[chrome default extention redirect]

that was it!!!! wow!

So did that video converter program have a Trojan in it ???

No more default extension!!

thanks for the help Maniac your the best!!!!!

[chrome default extention redirect]

hey Maniac.

That scan took ~5 hrs but didn't leave a log where you indicated. A search of my hardrive showed there is no C:\Program Files\EsetOnlineScanner directy Below is the log from the scan window

:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\Default\Default\aadeggdcgcdhgfdhdbgcdhgcdegddcdd\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined

C:\Users\Public\Downloads\allllll\QuickTimeInstaller.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

[chrome default extention redirect]

hey Maniac,

https://www.virustotal.com/file/c777e50151b3146f745a5b227f602e902e60961f67839db9ff4d27669ff4f4c3/analysis/1341921885/

[chrome default extention redirect]

Hey Maniac,

Here is the log

ComboFix 12-07-08.03 - Joe Dell2 07/09/2012 20:41:58.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5770 [GMT -4:00]

Running from: c:\users\Joe Dell2\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\invokesi.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

.

2012-07-10 00:50 . 2012-07-10 00:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-10 00:50 . 2012-07-10 00:50 -------- d-----w- c:\users\Kathleen\AppData\Local\temp

2012-07-09 21:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{164513E5-84B2-4261-9128-7070F87AE56B}\mpengine.dll

2012-07-09 00:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-08 13:48 . 2012-07-08 13:48 -------- d-----w- c:\users\TEMP

2012-07-08 13:40 . 2012-07-08 13:40 -------- d-----w- C:\_OTL

2012-07-06 22:28 . 2012-07-06 22:28 -------- d-----w- c:\program files\CCleaner

2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\users\Joe Dell2\AppData\Roaming\Malwarebytes

2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\programdata\Malwarebytes

2012-07-06 22:27 . 2012-07-06 22:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-06 22:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-04 12:17 . 2012-07-04 12:17 16200 ----a-w- c:\windows\stinger.sys

2012-07-04 12:16 . 2012-07-04 14:37 -------- d-----w- c:\program files (x86)\stinger

2012-07-04 12:10 . 2012-07-04 12:10 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2012-07-04 12:10 . 2012-07-05 21:20 -------- d-----w- c:\program files (x86)\McAfee

2012-07-04 11:35 . 2012-06-16 12:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-04 11:35 . 2012-06-16 12:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16138CD3-D960-4FBB-89E9-E0B7A9832262}\gapaengine.dll

2012-06-30 16:06 . 2012-06-30 16:06 -------- d-----w- c:\program files\iPod

2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\program files\iTunes

2012-06-30 16:06 . 2012-06-30 16:07 -------- d-----w- c:\program files (x86)\iTunes

2012-06-30 16:05 . 2012-06-30 16:05 -------- d-----w- c:\program files\Common Files\Apple

2012-06-30 16:04 . 2012-06-30 16:05 -------- d-----w- c:\program files\Bonjour

2012-06-30 16:04 . 2012-06-30 16:05 -------- d-----w- c:\program files (x86)\Bonjour

2012-06-19 10:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 10:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 10:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 10:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 10:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 10:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 10:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 10:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 10:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 19:38 . 2012-06-18 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-18 19:37 . 2012-06-18 19:37 -------- d-----w- c:\program files (x86)\Oracle

2012-06-18 19:37 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-06-16 21:25 . 2012-06-16 21:26 -------- d-----w- c:\users\Rachel

2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-16 12:32 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-16 12:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-15 22:54 . 2012-06-15 22:54 -------- d-----w- c:\users\Joe Dell2\AppData\Local\Evernote

2012-06-15 22:52 . 2012-06-15 22:52 -------- d-----w- c:\program files (x86)\Evernote

2012-06-15 11:02 . 2012-06-15 11:02 -------- d-----w- c:\windows\Options

2012-06-15 11:02 . 2010-01-05 23:23 1847296 ----a-w- c:\windows\system32\drivers\athurx.sys

2012-06-15 11:02 . 2010-01-05 23:23 1847296 ----a-r- c:\windows\system32\athurx.sys

2012-06-15 11:02 . 2012-06-15 11:02 -------- d-----w- c:\programdata\TP-LINK

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-05-04 23:29 . 2010-04-18 01:33 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-25 16:11 . 2012-04-25 16:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-04-25 16:11 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]

"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2009-12-17 55808]

"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-10-22 53248]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]

"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]

Warner Bros.lnk - e:\video\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]

Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-1-5 117344]

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]

WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2010-1-5 98304]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/07/31 08:23;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 16:52;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-01 136192]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 31744]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 w4shwdrv;w4shwdrv;c:\users\JOEDEL~1\AppData\Local\Temp\w4s7150.tmp [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-08 63760]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/31 08:24];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]

S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2009-08-11 1562368]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-25 174184]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_1628BCEA

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:07]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:07]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001Core.job

- c:\users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 12:11]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001UA.job

- c:\users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 12:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe

AddRemove-YInstHelper - c:\windows\system32\regsvr32

AddRemove-1279152301.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]

"ImagePath"="\??\c:\users\JOEDEL~1\AppData\Local\Temp\w4s7150.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE

c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

c:\program files (x86)\Virtual Account Numbers\CitiVAN.exe

c:\windows\SysWOW64\OBroker.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-07-09 21:01:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 01:01

.

Pre-Run: 647,209,123,840 bytes free

Post-Run: 646,927,257,600 bytes free

.

