010/12/05 18:42:04 | 000,000,809 | ---- | C] () -- C:\Windows\aduninst.ini [2010/12/05 18:42:03 | 000,001,832 | ---- | C] () -- C:\Windows\adflist.ini [2010/12/05 17:29:12 | 000,003,584 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/10 15:43:56 | 000,007,596 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2011/05/08 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson [2011/08/19 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Amazon [2010/12/19 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Avery [2012/06/15 08:52:04 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Clip Art Collection [2010/04/18 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011/07/23 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Driver Smith [2012/01/22 18:17:55 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Encryptomatic, LLC [2010/12/12 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Epson [2011/08/20 08:44:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\foobar2000 [2011/06/01 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Foxreal [2012/06/19 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\FreeVideoConverter [2011/06/01 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\GetRightToGo [2011/05/31 08:28:17 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\GoodSync [2011/08/16 07:26:54 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\IrfanView [2010/01/10 12:31:14 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Leadertech [2010/03/28 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\NCH Swift Sound [2010/01/10 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Netscape [2011/06/14 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Nikon [2010/01/10 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\OPHD [2011/07/23 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Photodex [2011/08/15 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PhotoScape [2011/02/27 15:38:26 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PrimoPDF [2012/01/22 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PSTViewer [2011/06/04 09:39:01 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Trusteer [2011/05/13 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Clip Art Collection [2011/05/08 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Epson [2011/05/13 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\OPHD [2011/06/16 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Trusteer [2012/06/16 17:26:34 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Epson [2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Trusteer [2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer [2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer [2011/12/21 21:18:00 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4829695F < End of report >
chrome default extention redirect

