PDA

View Full Version : Something has infected me, not sure what



y_molina
2012-09-15, 01:52
Hello,
Today I became infected with something. A program called File Recovery started and said I had critical errors on my hard drive. After calling Dell, we discovered that it was a virus. We shut the program down, the actual execute file name was just letters and numbers. It's still on my computer in the programdata folder. Can someone look and tell me what I need to do? It's wiped out my desktop settings and such. Also, when I click some links it sends me to a different website other then the one I really want to go do. Typing in the URL works, it's just clicking on the links that causes problems. In my start menu, some of the folders say "empty" when I click on them instead of giving me the actual program name I want to open. Also, my favorites list is gone but my history is still in intact in IE.

I did run Spybot and it got rid of some cookies, babylon (I think that is what it was called) and something like wsi.iq5.fraud or something. I'm sorry I didn't write those things down.

I downloaded aswMBR but when I click on it, it doesn't open.

Anyhelp would be great.

Tammy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Tams at 15:54:15 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2376 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120224180915.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [<NO NAME>]
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\Users\Tams\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120224180915.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [(Default)]
mRunOnce-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-2-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-2-21 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-21 1692480]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-9 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-9 116648]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-21 224704]
S3 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-14 19:29:23 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-09-14 18:49:17 -------- d-----w- C:\ProgramData\Citrix
2012-09-14 18:48:49 -------- d-----w- C:\Program Files (x86)\Citrix
2012-09-14 18:48:41 -------- d-----w- C:\Users\Tams\AppData\Local\Citrix
2012-09-14 17:28:57 278528 ----a-w- C:\ProgramData\9CB2PVYe52Lx0U.exe
2012-09-12 13:28:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:28:35 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:28:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:28:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:28:32 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:28:32 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:28:32 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-10 23:13:59 -------- d-----w- C:\Users\Tams\AppData\Local\Aeria Games
2012-09-10 23:13:29 -------- d-----w- C:\ProgramData\Aeria Games
2012-09-10 23:09:15 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-09-10 22:31:37 -------- d-----w- C:\Users\Tams\AppData\Local\Akamai
2012-09-10 22:31:36 -------- d-----w- C:\AeriaGames
2012-08-30 22:17:56 -------- d-----w- C:\Users\Tams\AppData\Roaming\LolClient
2012-08-30 12:51:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-08-30 12:51:11 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-08-30 12:51:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-08-16 00:41:27 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 00:41:27 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 00:41:23 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 00:41:23 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 00:41:23 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 00:41:22 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 00:41:19 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 00:41:19 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 00:41:18 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 00:41:15 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 00:41:10 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 21:51:23 -------- d-----w- C:\Users\Tams\AppData\Local\StrugglingInvestor.com
.
==================== Find3M ====================
.
2012-08-13 13:56:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-13 13:56:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 04:08:02 28256 ----a-w- C:\Windows\SysWow64\drivers\MxlW2k.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:02:28.15 ===============

TechieRanger
2012-09-15, 18:18
Hi, and welcome to our malware removal forum!

My name is Richard and I'll be happy to help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please note the following:

The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
I will be working on your malware issues. This may or may not solve other issues you may have with your system.
While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
Ensure that your anti-virus definitions are up-to-date.
I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Be sure to follow the directions and run tools/scans in the order listed.
If you do not reply to your topic, it will be closed after 3 days.

I will return as soon as possible with more instructions.



Regards,

Richard:greeting:

TechieRanger
2012-09-18, 01:37
Please read carefully and follow these steps.

Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application. For Windows Vista or 7, right-click on the program, select Run as Administrator.
When the program opens, click on Change parameters.
Under Additional options, put a check mark in the box next to Detect TDLFS File System click OK
Press on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
Note: If there is no option to "Cure", please ensure that you select Skip.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file in your next reply.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.

Next

Could you provide more information about which Desktop settings or icons are missing?

Please describe the problems as best as you can :)

Use unhide.exe:

Download Unhide.exe (http://download.bleepingcomputer.com/grinler/unhide.exe) and save the file to your Desktop.

Double click unhide.exe to run the tool and allow it to complete.

Please let me know if Unhide has returned any of your missing items in your next reply.

In your next reply, please provide the following:

TDSSKiller log.
Update on how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-09-18, 17:00
Ok I ran both programs. TSDDKiller did not find anything.

Unhide restored my desktop and favorites back to normal and I can open up my mail program now. Everything seems to be in working order although I haven't done much on it since I want to make sure all is clean before doing anything.

I did check and I think the program that caused this mess is still in my programdata folder.