- - End Of File - - FFD21CD8B14B5A4AF0D6EABA64AA6924

[chrome default extention redirect]

Hey Maniac,

No the extension still shows up in the browser. I'll delete it and exit out of Chrome. Then go back into chrome and that extension will be back.

-b

[chrome default extention redirect]

hey Maniac,

here is the Otl fix log

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found.

Registry key HKEY_USERS\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ deleted successfully.

File C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}\ not found.

File C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Starting removal of ActiveX control {15589FA1-C456-11CE-BF01-00AA0055595A}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.

========== FILES ==========

File\Folder C:\Program Files (x86)\freecordertoolbar not found.

File\Folder C:\Program Files (x86)\Ask.com not found.

File\Folder C:\Program Files (x86)\Yontoo Layers Runtime not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Joe Dell2\Downloads\cmd.bat deleted successfully.

C:\Users\Joe Dell2\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 56466 bytes

User: Joe Dell2

->Temp folder emptied: 1303692 bytes

->Temporary Internet Files folder emptied: 11692569 bytes

->Java cache emptied: 1802578 bytes

->Google Chrome cache emptied: 416730266 bytes

->Flash cache emptied: 57789 bytes

User: Kathleen

->Temp folder emptied: 432316 bytes

->Temporary Internet Files folder emptied: 16792646 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 57232 bytes

User: Public

User: Rachel

->Temp folder emptied: 630598 bytes

->Temporary Internet Files folder emptied: 177734029 bytes

->Java cache emptied: 8954 bytes

->Flash cache emptied: 124645 bytes

User: TEMP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16148 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 599.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07082012_094025

Files\Folders moved on Reboot...

C:\Users\Joe Dell2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\JETF9B9.tmp moved successfully.

PendingFileRenameOperations files...

File C:\Users\Joe Dell2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Windows\temp\JETF9B9.tmp not found!

Registry entries deleted on Reboot...

[chrome default extention redirect]

Hey Manic,

Here is Extras.txt and aswMBR

OTL Extras logfile created on: 7/7/2012 10:29:36 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Joe Dell2\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.06% Memory free

15.98 Gb Paging File | 13.66 Gb Available in Paging File | 85.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.82 Gb Total Space | 599.23 Gb Free Space | 65.36% Space Free | Partition Type: NTFS

Drive D: | 116.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1397.26 Gb Total Space | 684.46 Gb Free Space | 48.99% Space Free | Partition Type: NTFS

Computer Name: BIGDELL | User Name: Joe Dell2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E9F17E7-A029-48D6-9705-8CAEE9B6CC07}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{1AE38F2F-3ED0-4ECD-9802-E6AB226FB214}" = rport=138 | protocol=17 | dir=out | app=system |

"{25E40602-D033-47D9-B6F3-BD6790AF13A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{27C1E706-8793-424D-BE95-8E34D6BB189F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2DF5C363-9BDD-4A1F-9527-620B1C7FE21A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2E3EA2B2-14EF-4BB5-988A-4B533F269868}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |

"{2F2F6ED5-0A7B-400F-8D65-730CDBBDD796}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{37993DE1-28C0-41E6-BA9B-897653A6194F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3CE1A0F2-DEDB-4F16-8541-25B6D5079E2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{443701A2-90E9-4F3C-88A9-0469E6BB2D89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{47227D9D-A5BF-47F7-9EED-B3D4003FE296}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{47A31189-0825-45AE-AA5C-36A60BC09547}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4E07EB93-754E-49B4-A284-A1DEE7F042A7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4E3CB2E0-2E01-4495-B667-EBCD91C5FEDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5579EB13-8CC2-40D8-9892-396CC67A4D64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{688EB171-0E5E-4615-AE58-DFE36F686861}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7F585186-1B9A-404A-9ACA-01FD143FA296}" = rport=137 | protocol=17 | dir=out | app=system |

"{80FFFE8E-CB43-4171-BCA5-5B89ABB2A98F}" = lport=139 | protocol=6 | dir=in | app=system |

"{919ADAEF-96FA-4DFD-A6FE-AE4A37F0B4BA}" = rport=10243 | protocol=6 | dir=out | app=system |

"{9AFBBE49-1E69-46C8-B1C4-3377F7F99339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B36F0457-41F6-432D-B6B0-4956DA84CD1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{B4DEADB0-16C6-44AA-8D4B-D4217536E0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B885F413-6942-4375-870D-03354812050E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B9954CBA-658E-4E83-853D-E598C3C6F099}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C4D4D201-C4B2-47FE-8CF7-258374825D1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D167C06A-6807-421F-BD51-CE56AE643171}" = lport=137 | protocol=17 | dir=in | app=system |

"{D228F991-1591-4A73-9361-22FE90F9F32E}" = lport=445 | protocol=6 | dir=in | app=system |

"{D9A132D0-307C-4269-A991-A8341BA405C6}" = rport=445 | protocol=6 | dir=out | app=system |

"{E4115002-A85B-4CBF-B18E-33CCDC3A6E44}" = rport=139 | protocol=6 | dir=out | app=system |

"{EF202866-4179-4242-B721-7B4010A5E89B}" = lport=138 | protocol=17 | dir=in | app=system |

"{F109EEBF-402D-480B-BCBE-95916FCEDFE7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F2EC9235-470D-478E-9A94-37888DA166F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F6EA0F2F-E52C-4BEE-B735-E75A826F094C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F78D296C-0352-42A8-8803-7D45E41C7957}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F7E03C1A-467C-4A2B-855D-6CDE828F81F1}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |

"{FB47F9F5-A100-45C5-B21F-D0A8AC977318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FFF64803-232A-4D33-B364-5A4D8CF63865}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02070DEA-8751-4EA3-BBF2-C7B794655109}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0F89E6DA-7FCE-4127-BB19-E8052C73AA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{0F9DBE15-A752-4F87-9E0A-BCAF7DE695C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{11D95903-B04C-4238-8183-2A0A0381DEFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{122B3456-34AC-4B10-9273-0BE971BB2832}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{12B84768-1543-4346-95FC-EE0869F029F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{14C5FA33-27A9-408D-8355-072D81BFC4A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18CC7D59-0F54-4E51-BD33-698AF07AE1D8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{198C01C1-865C-40CA-B815-D35098B9BD18}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{1FCDB717-EE21-4818-AA93-07E198E4FFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{23BD7789-B943-4D2D-8E26-BD43142B45B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{29088443-D445-4EA0-A513-78692D122241}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{305671BC-2479-4471-B9FE-A99BDE163736}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{3723E1F0-049A-4BA5-8736-11E5CE29B3FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3BEA4455-0E6D-4792-8B1F-5E6403543388}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{3C2D1EDB-4F79-422A-9A8A-6C1F9EA2E4D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{46986915-33A2-44DB-B728-69308256AF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{5B8C3125-475E-44C3-8B9A-5AF7C99480DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6727B361-17CE-4D44-97CB-58BA5CFDF8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{750B2C14-F4F7-4DD6-848B-BDDD8D8A7C42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{787D8F7E-7D74-46D9-84C4-2577BA7A0F2E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{79742250-23FE-43EE-B9B7-F61DAF6791A5}" = protocol=17 | dir=in | app=c:\users\joe dell2\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{7A721077-3A55-44A4-878E-C913D48BD463}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{839C665A-DBAE-4BA9-87A6-F5799F0B8822}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{84742E03-66E2-48D8-B7C1-142F71567567}" = protocol=6 | dir=in | app=c:\program files\synergy\launcher.exe |

"{88D68B5C-5E54-4873-B736-DD413EE0C803}" = protocol=6 | dir=in | app=c:\users\joe dell2\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{8CD63560-B780-4697-A939-6ACBA4E3B349}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{8F3AD978-BBDB-445D-8C95-E3FE8E404204}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{9379C467-D809-4797-9255-6A6FEA490BF8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |

"{93E167B9-7883-4492-8D40-9CA88362C993}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{9B75002B-50E4-4082-B3E3-3907581EDC2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A7176C17-A76B-4C96-B63B-067E73122036}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AB7B753B-7780-4A2F-9692-EF52E9508EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{AC2A264A-7A78-4B4B-947E-63514FFA2C7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B05DD427-C9CE-4EF9-BBF7-571F1DFF34AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B1B9483C-B862-4771-95FF-07AFCFB58D7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C11EBFD1-3D0A-4A3B-A2D0-7FBF3E8556D6}" = protocol=6 | dir=out | app=system |

"{C39CEF57-8438-436A-9354-6F9A098E9155}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D06F00AF-4086-4402-A69D-8C62C353D442}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{D0976E32-B82F-4186-B269-591287D1F0C3}" = protocol=17 | dir=in | app=c:\program files\synergy\launcher.exe |

"{D2F63234-4143-4496-91E2-B9ABF6842546}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3FA6E62-3AB9-45FC-B18D-0CF89FBA8631}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D4BD2285-A5E2-41DE-8BE8-62764E08F4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{D6E408FD-190E-4334-825F-A9E104201068}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D8E063F7-3C37-4987-89C2-9ED63801C82B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E35514C3-227F-4958-8D08-4E2087C4C3F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F2BC3B5B-FA6D-49F5-911D-379EA92D61DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{FBDF60AC-0C56-44D2-ACE0-F6D6F2DEEB70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{ADCA76F6-B365-4962-A782-C34DC12825A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{E731F687-397A-472B-939C-D32B015D7333}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{275BF4CE-5E37-41AA-93C5-20B7E5A5EB7C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{30F139C0-ACFE-4E81-B44C-432C3686D3BE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b

"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)

"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7

"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials

"{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1" = Foxreal YouTube FLV Downloader version: 1.0.1.1

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0

"{2D30D92F-AD5C-428F-8029-5A913104F262}" = hppTLBXFXCM1312

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312

"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{369B36BE-3D64-4641-9AEA-808D436FE134}" = Microsoft Digital Image Pro 7.0

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension

"{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Color Correct Utility

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66036093-7AE1-4391-BE89-79EC990B3DAF}" = Clip Art Collection

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312

"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility

"{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEF68ACB-1B00-4FCA-A33C-C26DBADD8C5B}" = Microsoft Office Live Meeting 2007

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2

"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB95E8A9-DC43-4490-92EA-F3952FA19C78}" = Video Download Studio

"{EBC3147B-36BE-4846-9A3D-0C6292B78350}" = hppPQVideoCM1312

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312

"{ED88DCA3-E0F7-4C30-9230-6B33D0666E1C}" = PSTViewer Pro

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"1381-5408-0515-7060" = RAIDar 4.3.1

"Adobe AIR" = Adobe AIR

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"Audacity_is1" = Audacity 1.2.6

"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager

"dcmsvc_is1" = dcmsvc 1.0

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"DVD Identifier_is1" = DVD Identifier