bob765 posted a topic in Resolved Malware Removal Logs

Hi, My Chrome browser keeps redirecting my searches. I've run CCcleaner and MalwareBytes and while MB found six issues it didn't fix the Chrome redirect issue. I've run dds.com and results are below. Can anyone give me a hand cleaning this virus? thanks Bob DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Joe Dell2 at 21:07:06 on 2012-07-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5678 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\PROGRA~2\WinTV\TVServer\CAPTUR~3.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\PROGRA~2\WinTV\TVServer\CAPTUR~3.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\WinTV\Ir.exe C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe C:\Program Files (x86)\dcmsvc\dcmsvc.exe C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Program Files (x86)\Freecorder\FLVSrvc.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\SysWOW64\OBroker.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9 uWindow Title = Windows Internet Explorer provided by Yahoo! uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S548C.tmp" /EF "HKCU" uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [Google Update] "C:\Users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" mRun: [<NO NAME>] mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - E:\Video\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s.work4sure.com/c/ge/w4sgeen9.exe DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{837CCF47-8A08-413B-9368-6CF040F7098F} : DhcpNameServer = 192.168.1.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll BHO-X64: Virtual Account Numbers Helper - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll BHO-X64: Freecorder Toolbar - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" mRun-x64: [(Default)] mRun-x64: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" mRun-x64: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?] R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/31 08:24:04];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-22 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-23 92160] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2010-1-5 434176] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-7-4 103440] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-23 2214504] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640] R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/07/31 08:23:53;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-7-31 240360] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 16:52:31;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176] S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\system32\DRIVERS\rcblan.sys --> C:\Windows\system32\DRIVERS\rcblan.sys [?] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-06 22:28:18 -------- d-----w- C:\Program Files\CCleaner 2012-07-06 22:28:12 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9403856-2AE7-4A9D-A295-46964F78F0FB}\mpengine.dll 2012-07-06 22:27:41 -------- d-----w- C:\Users\Joe Dell2\AppData\Roaming\Malwarebytes 2012-07-06 22:27:34 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-06 22:27:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-06 22:27:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-05 12:34:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-04 12:17:32 16200 ----a-w- C:\Windows\stinger.sys 2012-07-04 12:16:16 -------- d-----w- C:\Program Files (x86)\stinger 2012-07-04 12:10:35 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2012-07-04 12:10:26 -------- d-----w- C:\Program Files (x86)\McAfee 2012-07-04 11:35:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-04 11:35:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16138CD3-D960-4FBB-89E9-E0B7A9832262}\gapaengine.dll 2012-06-30 16:06:22 -------- d-----w- C:\Program Files\iPod 2012-06-30 16:06:21 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-30 16:06:21 -------- d-----w- C:\Program Files\iTunes 2012-06-30 16:06:21 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-30 16:04:59 -------- d-----w- C:\Program Files\Bonjour 2012-06-30 16:04:59 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-06-19 20:54:54 -------- d-----w- C:\Users\Joe Dell2\AppData\Local\{8A4DA3A9-F9E2-4177-9098-C0780BC14C8A} 2012-06-19 10:07:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 10:07:26 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 10:07:16 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 10:07:16 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 19:37:34 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-18 19:37:09 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-06-16 12:41:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-16 12:41:16 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-16 12:32:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-16 12:32:27 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-15 22:54:01 -------- d-----w- C:\Users\Joe Dell2\AppData\Local\Evernote 2012-06-15 22:52:57 -------- d-----w- C:\Program Files (x86)\Evernote 2012-06-15 11:02:48 1847296 ----a-w- C:\Windows\System32\drivers\athurx.sys 2012-06-15 11:02:48 1847296 ----a-r- C:\Windows\System32\athurx.sys 2012-06-15 11:02:48 -------- d-----w- C:\Windows\Options 2012-06-15 11:02:25 -------- d-----w- C:\ProgramData\TP-LINK . ==================== Find3M ==================== . 2012-05-24 21:18:40 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-25 16:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-04-25 16:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 21:08:16.28 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/2/2010 12:59:58 AM System Uptime: 7/6/2012 8:51:39 PM (1 hours ago) . Motherboard: Dell Inc. | | 0X231R Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2660/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 599.697 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 1397 GiB total, 684.458 GiB free. G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . AdminManager(OKI Setup Utility) Adobe AIR Adobe Reader 9.5.0 Amazon MP3 Downloader 1.0.12 AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update Ask Toolbar Audacity 1.2.6 Avery Wizard 4.0 Bing Bar Bing Rewards Client Installer BufferChm C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows CardRecovery 6.00 Clip Art Collection Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement CustomerResearchQFolder CyberLink BD Advisor 2.0 CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink LG Burning Tool CyberLink MediaShow CyberLink PowerDVD 9 CyberLink PowerProducer CyberLink YouCam D3DX10 dcmsvc 1.0 Dell DataSafe Online Dell Getting Started Guide DesignPro 5 DeviceDiscovery DeviceManagementQFolder DirectXInstallService Driver Genius Professional Edition Duplicate Email Remover DVD Identifier DYMO Label Software DYMO Label v.8 EMC 10 Content Epson Event Manager Epson Print CD EPSON Scan EpsonNet Print EpsonNet Setup erLT ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Evernote v. 4.5.7 foobar2000 v1.1.8 beta 4 Foxreal YouTube FLV Downloader version: 1.0.1.1 Free Video Converter V 3.0 Freecorder 5 Freecorder Toolbar Google Chrome Google Earth Google SketchUp 7 Google SketchUp 8 Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hauppauge Signal Monitor Utility Hauppauge WinTV 7 Hauppauge WinTV Infrared Remote Hauppauge WinTV IR Blaster HP Update hppCLJCM1312 hppFaxDrvCM1312 hppFaxUtilityCM1312 hppFonts hppLaserJetService hppManualsCM1312 hppPQVideoCM1312 hppQFolderCM1312 hppScanToCM1312 hppSendFaxCM1312 hppTLBXFXCM1312 hppusgCM1312 HPSSupply hpzTLBXFX Internet TV for Windows Media Center IrfanView (remove only) Java Auto Updater Java 6 Update 29 Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update kgcbase Kodak EasyShare software LAME v3.98.3 for Audacity Logitech Desktop Messenger Logitech Harmony Remote Software 7 Logitech SetPoint Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee SiteAdvisor Mesh Runtime Messenger Companion Microsoft Corporation Microsoft Digital Image Pro 7.0 Microsoft Office File Validation Add-In Microsoft Office Live Meeting 2007 Microsoft Office Outlook Connector Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Text-to-Speech Engine 4.0 (English) Microsoft UI Engine Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader Nero 7 Essentials neroxml netbrdg Nikon File Uploader 2 Nikon Message Center 2 Notifier NVIDIA 3D Vision Controller Driver NVIDIA PhysX OfotoXMI OKI Color Correct Utility OKI Color Swatch Utility OKI Network Extension Photodex Presenter PhotoScape Picasa 3 Picture Control Utility PNY Movie Player PowerDVD DX PrimoPDF -- by Nitro PDF Software ProShow Gold PSTViewer Pro Quicken 2010 QuickTime RAIDar 4.3.1 Rapport Realtek High Definition Audio Driver Remote Control USB Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) SFR SHASTA skin0001 SKINXSDK Sonic CinePlayer Decoder Pack staticcr Stellar Phoenix Photo Recovery Stellar Phoenix Windows Data Recovery - Home Switch Sound File Converter Synergy System Requirements Lab tooltips TP-LINK Wireless Client Utility TrayApp TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wmaiper TurboTax 2009 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Video Download Studio ViewNX 2 Virtual Account Numbers VPRINTOL Warner Bros. Digital Copy Manager WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash Windows Media Center Add-in for Silverlight WIRELESS Yahoo! Detect Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar Yahoo! Widgets . ==== Event Viewer Messages From Past Week ======== . 7/6/2012 8:58:29 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 7/6/2012 8:53:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 7/6/2012 8:53:39 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 7/6/2012 8:52:16 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 7/6/2012 8:52:16 PM, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified. 7/6/2012 8:52:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 7/4/2012 8:17:36 AM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s). 7/4/2012 7:26:29 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

Sign In

bob765

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by bob765

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

chrome default extention redirect

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information