Thanks for taking the time to help me!
Tammy

TDSSKiller Log:

08:31:27.0590 0948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:31:27.0606 0948 ============================================================
08:31:27.0606 0948 Current date / time: 2012/09/18 08:31:27.0606
08:31:27.0606 0948 SystemInfo:
08:31:27.0606 0948
08:31:27.0606 0948 OS Version: 6.1.7601 ServicePack: 1.0
08:31:27.0606 0948 Product type: Workstation
08:31:27.0606 0948 ComputerName: TAMS-PC
08:31:27.0606 0948 UserName: Tams
08:31:27.0606 0948 Windows directory: C:\Windows
08:31:27.0606 0948 System windows directory: C:\Windows
08:31:27.0606 0948 Running under WOW64
08:31:27.0606 0948 Processor architecture: Intel x64
08:31:27.0606 0948 Number of processors: 2
08:31:27.0606 0948 Page size: 0x1000
08:31:27.0606 0948 Boot type: Normal boot
08:31:27.0606 0948 ============================================================
08:31:29.0541 0948 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
08:31:29.0556 0948 Drive \Device\Harddisk3\DR3 - Size: 0x7896000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:31:30.0508 0948 ============================================================
08:31:30.0508 0948 \Device\Harddisk0\DR0:
08:31:30.0539 0948 MBR partitions:
08:31:30.0539 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
08:31:30.0539 0948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x385CA830
08:31:30.0539 0948 \Device\Harddisk3\DR3:
08:31:30.0539 0948 MBR partitions:
08:31:30.0539 0948 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3C3DF
08:31:30.0539 0948 ============================================================
08:31:30.0555 0948 C: <-> \Device\Harddisk0\DR0\Partition2
08:31:30.0555 0948 ============================================================
08:31:48.0947 0948 Initialize success
08:31:48.0947 0948 ============================================================
08:32:13.0189 0436 ============================================================
08:32:13.0189 0436 Scan started
08:32:13.0189 0436 Mode: Manual; TDLFS;
08:32:13.0189 0436 ============================================================
08:32:13.0891 0436 ================ Scan system memory ========================
08:32:13.0891 0436 System memory - ok
08:32:13.0891 0436 ================ Scan services =============================
08:32:13.0985 0436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:32:13.0985 0436 1394ohci - ok
08:32:14.0016 0436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:32:14.0016 0436 ACPI - ok
08:32:14.0032 0436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:32:14.0032 0436 AcpiPmi - ok
08:32:14.0125 0436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:32:14.0141 0436 AdobeARMservice - ok
08:32:14.0157 0436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:32:14.0172 0436 adp94xx - ok
08:32:14.0188 0436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:32:14.0188 0436 adpahci - ok
08:32:14.0188 0436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:32:14.0203 0436 adpu320 - ok
08:32:14.0219 0436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:32:14.0219 0436 AeLookupSvc - ok
08:32:14.0266 0436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:32:14.0281 0436 AFD - ok
08:32:14.0297 0436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:32:14.0297 0436 agp440 - ok
08:32:14.0313 0436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:32:14.0313 0436 ALG - ok
08:32:14.0313 0436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:32:14.0313 0436 aliide - ok
08:32:14.0313 0436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:32:14.0313 0436 amdide - ok
08:32:14.0328 0436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:32:14.0328 0436 AmdK8 - ok
08:32:14.0328 0436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:32:14.0328 0436 AmdPPM - ok
08:32:14.0344 0436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:32:14.0344 0436 amdsata - ok
08:32:14.0344 0436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:32:14.0344 0436 amdsbs - ok
08:32:14.0359 0436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:32:14.0359 0436 amdxata - ok
08:32:14.0375 0436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:32:14.0375 0436 AppID - ok
08:32:14.0391 0436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:32:14.0391 0436 AppIDSvc - ok
08:32:14.0406 0436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:32:14.0406 0436 Appinfo - ok
08:32:14.0453 0436 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:32:14.0453 0436 Apple Mobile Device - ok
08:32:14.0469 0436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:32:14.0469 0436 arc - ok
08:32:14.0469 0436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:32:14.0484 0436 arcsas - ok
08:32:14.0547 0436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:32:14.0562 0436 aspnet_state - ok
08:32:14.0578 0436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:32:14.0593 0436 AsyncMac - ok
08:32:14.0609 0436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:32:14.0609 0436 atapi - ok
08:32:14.0640 0436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:32:14.0640 0436 AudioEndpointBuilder - ok
08:32:14.0656 0436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:32:14.0656 0436 AudioSrv - ok
08:32:14.0671 0436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:32:14.0671 0436 AxInstSV - ok
08:32:14.0703 0436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:32:14.0703 0436 b06bdrv - ok
08:32:14.0718 0436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:32:14.0718 0436 b57nd60a - ok
08:32:14.0749 0436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:32:14.0749 0436 BDESVC - ok
08:32:14.0765 0436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:32:14.0765 0436 Beep - ok
08:32:14.0796 0436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:32:14.0796 0436 BFE - ok
08:32:14.0827 0436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:32:14.0827 0436 BITS - ok
08:32:14.0859 0436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:32:14.0859 0436 blbdrive - ok
08:32:14.0952 0436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:32:14.0968 0436 Bonjour Service - ok
08:32:14.0999 0436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:32:14.0999 0436 bowser - ok
08:32:14.0999 0436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:32:15.0015 0436 BrFiltLo - ok
08:32:15.0015 0436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:32:15.0015 0436 BrFiltUp - ok
08:32:15.0046 0436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:32:15.0046 0436 Browser - ok
08:32:15.0061 0436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:32:15.0061 0436 Brserid - ok
08:32:15.0077 0436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:32:15.0077 0436 BrSerWdm - ok
08:32:15.0077 0436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:32:15.0077 0436 BrUsbMdm - ok
08:32:15.0077 0436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:32:15.0077 0436 BrUsbSer - ok
08:32:15.0077 0436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:32:15.0093 0436 BTHMODEM - ok
08:32:15.0108 0436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:32:15.0108 0436 bthserv - ok