"DYMO Label Software" = DYMO Label Software

"DYMO Label v.8" = DYMO Label v.8

"EPSON Scanner" = EPSON Scan

"foobar2000" = foobar2000 v1.1.8 beta 4

"Free Video Converter_is1" = Free Video Converter V 3.0

"Freecorder5.02" = Freecorder 5

"freecordertoolbar" = Freecorder Toolbar

"Google Chrome" = Google Chrome

"Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility

"Hauppauge WinTV 7" = Hauppauge WinTV 7

"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote

"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite

"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"IrfanView" = IrfanView (remove only)

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"ODC AdminManager" = AdminManager(OKI Setup Utility)

"Photodex Presenter" = Photodex Presenter

"PhotoScape" = PhotoScape

"Picasa 3" = Picasa 3

"PrimoPDF" = PrimoPDF -- by Nitro PDF Software

"ProShow Gold" = ProShow Gold

"Rapport_msi" = Rapport

"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery

"Stellar Phoenix Windows Data Recovery - Home_is1" = Stellar Phoenix Windows Data Recovery - Home

"Switch" = Switch Sound File Converter

"Synergy" = Synergy

"SystemRequirementsLab" = System Requirements Lab

"TurboTax 2009" = TurboTax 2009

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

"Yahoo! Widget Engine" = Yahoo! Widgets

"YInstHelper" = Yahoo! Install Manager

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"1279152301.www1.movie-promo.com" = PNY Movie Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/16/2012 3:12:30 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 3:12:37 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 3:12:38 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 3:12:40 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 3:12:49 AM | Computer Name = BigDell | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 3:29:47 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515

Description = Windows has backed up this user profile. Windows will automatically

try to use the backup profile the next time this user logs on.

Error - 6/16/2012 3:29:47 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

Error - 6/16/2012 8:34:22 AM | Computer Name = BigDell | Source = VSS | ID = 8193

Description =

Error - 6/16/2012 9:47:19 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515

Description = Windows has backed up this user profile. Windows will automatically

try to use the backup profile the next time this user logs on.

Error - 6/16/2012 9:47:19 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

Error - 6/16/2012 10:02:35 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515

Description = Windows has backed up this user profile. Windows will automatically

try to use the backup profile the next time this user logs on.

Error - 6/16/2012 10:02:35 AM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

Error - 6/16/2012 4:25:58 PM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1515

Description = Windows has backed up this user profile. Windows will automatically

try to use the backup profile the next time this user logs on.

Error - 6/16/2012 4:25:58 PM | Computer Name = BigDell | Source = Microsoft-Windows-User Profiles Service | ID = 1511

Description = Windows cannot find the local profile and is logging you on with a

temporary profile. Changes you make to this profile will be lost when you log off.

[ Media Center Events ]

Error - 12/22/2011 9:39:31 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 8:39:24 AM - Error connecting to the internet. 8:39:24 AM - Unable

to contact server..

Error - 12/22/2011 10:40:08 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 9:40:08 AM - Error connecting to the internet. 9:40:08 AM - Unable

to contact server..

Error - 12/22/2011 10:40:44 AM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 9:40:37 AM - Error connecting to the internet. 9:40:37 AM - Unable

to contact server..

Error - 12/22/2011 7:26:03 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 6:26:03 PM - Error connecting to the internet. 6:26:03 PM - Unable

to contact server..

Error - 12/22/2011 7:26:38 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 6:26:32 PM - Error connecting to the internet. 6:26:32 PM - Unable

to contact server..

Error - 2/26/2012 2:30:50 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 1:30:50 PM - Error connecting to the internet. 1:30:50 PM - Unable

to contact server..

Error - 2/26/2012 2:32:16 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 1:30:55 PM - Error connecting to the internet. 1:30:55 PM - Unable

to contact server..

Error - 2/26/2012 4:46:43 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 3:41:44 PM - Error connecting to the internet. 3:41:44 PM - Unable

to contact server..

Error - 3/10/2012 8:29:33 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 7:29:32 PM - Error connecting to the internet. 7:29:32 PM - Unable

to contact server..

Error - 3/10/2012 8:30:17 PM | Computer Name = BigDell | Source = MCUpdate | ID = 0

Description = 7:30:03 PM - Error connecting to the internet. 7:30:03 PM - Unable

to contact server..

[ System Events ]

Error - 7/6/2012 8:58:29 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7022

Description = The Windows Search service hung on starting.

Error - 7/6/2012 9:44:40 PM | Computer Name = BigDell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll

Error

Code: 126

Error - 7/6/2012 9:44:42 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7000

Description = The MSCamSvc service failed to start due to the following error: %%2

Error - 7/6/2012 9:44:42 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

%%2

Error - 7/6/2012 9:46:05 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/6/2012 9:46:07 PM | Computer Name = BigDell | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

RxFilter

Error - 7/7/2012 8:17:42 AM | Computer Name = BigDell | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 7/7/2012 8:18:03 AM | Computer Name = BigDell | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 7/7/2012 10:28:17 AM | Computer Name = BigDell | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 7/7/2012 10:28:38 AM | Computer Name = BigDell | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-07 10:40:13

-----------------------------

10:40:13.862 OS Version: Windows x64 6.1.7601 Service Pack 1

10:40:13.862 Number of processors: 4 586 0x1E05

10:40:13.862 ComputerName: BIGDELL UserName:

10:40:16.194 Initialize success

10:40:38.442 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:40:38.444 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3

10:40:38.445 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4

10:40:38.447 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3

10:40:38.460 Disk 0 MBR read successfully

10:40:38.462 Disk 0 MBR scan

10:40:38.464 Disk 0 Windows VISTA default MBR code

10:40:38.466 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

10:40:38.477 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

10:40:38.494 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938828 MB offset 30801920