08:32:15.0124 0436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:32:15.0124 0436 cdfs - ok
08:32:15.0139 0436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:32:15.0139 0436 cdrom - ok
08:32:15.0155 0436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:32:15.0155 0436 CertPropSvc - ok
08:32:15.0186 0436 [ ED0263B2EB24F0F4E3898036FA1D28A1 ] cfwids C:\Windows\system32\drivers\cfwids.sys
08:32:15.0186 0436 cfwids - ok
08:32:15.0202 0436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:32:15.0202 0436 circlass - ok
08:32:15.0217 0436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:32:15.0217 0436 CLFS - ok
08:32:15.0264 0436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:15.0264 0436 clr_optimization_v2.0.50727_32 - ok
08:32:15.0280 0436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:32:15.0295 0436 clr_optimization_v2.0.50727_64 - ok
08:32:15.0327 0436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:32:15.0373 0436 clr_optimization_v4.0.30319_32 - ok
08:32:15.0389 0436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:32:15.0405 0436 clr_optimization_v4.0.30319_64 - ok
08:32:15.0420 0436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:32:15.0420 0436 CmBatt - ok
08:32:15.0420 0436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:32:15.0420 0436 cmdide - ok
08:32:15.0467 0436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:32:15.0467 0436 CNG - ok
08:32:15.0514 0436 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
08:32:15.0529 0436 CnxtHdAudService - ok
08:32:15.0529 0436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:32:15.0545 0436 Compbatt - ok
08:32:15.0561 0436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:32:15.0561 0436 CompositeBus - ok
08:32:15.0576 0436 COMSysApp - ok
08:32:15.0576 0436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:32:15.0576 0436 crcdisk - ok
08:32:15.0607 0436 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:32:15.0607 0436 CryptSvc - ok
08:32:15.0654 0436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:32:15.0654 0436 DcomLaunch - ok
08:32:15.0701 0436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:32:15.0701 0436 defragsvc - ok
08:32:15.0795 0436 [ 2050309BAB03DFCEE455DBF913BF91B1 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
08:32:15.0810 0436 DellDigitalDelivery - ok
08:32:15.0841 0436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:32:15.0841 0436 DfsC - ok
08:32:15.0888 0436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:32:15.0904 0436 Dhcp - ok
08:32:15.0935 0436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:32:15.0935 0436 discache - ok
08:32:15.0951 0436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:32:15.0966 0436 Disk - ok
08:32:15.0982 0436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:32:15.0982 0436 Dnscache - ok
08:32:16.0013 0436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:32:16.0013 0436 dot3svc - ok
08:32:16.0044 0436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:32:16.0060 0436 DPS - ok
08:32:16.0107 0436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:32:16.0122 0436 drmkaud - ok
08:32:16.0185 0436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:32:16.0200 0436 DXGKrnl - ok
08:32:16.0231 0436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:32:16.0247 0436 EapHost - ok
08:32:16.0403 0436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:32:16.0465 0436 ebdrv - ok
08:32:16.0528 0436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:32:16.0528 0436 EFS - ok
08:32:16.0668 0436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:32:16.0715 0436 ehRecvr - ok
08:32:16.0731 0436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:32:16.0731 0436 ehSched - ok
08:32:16.0746 0436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:32:16.0762 0436 elxstor - ok
08:32:16.0762 0436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:32:16.0762 0436 ErrDev - ok
08:32:16.0793 0436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:32:16.0793 0436 EventSystem - ok
08:32:16.0809 0436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:32:16.0809 0436 exfat - ok
08:32:16.0824 0436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:32:16.0824 0436 fastfat - ok
08:32:16.0855 0436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:32:16.0855 0436 Fax - ok
08:32:16.0855 0436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:32:16.0855 0436 fdc - ok
08:32:16.0887 0436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:32:16.0887 0436 fdPHost - ok
08:32:16.0902 0436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:32:16.0902 0436 FDResPub - ok
08:32:16.0918 0436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:32:16.0918 0436 FileInfo - ok
08:32:16.0933 0436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:32:16.0933 0436 Filetrace - ok
08:32:16.0933 0436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:32:16.0933 0436 flpydisk - ok
08:32:16.0949 0436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:32:16.0949 0436 FltMgr - ok
08:32:16.0996 0436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:32:17.0011 0436 FontCache - ok
08:32:17.0043 0436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:32:17.0058 0436 FontCache3.0.0.0 - ok
08:32:17.0058 0436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:32:17.0058 0436 FsDepends - ok
08:32:17.0089 0436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:32:17.0089 0436 Fs_Rec - ok
08:32:17.0105 0436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:32:17.0105 0436 fvevol - ok
08:32:17.0121 0436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:32:17.0121 0436 gagp30kx - ok
08:32:17.0152 0436 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:32:17.0167 0436 GamesAppService - ok
08:32:17.0199 0436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:32:17.0199 0436 GEARAspiWDM - ok
08:32:17.0230 0436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:32:17.0230 0436 gpsvc - ok
08:32:17.0355 0436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:32:17.0355 0436 gupdate - ok
08:32:17.0355 0436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:32:17.0355 0436 gupdatem - ok
08:32:17.0370 0436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:32:17.0386 0436 hcw85cir - ok
08:32:17.0401 0436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:32:17.0401 0436 HDAudBus - ok
08:32:17.0417 0436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:32:17.0417 0436 HidBatt - ok
08:32:17.0417 0436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:32:17.0433 0436 HidBth - ok
08:32:17.0448 0436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:32:17.0448 0436 HidIr - ok
08:32:17.0464 0436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:32:17.0464 0436 hidserv - ok
08:32:17.0479 0436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:32:17.0495 0436 HidUsb - ok
08:32:17.0495 0436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:32:17.0495 0436 hkmsvc - ok
08:32:17.0526 0436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:32:17.0526 0436 HomeGroupListener - ok
08:32:17.0557 0436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:32:17.0557 0436 HomeGroupProvider - ok
08:32:17.0573 0436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:32:17.0589 0436 HpSAMD - ok
08:32:17.0651 0436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:32:17.0667 0436 HTTP - ok
08:32:17.0667 0436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:32:17.0667 0436 hwpolicy - ok
08:32:17.0698 0436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:32:17.0698 0436 i8042prt - ok
08:32:17.0729 0436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:32:17.0729 0436 iaStorV - ok
08:32:17.0776 0436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:32:17.0791 0436 idsvc - ok
08:32:18.0041 0436 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:32:18.0197 0436 igfx - ok
08:32:18.0228 0436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:32:18.0228 0436 iirsp - ok
08:32:18.0259 0436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:32:18.0275 0436 IKEEXT - ok
08:32:18.0291 0436 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:32:18.0291 0436 IntcDAud - ok
08:32:18.0322 0436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:32:18.0322 0436 intelide - ok
08:32:18.0337 0436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:32:18.0353 0436 intelppm - ok
08:32:18.0353 0436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:32:18.0353 0436 IPBusEnum - ok
08:32:18.0369 0436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:32:18.0369 0436 IpFilterDriver - ok
08:32:18.0384 0436 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:32:18.0400 0436 iphlpsvc - ok
08:32:18.0415 0436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:32:18.0415 0436 IPMIDRV - ok
08:32:18.0415 0436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:32:18.0431 0436 IPNAT - ok
08:32:18.0462 0436 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:32:18.0478 0436 iPod Service - ok
08:32:18.0493 0436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:32:18.0493 0436 IRENUM - ok
08:32:18.0493 0436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:32:18.0493 0436 isapnp - ok
08:32:18.0509 0436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:32:18.0509 0436 iScsiPrt - ok
08:32:18.0525 0436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:32:18.0525 0436 kbdclass - ok
08:32:18.0556 0436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:32:18.0556 0436 kbdhid - ok
08:32:18.0556 0436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:32:18.0571 0436 KeyIso - ok
08:32:18.0603 0436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:32:18.0603 0436 KSecDD - ok
08:32:18.0649 0436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:32:18.0649 0436 KSecPkg - ok
08:32:18.0665 0436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:32:18.0665 0436 ksthunk - ok
08:32:18.0681 0436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:32:18.0696 0436 KtmRm - ok
08:32:18.0712 0436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:32:18.0727 0436 LanmanServer - ok
08:32:18.0727 0436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:32:18.0727 0436 LanmanWorkstation - ok
08:32:18.0759 0436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:32:18.0759 0436 lltdio - ok
08:32:18.0774 0436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:32:18.0790 0436 lltdsvc - ok
08:32:18.0790 0436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:32:18.0805 0436 lmhosts - ok
08:32:18.0821 0436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:32:18.0821 0436 LSI_FC - ok
08:32:18.0837 0436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:32:18.0837 0436 LSI_SAS - ok
08:32:18.0852 0436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:32:18.0852 0436 LSI_SAS2 - ok
08:32:18.0852 0436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:32:18.0852 0436 LSI_SCSI - ok
08:32:18.0868 0436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:32:18.0868 0436 luafv - ok
08:32:18.0930 0436 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
08:32:18.0930 0436 LVRS64 - ok
08:32:19.0024 0436 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
08:32:19.0102 0436 LVUVC64 - ok
08:32:19.0149 0436 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
08:32:19.0149 0436 McAWFwk - ok
08:32:19.0180 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:32:19.0180 0436 McMPFSvc - ok
08:32:19.0195 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0195 0436 mcmscsvc - ok
08:32:19.0195 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0195 0436 McNaiAnn - ok
08:32:19.0211 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0211 0436 McNASvc - ok
08:32:19.0242 0436 [ C6232488CDBF063CE077FC7F8F8C248C ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
08:32:19.0242 0436 McODS - ok
08:32:19.0242 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0242 0436 McOobeSv - ok
08:32:19.0258 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:32:19.0258 0436 McProxy - ok
08:32:19.0273 0436 [ 4A463D645B48BB487CA7DF12BA5D1602 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:32:19.0273 0436 McShield - ok
08:32:19.0289 0436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:32:19.0289 0436 Mcx2Svc - ok
08:32:19.0305 0436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:32:19.0305 0436 megasas - ok
08:32:19.0320 0436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:32:19.0320 0436 MegaSR - ok
08:32:19.0336 0436 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:32:19.0336 0436 MEIx64 - ok
08:32:19.0367 0436 [ EF3ACFB7E3F82D5F7CDE9EF5F0A4E2E2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
08:32:19.0367 0436 mfeapfk - ok
08:32:19.0383 0436 [ E7A60BDB4365B561D896019B82FB7DD0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
08:32:19.0383 0436 mfeavfk - ok
08:32:19.0398 0436 mfeavfk01 - ok
08:32:19.0414 0436 [ C53B7ABA204D9F7E9568EC147A1485C5 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:32:19.0414 0436 mfefire - ok
08:32:19.0445 0436 [ 670DFFE55E2F9AB99D9169C428BCECE9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
08:32:19.0445 0436 mfefirek - ok
08:32:19.0461 0436 [ 1892616B7F9291FD77C3FA0A5811FE9F ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
08:32:19.0476 0436 mfehidk - ok
08:32:19.0476 0436 [ 1721261C77F6E7A9E0CB51B7D9F31B60 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
08:32:19.0476 0436 mfenlfk - ok
08:32:19.0492 0436 [ 65776BD8029E409935B90DE30BF99526 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
08:32:19.0507 0436 mferkdet - ok
08:32:19.0523 0436 [ 8F3B3C3625E3AAA11D6D4DB8423E1721 ] mfevtp C:\Windows\system32\mfevtps.exe
08:32:19.0523 0436 mfevtp - ok
08:32:19.0539 0436 [ 4F17D8B85B903D96EF7033BB6EF50516 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
08:32:19.0539 0436 mfewfpk - ok
08:32:19.0554 0436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:32:19.0554 0436 MMCSS - ok
08:32:19.0570 0436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:32:19.0570 0436 Modem - ok
08:32:19.0585 0436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:32:19.0585 0436 monitor - ok
08:32:19.0617 0436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:32:19.0617 0436 mouclass - ok