10:40:38.512 Disk 0 scanning C:\Windows\system32\drivers

10:40:43.729 Service scanning

10:40:54.825 Modules scanning

10:40:54.833 Disk 0 trace - called modules:

10:40:54.856 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

10:40:54.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dd8060]

10:40:54.864 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007ad2520]

10:40:54.868 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ad4060]

10:40:54.871 Scan finished successfully

10:41:03.003 Disk 0 MBR has been saved successfully to "C:\Users\Joe Dell2\Desktop\MBR.dat"

10:41:03.008 The log file has been saved successfully to "C:\Users\Joe Dell2\Desktop\aswMBR.txt"

[chrome default extention redirect]

Hey Maniac thanks for your time.

below are otl log and attached are extra and aswmbr.log...

I tried to C and P into this reply but I got a "post too big error"

let me know what other info you need

thanks again

Bob

OTL logfile created on: 7/7/2012 10:29:36 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Joe Dell2\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.06% Memory free

15.98 Gb Paging File | 13.66 Gb Available in Paging File | 85.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.82 Gb Total Space | 599.23 Gb Free Space | 65.36% Space Free | Partition Type: NTFS

Drive D: | 116.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1397.26 Gb Total Space | 684.46 Gb Free Space | 48.99% Space Free | Partition Type: NTFS

Computer Name: BIGDELL | User Name: Joe Dell2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 10:15:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Joe Dell2\Downloads\OTL.exe

PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/07/23 07:28:48 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe

PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/24 03:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe

PRC - [2011/03/01 11:23:28 | 000,144,616 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/05/14 01:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

PRC - [2009/12/17 16:49:26 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe

PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/09/22 17:02:26 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe

PRC - [2009/09/22 17:02:14 | 000,315,392 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe

PRC - [2009/09/22 17:01:46 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

PRC - [2009/09/01 23:46:00 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe

PRC - [2009/07/17 18:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

PRC - [2009/07/10 17:53:52 | 000,372,736 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe

PRC - [2009/07/10 17:50:36 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe

PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe

PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

PRC - [2007/06/21 22:56:14 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2007/06/01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/06/01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 03:33:22 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll

MOD - [2012/06/16 03:32:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/16 03:32:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/13 03:37:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/13 03:33:56 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/13 03:33:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/13 03:33:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/13 03:33:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/07/08 21:41:36 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll

MOD - [2010/07/08 21:41:36 | 000,770,048 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll

MOD - [2010/07/08 21:41:36 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll

MOD - [2010/07/08 21:41:36 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll

MOD - [2010/07/08 21:41:36 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll

MOD - [2010/07/08 21:41:36 | 000,232,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll

MOD - [2010/07/08 21:41:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll

MOD - [2010/07/08 21:41:35 | 002,052,096 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll

MOD - [2010/07/08 21:41:35 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll

MOD - [2010/07/08 21:41:35 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll

MOD - [2010/07/08 21:41:35 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MEshim.dll

MOD - [2010/07/08 21:41:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll

MOD - [2010/07/08 21:41:34 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll

MOD - [2010/07/08 21:41:34 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll

MOD - [2010/07/08 21:41:33 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll

MOD - [2010/07/08 21:41:33 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll

MOD - [2010/07/08 21:41:33 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll

MOD - [2010/07/08 21:41:33 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll

MOD - [2010/07/08 21:41:33 | 000,247,808 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll

MOD - [2010/07/08 21:41:33 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll

MOD - [2010/07/08 21:41:33 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll

MOD - [2010/07/08 21:41:33 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll

MOD - [2010/07/08 21:41:33 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll

MOD - [2010/07/08 21:41:32 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx

MOD - [2010/07/08 21:41:32 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx

MOD - [2010/07/08 21:41:32 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx

MOD - [2010/07/08 21:41:32 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx

MOD - [2010/07/08 21:41:32 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx

MOD - [2010/07/08 21:41:32 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx

MOD - [2010/07/08 21:41:31 | 001,041,408 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx

MOD - [2010/07/08 21:41:31 | 000,667,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx

MOD - [2010/07/08 21:41:31 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx

MOD - [2010/07/08 21:41:31 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx

MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/09/22 17:01:46 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll

MOD - [2009/09/11 14:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/07/10 17:50:24 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll

MOD - [2009/06/16 04:07:30 | 000,219,632 | ---- | M] () -- c:\Program Files (x86)\Roxio\SonicHDDemuxer.dll

MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe

MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

MOD - [2008/03/18 20:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll

MOD - [2008/03/18 20:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll

MOD - [2008/01/08 18:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/07/23 07:28:48 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)

SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/03/01 11:23:42 | 000,240,360 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe -- (CLKMSVC10_1628BCEA)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/05/14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/09/22 17:01:46 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)

SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/01/05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)

DRV:64bit: - [2009/08/11 06:11:32 | 001,562,368 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)

DRV:64bit: - [2009/08/06 11:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)

DRV - [2011/12/15 19:15:19 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)

DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

DRV - [2009/05/11 17:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/07/31 08:24:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{02088366-3131-4C28-9425-CA4D5B51C854}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{566A4195-37C0-4E9D-934E-01FEEF8CF2D9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9'>http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes,DefaultScope = {BD9AC73F-0588-4538-BC1D-4A8520694690}