08:32:19.0632 0436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:32:19.0632 0436 mouhid - ok
08:32:19.0648 0436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:32:19.0648 0436 mountmgr - ok
08:32:19.0663 0436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:32:19.0663 0436 mpio - ok
08:32:19.0679 0436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:32:19.0679 0436 mpsdrv - ok
08:32:19.0695 0436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:32:19.0710 0436 MpsSvc - ok
08:32:19.0726 0436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:32:19.0726 0436 MRxDAV - ok
08:32:19.0741 0436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:32:19.0741 0436 mrxsmb - ok
08:32:19.0773 0436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:32:19.0773 0436 mrxsmb10 - ok
08:32:19.0788 0436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:32:19.0788 0436 mrxsmb20 - ok
08:32:19.0819 0436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:32:19.0819 0436 msahci - ok
08:32:19.0851 0436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:32:19.0851 0436 msdsm - ok
08:32:19.0866 0436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:32:19.0866 0436 MSDTC - ok
08:32:19.0882 0436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:32:19.0882 0436 Msfs - ok
08:32:19.0897 0436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:32:19.0897 0436 mshidkmdf - ok
08:32:19.0913 0436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:32:19.0913 0436 msisadrv - ok
08:32:19.0960 0436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:32:19.0960 0436 MSiSCSI - ok
08:32:19.0960 0436 msiserver - ok
08:32:19.0975 0436 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:32:19.0975 0436 MSK80Service - ok
08:32:19.0975 0436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:32:19.0991 0436 MSKSSRV - ok
08:32:19.0991 0436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:32:19.0991 0436 MSPCLOCK - ok
08:32:19.0991 0436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:32:19.0991 0436 MSPQM - ok
08:32:20.0007 0436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:32:20.0007 0436 MsRPC - ok
08:32:20.0022 0436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:32:20.0022 0436 mssmbios - ok
08:32:20.0038 0436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:32:20.0038 0436 MSTEE - ok
08:32:20.0038 0436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:32:20.0038 0436 MTConfig - ok
08:32:20.0053 0436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:32:20.0053 0436 Mup - ok
08:32:20.0069 0436 MxlW2k - ok
08:32:20.0085 0436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:32:20.0085 0436 napagent - ok
08:32:20.0100 0436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:32:20.0100 0436 NativeWifiP - ok
08:32:20.0178 0436 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:32:20.0178 0436 NAUpdate - ok
08:32:20.0225 0436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:32:20.0241 0436 NDIS - ok
08:32:20.0241 0436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:32:20.0241 0436 NdisCap - ok
08:32:20.0272 0436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:32:20.0272 0436 NdisTapi - ok
08:32:20.0287 0436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:32:20.0287 0436 Ndisuio - ok
08:32:20.0303 0436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:32:20.0303 0436 NdisWan - ok
08:32:20.0319 0436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:32:20.0319 0436 NDProxy - ok
08:32:20.0334 0436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:32:20.0334 0436 NetBIOS - ok
08:32:20.0334 0436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:32:20.0350 0436 NetBT - ok
08:32:20.0350 0436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:32:20.0350 0436 Netlogon - ok
08:32:20.0381 0436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:32:20.0381 0436 Netman - ok
08:32:20.0412 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0443 0436 NetMsmqActivator - ok
08:32:20.0443 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0443 0436 NetPipeActivator - ok
08:32:20.0475 0436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:32:20.0475 0436 netprofm - ok
08:32:20.0475 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0475 0436 NetTcpActivator - ok
08:32:20.0490 0436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:20.0490 0436 NetTcpPortSharing - ok
08:32:20.0506 0436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:32:20.0506 0436 nfrd960 - ok
08:32:20.0521 0436 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:32:20.0521 0436 NlaSvc - ok
08:32:20.0615 0436 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
08:32:20.0677 0436 NOBU - ok
08:32:20.0693 0436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:32:20.0709 0436 Npfs - ok
08:32:20.0724 0436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:32:20.0724 0436 nsi - ok
08:32:20.0724 0436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:32:20.0740 0436 nsiproxy - ok
08:32:20.0771 0436 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:32:20.0802 0436 Ntfs - ok
08:32:20.0802 0436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:32:20.0818 0436 Null - ok
08:32:20.0833 0436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:32:20.0833 0436 nvraid - ok
08:32:20.0849 0436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:32:20.0849 0436 nvstor - ok
08:32:20.0865 0436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:32:20.0865 0436 nv_agp - ok
08:32:20.0880 0436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:32:20.0880 0436 ohci1394 - ok
08:32:20.0911 0436 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:20.0911 0436 ose - ok
08:32:21.0021 0436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:32:21.0099 0436 osppsvc - ok
08:32:21.0130 0436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:32:21.0130 0436 p2pimsvc - ok
08:32:21.0145 0436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:32:21.0145 0436 p2psvc - ok
08:32:21.0177 0436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:32:21.0177 0436 Parport - ok
08:32:21.0192 0436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:32:21.0192 0436 partmgr - ok
08:32:21.0208 0436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:32:21.0208 0436 PcaSvc - ok
08:32:21.0223 0436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:32:21.0223 0436 pci - ok
08:32:21.0239 0436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:32:21.0239 0436 pciide - ok
08:32:21.0255 0436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:32:21.0255 0436 pcmcia - ok
08:32:21.0270 0436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:32:21.0270 0436 pcw - ok
08:32:21.0286 0436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:32:21.0301 0436 PEAUTH - ok
08:32:21.0348 0436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:32:21.0426 0436 PerfHost - ok
08:32:21.0504 0436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:32:21.0535 0436 pla - ok
08:32:21.0567 0436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:32:21.0567 0436 PlugPlay - ok
08:32:21.0582 0436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:32:21.0582 0436 PNRPAutoReg - ok
08:32:21.0598 0436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:32:21.0598 0436 PNRPsvc - ok
08:32:21.0629 0436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:32:21.0660 0436 PolicyAgent - ok
08:32:21.0676 0436 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
08:32:21.0676 0436 Power - ok
08:32:21.0691 0436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:32:21.0691 0436 PptpMiniport - ok
08:32:21.0707 0436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:32:21.0707 0436 Processor - ok
08:32:21.0738 0436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:32:21.0738 0436 ProfSvc - ok
08:32:21.0754 0436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:32:21.0754 0436 ProtectedStorage - ok
08:32:21.0769 0436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:32:21.0769 0436 Psched - ok
08:32:21.0832 0436 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:32:21.0847 0436 PSI_SVC_2 - ok
08:32:21.0863 0436 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:32:21.0863 0436 PxHlpa64 - ok
08:32:21.0894 0436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:32:21.0925 0436 ql2300 - ok
08:32:21.0925 0436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:32:21.0925 0436 ql40xx - ok
08:32:21.0941 0436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:32:21.0941 0436 QWAVE - ok
08:32:21.0941 0436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:32:21.0957 0436 QWAVEdrv - ok
08:32:21.0957 0436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:32:21.0957 0436 RasAcd - ok
08:32:21.0988 0436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:32:21.0988 0436 RasAgileVpn - ok
08:32:22.0003 0436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:32:22.0003 0436 RasAuto - ok
08:32:22.0019 0436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:32:22.0019 0436 Rasl2tp - ok
08:32:22.0035 0436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:32:22.0035 0436 RasMan - ok
08:32:22.0050 0436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:32:22.0050 0436 RasPppoe - ok
08:32:22.0066 0436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:32:22.0066 0436 RasSstp - ok
08:32:22.0081 0436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:32:22.0081 0436 rdbss - ok
08:32:22.0097 0436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:32:22.0097 0436 rdpbus - ok
08:32:22.0113 0436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:32:22.0113 0436 RDPCDD - ok
08:32:22.0128 0436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:32:22.0128 0436 RDPENCDD - ok
08:32:22.0144 0436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:32:22.0144 0436 RDPREFMP - ok
08:32:22.0191 0436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:32:22.0191 0436 RDPWD - ok
08:32:22.0206 0436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:32:22.0206 0436 rdyboost - ok
08:32:22.0222 0436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:32:22.0237 0436 RemoteAccess - ok
08:32:22.0253 0436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:32:22.0253 0436 RemoteRegistry - ok
08:32:22.0300 0436 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:32:22.0300 0436 RimUsb - ok
08:32:22.0362 0436 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:32:22.0393 0436 RoxMediaDB12OEM - ok
08:32:22.0409 0436 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:32:22.0409 0436 RoxWatch12 - ok
08:32:22.0425 0436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:32:22.0425 0436 RpcEptMapper - ok
08:32:22.0440 0436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:32:22.0440 0436 RpcLocator - ok
08:32:22.0471 0436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:32:22.0471 0436 RpcSs - ok
08:32:22.0503 0436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:32:22.0503 0436 rspndr - ok
08:32:22.0534 0436 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:32:22.0534 0436 RTL8167 - ok
08:32:22.0549 0436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:32:22.0549 0436 SamSs - ok
08:32:22.0565 0436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:32:22.0565 0436 sbp2port - ok
08:32:22.0581 0436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:32:22.0581 0436 SCardSvr - ok
08:32:22.0596 0436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:32:22.0596 0436 scfilter - ok
08:32:22.0612 0436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:32:22.0627 0436 Schedule - ok
08:32:22.0643 0436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:32:22.0643 0436 SCPolicySvc - ok
08:32:22.0659 0436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:32:22.0659 0436 SDRSVC - ok
08:32:22.0674 0436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:32:22.0674 0436 secdrv - ok
08:32:22.0690 0436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:32:22.0690 0436 seclogon - ok
08:32:22.0690 0436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:32:22.0690 0436 SENS - ok
08:32:22.0721 0436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:32:22.0721 0436 SensrSvc - ok
08:32:22.0737 0436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:32:22.0737 0436 Serenum - ok
08:32:22.0737 0436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:32:22.0752 0436 Serial - ok
08:32:22.0752 0436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:32:22.0752 0436 sermouse - ok
08:32:22.0768 0436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:32:22.0768 0436 SessionEnv - ok
08:32:22.0783 0436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:32:22.0783 0436 sffdisk - ok
08:32:22.0799 0436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:32:22.0799 0436 sffp_mmc - ok
08:32:22.0799 0436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:32:22.0799 0436 sffp_sd - ok
08:32:22.0799 0436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:32:22.0799 0436 sfloppy - ok
08:32:22.0877 0436 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:32:22.0908 0436 SftService - ok
08:32:22.0939 0436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:32:22.0939 0436 SharedAccess - ok
08:32:22.0955 0436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:32:22.0955 0436 ShellHWDetection - ok
08:32:22.0971 0436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:32:22.0971 0436 SiSRaid2 - ok
08:32:22.0971 0436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:32:22.0971 0436 SiSRaid4 - ok
08:32:23.0017 0436 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:32:23.0017 0436 SkypeUpdate - ok
08:32:23.0033 0436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:32:23.0033 0436 Smb - ok
08:32:23.0049 0436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:32:23.0049 0436 SNMPTRAP - ok
08:32:23.0064 0436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:32:23.0064 0436 spldr - ok
08:32:23.0095 0436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:32:23.0111 0436 Spooler - ok
08:32:23.0158 0436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:32:23.0220 0436 sppsvc - ok
08:32:23.0236 0436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:32:23.0236 0436 sppuinotify - ok
08:32:23.0267 0436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:32:23.0267 0436 srv - ok