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{9F5D0075-CE8E-4FEE-A809-43E9F9C3BB6F}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{A4367F6B-1AAA-4AAA-A856-7F633013F549}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{B92D6243-1F3B-4A97-8132-E5FE858BC399}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\SearchScopes\{BD9AC73F-0588-4538-BC1D-4A8520694690}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joe Dell2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joe Dell2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2010/11/13 13:26:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/05 17:21:51 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Joe Dell2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll

CHR - Extension: SiteAdvisor = C:\Users\Joe Dell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

O1 HOSTS File: ([2012/07/04 07:38:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)

O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()

O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S548C.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found

O4 - Startup: C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

O4 - Startup: C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3731063589-3582476555-1320749560-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837CCF47-8A08-413B-9368-6CF040F7098F}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/13 05:48:04 | 000,385,024 | R--- | M] (TP-LINK TECHNOLOGIES CO., LTD.) - D:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2009/02/07 12:10:22 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6d8f915a-7d59-11e0-9f4e-002564da3ca4}\Shell - "" = AutoRun

O33 - MountPoints2\{6d8f915a-7d59-11e0-9f4e-002564da3ca4}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a

O33 - MountPoints2\{d125c5e1-ef7f-11de-8ad6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d125c5e1-ef7f-11de-8ad6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2010/03/13 05:48:04 | 000,385,024 | R--- | M] (TP-LINK TECHNOLOGIES CO., LTD.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 18:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/06 18:27:41 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Roaming\Malwarebytes

[2012/07/06 18:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/06 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/06 18:27:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/06 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/04 08:17:32 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/07/04 08:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/07/04 08:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee

[2012/07/04 08:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee

[2012/06/30 12:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/06/30 12:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/06/30 12:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2012/06/30 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/06/30 12:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/06/30 12:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/06/26 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Roaming\Mozilla

[2012/06/19 16:54:54 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Local\{8A4DA3A9-F9E2-4177-9098-C0780BC14C8A}

[2012/06/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

[2012/06/18 15:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/06/18 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/06/16 08:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/06/16 08:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/06/16 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\Documents\HE2_7D12

[2012/06/15 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\Joe Dell2\AppData\Local\Evernote

[2012/06/15 18:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2012/06/15 18:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote

[2012/06/15 07:02:48 | 001,847,296 | R--- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys

[2012/06/15 07:02:48 | 001,847,296 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys

[2012/06/15 07:02:48 | 000,000,000 | ---D | C] -- C:\Windows\Options

[2012/06/15 07:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK

[2010/01/09 19:37:48 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Joe Dell2\AppData\Roaming\DataSafeDotNet.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 10:27:28 | 000,050,804 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\aswMBR.exe

[2012/07/07 10:16:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001UA.job

[2012/07/07 10:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/07 10:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/06 21:53:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 21:53:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 21:50:56 | 000,031,620 | ---- | M] () -- C:\logfile

[2012/07/06 21:45:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/06 21:44:15 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/06 18:28:19 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/06 18:27:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/06 18:17:28 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731063589-3582476555-1320749560-1001Core.job

[2012/07/04 11:03:31 | 000,001,917 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\Microsoft Security Essentials.lnk

[2012/07/04 08:17:32 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/07/04 07:38:18 | 000,877,166 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\census.cache

[2012/07/04 07:38:05 | 000,174,556 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\ars.cache

[2012/07/04 07:37:25 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2012/07/04 07:28:46 | 000,000,036 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Local\housecall.guid.cache

[2012/06/30 12:07:05 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/30 12:02:29 | 000,734,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/30 12:02:29 | 000,629,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/30 12:02:29 | 000,108,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/19 12:50:01 | 000,747,038 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/19 10:22:28 | 000,001,136 | ---- | M] () -- C:\Users\Joe Dell2\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk

[2012/06/19 10:22:28 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2012/06/16 09:23:43 | 000,001,009 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\DVD Identifier.lnk

[2012/06/16 08:41:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/06/16 03:26:16 | 000,626,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/15 18:54:40 | 000,001,133 | ---- | M] () -- C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

[2012/06/15 18:52:56 | 000,000,936 | ---- | M] () -- C:\Users\Joe Dell2\Desktop\Evernote.lnk

[2012/06/14 21:39:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/07 10:27:33 | 000,050,804 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\aswMBR.exe

[2012/07/06 18:28:19 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/06 18:27:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/04 11:03:31 | 000,001,917 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\Microsoft Security Essentials.lnk

[2012/07/04 07:38:18 | 000,877,166 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\census.cache

[2012/07/04 07:38:05 | 000,174,556 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\ars.cache

[2012/07/04 07:37:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012/07/04 07:28:46 | 000,000,036 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\housecall.guid.cache

[2012/06/30 12:07:05 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/19 10:22:28 | 000,001,136 | ---- | C] () -- C:\Users\Joe Dell2\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk

[2012/06/19 10:22:28 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2012/06/16 09:23:43 | 000,001,009 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\DVD Identifier.lnk

[2012/06/16 08:41:32 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/06/16 08:41:25 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/06/16 08:41:21 | 000,747,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/15 18:54:40 | 000,001,133 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

[2012/06/15 18:52:56 | 000,000,936 | ---- | C] () -- C:\Users\Joe Dell2\Desktop\Evernote.lnk

[2012/06/15 07:02:48 | 000,017,326 | R--- | C] () -- C:\Windows\SysNative\netathurx.inf

[2012/06/15 07:02:48 | 000,007,484 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat

[2012/06/14 21:39:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/03/26 21:12:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/12/27 10:59:19 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhsa.INI