08:32:23.0283 0436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:32:23.0298 0436 srv2 - ok
08:32:23.0298 0436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:32:23.0298 0436 srvnet - ok
08:32:23.0329 0436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:32:23.0329 0436 SSDPSRV - ok
08:32:23.0329 0436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:32:23.0329 0436 SstpSvc - ok
08:32:23.0345 0436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:32:23.0345 0436 stexstor - ok
08:32:23.0376 0436 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:32:23.0376 0436 StillCam - ok
08:32:23.0423 0436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:32:23.0423 0436 stisvc - ok
08:32:23.0454 0436 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:32:23.0454 0436 stllssvr - ok
08:32:23.0470 0436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:32:23.0470 0436 swenum - ok
08:32:23.0485 0436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:32:23.0485 0436 swprv - ok
08:32:23.0517 0436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:32:23.0532 0436 SysMain - ok
08:32:23.0563 0436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:32:23.0563 0436 TabletInputService - ok
08:32:23.0579 0436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:32:23.0579 0436 TapiSrv - ok
08:32:23.0595 0436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:32:23.0595 0436 TBS - ok
08:32:23.0657 0436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:32:23.0673 0436 Tcpip - ok
08:32:23.0719 0436 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:32:23.0719 0436 TCPIP6 - ok
08:32:23.0751 0436 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:32:23.0751 0436 tcpipreg - ok
08:32:23.0766 0436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:32:23.0766 0436 TDPIPE - ok
08:32:23.0797 0436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:32:23.0797 0436 TDTCP - ok
08:32:23.0813 0436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:32:23.0813 0436 tdx - ok
08:32:23.0829 0436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:32:23.0829 0436 TermDD - ok
08:32:23.0860 0436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:32:23.0875 0436 TermService - ok
08:32:23.0875 0436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:32:23.0875 0436 Themes - ok
08:32:23.0891 0436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:32:23.0891 0436 THREADORDER - ok
08:32:23.0907 0436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:32:23.0907 0436 TrkWks - ok
08:32:23.0953 0436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:32:23.0953 0436 TrustedInstaller - ok
08:32:23.0985 0436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:32:23.0985 0436 tssecsrv - ok
08:32:24.0000 0436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:32:24.0000 0436 TsUsbFlt - ok
08:32:24.0000 0436 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:32:24.0016 0436 TsUsbGD - ok
08:32:24.0031 0436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:32:24.0031 0436 tunnel - ok
08:32:24.0031 0436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:32:24.0047 0436 uagp35 - ok
08:32:24.0047 0436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:32:24.0063 0436 udfs - ok
08:32:24.0078 0436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:32:24.0078 0436 UI0Detect - ok
08:32:24.0094 0436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:32:24.0094 0436 uliagpkx - ok
08:32:24.0109 0436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:32:24.0109 0436 umbus - ok
08:32:24.0109 0436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:32:24.0109 0436 UmPass - ok
08:32:24.0172 0436 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:32:24.0172 0436 UMVPFSrv - ok
08:32:24.0187 0436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:32:24.0203 0436 upnphost - ok
08:32:24.0219 0436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:32:24.0219 0436 USBAAPL64 - ok
08:32:24.0265 0436 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:32:24.0265 0436 usbaudio - ok
08:32:24.0297 0436 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:32:24.0297 0436 usbccgp - ok
08:32:24.0312 0436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:32:24.0312 0436 usbcir - ok
08:32:24.0328 0436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:32:24.0328 0436 usbehci - ok
08:32:24.0359 0436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:32:24.0359 0436 usbhub - ok
08:32:24.0375 0436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:32:24.0375 0436 usbohci - ok
08:32:24.0390 0436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:32:24.0390 0436 usbprint - ok
08:32:24.0421 0436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:32:24.0421 0436 usbscan - ok
08:32:24.0421 0436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:32:24.0437 0436 USBSTOR - ok
08:32:24.0453 0436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:32:24.0453 0436 usbuhci - ok
08:32:24.0468 0436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:32:24.0484 0436 UxSms - ok
08:32:24.0484 0436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:32:24.0484 0436 VaultSvc - ok
08:32:24.0499 0436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:32:24.0499 0436 vdrvroot - ok
08:32:24.0515 0436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:32:24.0515 0436 vds - ok
08:32:24.0546 0436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:32:24.0546 0436 vga - ok
08:32:24.0562 0436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:32:24.0562 0436 VgaSave - ok
08:32:24.0577 0436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:32:24.0577 0436 vhdmp - ok
08:32:24.0577 0436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:32:24.0577 0436 viaide - ok
08:32:24.0593 0436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:32:24.0593 0436 volmgr - ok
08:32:24.0609 0436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:32:24.0609 0436 volmgrx - ok
08:32:24.0624 0436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:32:24.0624 0436 volsnap - ok
08:32:24.0640 0436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:32:24.0640 0436 vsmraid - ok
08:32:24.0687 0436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:32:24.0702 0436 VSS - ok
08:32:24.0718 0436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:32:24.0718 0436 vwifibus - ok
08:32:24.0733 0436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:32:24.0733 0436 W32Time - ok
08:32:24.0749 0436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:32:24.0749 0436 WacomPen - ok
08:32:24.0765 0436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:32:24.0765 0436 WANARP - ok
08:32:24.0780 0436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:32:24.0780 0436 Wanarpv6 - ok
08:32:24.0827 0436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:32:24.0858 0436 WatAdminSvc - ok
08:32:24.0921 0436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:32:24.0936 0436 wbengine - ok
08:32:24.0952 0436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:32:24.0952 0436 WbioSrvc - ok
08:32:24.0967 0436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:32:24.0983 0436 wcncsvc - ok