[2011/12/20 20:03:15 | 000,000,339 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Drives Meter_Settings.ini

[2011/12/06 23:21:54 | 000,000,079 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\CrystalDiskMark30.ini

[2011/11/28 21:41:46 | 000,000,272 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\.backup.dm

[2011/07/23 16:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Guides

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Graphics

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grapher

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Generic

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Gems

[2011/06/14 19:17:08 | 000,000,268 | RH-- | C] () -- C:\Users\Joe Dell2\AppData\Roaming\Galaxy Swirl

[2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2011/06/14 19:17:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2011/06/01 09:56:36 | 000,884,736 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2011/06/01 09:56:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll

[2011/06/01 09:56:36 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2011/06/01 09:56:36 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2011/06/01 09:56:36 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

[2011/05/30 19:54:11 | 000,001,940 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2010/12/05 18:42:09 | 000,000,039 | ---- | C] () -- C:\Windows\JcAdmin32.ini

[2010/12/05 18:42:04 | 000,053,248 | ---- | C] () -- C:\Windows\aduninst.exe

[2010/12/05 18:42:04 | 000,000,809 | ---- | C] () -- C:\Windows\aduninst.ini

[2010/12/05 18:42:03 | 000,001,832 | ---- | C] () -- C:\Windows\adflist.ini

[2010/12/05 17:29:12 | 000,003,584 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/10 15:43:56 | 000,007,596 | ---- | C] () -- C:\Users\Joe Dell2\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2011/05/08 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson

[2011/08/19 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Amazon

[2010/12/19 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Avery

[2012/06/15 08:52:04 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Clip Art Collection

[2010/04/18 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1

[2011/07/23 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Driver Smith

[2012/01/22 18:17:55 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Encryptomatic, LLC

[2010/12/12 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Epson

[2011/08/20 08:44:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\foobar2000

[2011/06/01 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Foxreal

[2012/06/19 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\FreeVideoConverter

[2011/06/01 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\GetRightToGo

[2011/05/31 08:28:17 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\GoodSync

[2011/08/16 07:26:54 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\IrfanView

[2010/01/10 12:31:14 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Leadertech

[2010/03/28 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\NCH Swift Sound

[2010/01/10 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Netscape

[2011/06/14 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Nikon

[2010/01/10 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\OPHD

[2011/07/23 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Photodex

[2011/08/15 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PhotoScape

[2011/02/27 15:38:26 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PrimoPDF

[2012/01/22 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\PSTViewer

[2011/06/04 09:39:01 | 000,000,000 | ---D | M] -- C:\Users\Joe Dell2\AppData\Roaming\Trusteer

[2011/05/13 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Clip Art Collection

[2011/05/08 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Epson

[2011/05/13 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\OPHD

[2011/06/16 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Trusteer

[2012/06/16 17:26:34 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Epson

[2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Trusteer

[2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer

[2011/07/15 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer

[2011/12/21 21:18:00 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4829695F

< End of report >

[chrome default extention redirect]

Hi,

My Chrome browser keeps redirecting my searches. I've run CCcleaner and MalwareBytes and while MB found six issues it didn't fix the Chrome redirect issue. I've run dds.com and results are below. Can anyone give me a hand cleaning this virus?

thanks

Bob

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Joe Dell2 at 21:07:06 on 2012-07-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5678 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~2\WinTV\TVServer\CAPTUR~3.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\PROGRA~2\WinTV\TVServer\CAPTUR~3.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\WinTV\Ir.exe

C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe

C:\Program Files (x86)\dcmsvc\dcmsvc.exe

C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9

uWindow Title = Windows Internet Explorer provided by Yahoo!

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S548C.tmp" /EF "HKCU"

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [Google Update] "C:\Users\Joe Dell2\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

mRun: [<NO NAME>]

mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"

mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe

mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - E:\Video\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

StartupFolder: C:\Users\JOEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s.work4sure.com/c/ge/w4sgeen9.exe

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{837CCF47-8A08-413B-9368-6CF040F7098F} : DhcpNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO-X64: Virtual Account Numbers Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

BHO-X64: Freecorder Toolbar - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

mRun-x64: [(Default)]

mRun-x64: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"

mRun-x64: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe

mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]

R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/31 08:24:04];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-22 146928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-23 92160]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2010-1-5 434176]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-7-4 103440]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-23 2214504]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/07/31 08:23:53;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-7-31 240360]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/06 16:52:31;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]

S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\system32\DRIVERS\rcblan.sys --> C:\Windows\system32\DRIVERS\rcblan.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-06 22:28:18 -------- d-----w- C:\Program Files\CCleaner

2012-07-06 22:28:12 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9403856-2AE7-4A9D-A295-46964F78F0FB}\mpengine.dll

2012-07-06 22:27:41 -------- d-----w- C:\Users\Joe Dell2\AppData\Roaming\Malwarebytes

2012-07-06 22:27:34 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-06 22:27:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-06 22:27:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-05 12:34:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-04 12:17:32 16200 ----a-w- C:\Windows\stinger.sys

2012-07-04 12:16:16 -------- d-----w- C:\Program Files (x86)\stinger

2012-07-04 12:10:35 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2012-07-04 12:10:26 -------- d-----w- C:\Program Files (x86)\McAfee

2012-07-04 11:35:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-04 11:35:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16138CD3-D960-4FBB-89E9-E0B7A9832262}\gapaengine.dll

2012-06-30 16:06:22 -------- d-----w- C:\Program Files\iPod

2012-06-30 16:06:21 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-06-30 16:06:21 -------- d-----w- C:\Program Files\iTunes

2012-06-30 16:06:21 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-30 16:04:59 -------- d-----w- C:\Program Files\Bonjour

2012-06-30 16:04:59 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-06-19 20:54:54 -------- d-----w- C:\Users\Joe Dell2\AppData\Local\{8A4DA3A9-F9E2-4177-9098-C0780BC14C8A}

2012-06-19 10:07:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 10:07:26 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 10:07:16 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 10:07:16 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 19:37:34 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-18 19:37:09 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-16 12:41:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-06-16 12:41:16 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-06-16 12:32:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-16 12:32:27 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-15 22:54:01 -------- d-----w- C:\Users\Joe Dell2\AppData\Local\Evernote

2012-06-15 22:52:57 -------- d-----w- C:\Program Files (x86)\Evernote

2012-06-15 11:02:48 1847296 ----a-w- C:\Windows\System32\drivers\athurx.sys

2012-06-15 11:02:48 1847296 ----a-r- C:\Windows\System32\athurx.sys

2012-06-15 11:02:48 -------- d-----w- C:\Windows\Options

2012-06-15 11:02:25 -------- d-----w- C:\ProgramData\TP-LINK

.

==================== Find3M ====================

.

2012-05-24 21:18:40 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-25 16:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-04-25 16:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 21:08:16.28 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/2/2010 12:59:58 AM

System Uptime: 7/6/2012 8:51:39 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0X231R

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 599.697 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 1397 GiB total, 684.458 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

AdminManager(OKI Setup Utility)

Adobe AIR

Adobe Reader 9.5.0

Amazon MP3 Downloader 1.0.12

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Ask Toolbar

Audacity 1.2.6

Avery Wizard 4.0

Bing Bar

Bing Rewards Client Installer

BufferChm

C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows

CardRecovery 6.00

Clip Art Collection

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

CustomerResearchQFolder

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink LG Burning Tool

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink PowerProducer

CyberLink YouCam

D3DX10

dcmsvc 1.0

Dell DataSafe Online

Dell Getting Started Guide

DesignPro 5

DeviceDiscovery

DeviceManagementQFolder

DirectXInstallService

Driver Genius Professional Edition

Duplicate Email Remover

DVD Identifier

DYMO Label Software

DYMO Label v.8

EMC 10 Content

Epson Event Manager

Epson Print CD

EPSON Scan

EpsonNet Print

EpsonNet Setup

erLT

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

Evernote v. 4.5.7

foobar2000 v1.1.8 beta 4

Foxreal YouTube FLV Downloader version: 1.0.1.1

Free Video Converter V 3.0

Freecorder 5

Freecorder Toolbar

Google Chrome

Google Earth

Google SketchUp 7

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Hauppauge Signal Monitor Utility

Hauppauge WinTV 7

Hauppauge WinTV Infrared Remote

Hauppauge WinTV IR Blaster

HP Update

hppCLJCM1312

hppFaxDrvCM1312

hppFaxUtilityCM1312

hppFonts

hppLaserJetService

hppManualsCM1312

hppPQVideoCM1312

hppQFolderCM1312

hppScanToCM1312

hppSendFaxCM1312

hppTLBXFXCM1312

hppusgCM1312

HPSSupply

hpzTLBXFX

Internet TV for Windows Media Center

IrfanView (remove only)

Java Auto Updater

Java 6 Update 29

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

kgcbase

Kodak EasyShare software

LAME v3.98.3 for Audacity

Logitech Desktop Messenger

Logitech Harmony Remote Software 7

Logitech SetPoint

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

McAfee SiteAdvisor

Mesh Runtime

Messenger Companion

Microsoft Corporation

Microsoft Digital Image Pro 7.0

Microsoft Office File Validation Add-In

Microsoft Office Live Meeting 2007

Microsoft Office Outlook Connector

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft UI Engine

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Nero 7 Essentials

neroxml

netbrdg

Nikon File Uploader 2

Nikon Message Center 2

Notifier

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

OfotoXMI

OKI Color Correct Utility

OKI Color Swatch Utility

OKI Network Extension

Photodex Presenter

PhotoScape

Picasa 3

Picture Control Utility

PNY Movie Player

PowerDVD DX

PrimoPDF -- by Nitro PDF Software

ProShow Gold

PSTViewer Pro

Quicken 2010

QuickTime

RAIDar 4.3.1

Rapport

Realtek High Definition Audio Driver

Remote Control USB Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SFR

SHASTA

skin0001

SKINXSDK

Sonic CinePlayer Decoder Pack

staticcr

Stellar Phoenix Photo Recovery

Stellar Phoenix Windows Data Recovery - Home

Switch Sound File Converter

Synergy

System Requirements Lab

tooltips

TP-LINK Wireless Client Utility

TrayApp

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmaiper

TurboTax 2009 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Video Download Studio

ViewNX 2

Virtual Account Numbers

VPRINTOL

Warner Bros. Digital Copy Manager

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

WIRELESS

Yahoo! Detect

Yahoo! Install Manager

Yahoo! Software Update

Yahoo! Toolbar

Yahoo! Widgets

.

==== Event Viewer Messages From Past Week ========

.

7/6/2012 8:58:29 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

7/6/2012 8:53:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

7/6/2012 8:53:39 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

7/6/2012 8:52:16 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

7/6/2012 8:52:16 PM, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.

7/6/2012 8:52:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

7/4/2012 8:17:36 AM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).

7/4/2012 7:26:29 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================