y_molina
2012-09-18, 17:01
08:32:24.0983 0436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:32:24.0999 0436 WcsPlugInService - ok
08:32:25.0014 0436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:32:25.0030 0436 Wd - ok
08:32:25.0045 0436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:32:25.0045 0436 Wdf01000 - ok
08:32:25.0061 0436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:32:25.0061 0436 WdiServiceHost - ok
08:32:25.0061 0436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:32:25.0061 0436 WdiSystemHost - ok
08:32:25.0077 0436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:32:25.0077 0436 WebClient - ok
08:32:25.0092 0436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:32:25.0092 0436 Wecsvc - ok
08:32:25.0108 0436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:32:25.0108 0436 wercplsupport - ok
08:32:25.0123 0436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:32:25.0123 0436 WerSvc - ok
08:32:25.0139 0436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:32:25.0139 0436 WfpLwf - ok
08:32:25.0170 0436 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:32:25.0170 0436 WimFltr - ok
08:32:25.0186 0436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:32:25.0186 0436 WIMMount - ok
08:32:25.0201 0436 WinDefend - ok
08:32:25.0201 0436 WinHttpAutoProxySvc - ok
08:32:25.0264 0436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:32:25.0279 0436 Winmgmt - ok
08:32:25.0311 0436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:32:25.0357 0436 WinRM - ok
08:32:25.0404 0436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:32:25.0404 0436 WinUsb - ok
08:32:25.0420 0436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:32:25.0435 0436 Wlansvc - ok
08:32:25.0482 0436 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:25.0482 0436 wlcrasvc - ok
08:32:25.0576 0436 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:25.0623 0436 wlidsvc - ok
08:32:25.0638 0436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:32:25.0638 0436 WmiAcpi - ok
08:32:25.0669 0436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:32:25.0669 0436 wmiApSrv - ok
08:32:25.0685 0436 WMPNetworkSvc - ok
08:32:25.0716 0436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:32:25.0716 0436 WPCSvc - ok
08:32:25.0716 0436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:32:25.0732 0436 WPDBusEnum - ok
08:32:25.0732 0436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:32:25.0732 0436 ws2ifsl - ok
08:32:25.0747 0436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:32:25.0747 0436 wscsvc - ok
08:32:25.0747 0436 WSearch - ok
08:32:25.0825 0436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:32:25.0857 0436 wuauserv - ok
08:32:25.0872 0436 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:32:25.0872 0436 WudfPf - ok
08:32:25.0903 0436 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:32:25.0903 0436 WUDFRd - ok
08:32:25.0919 0436 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:32:25.0919 0436 wudfsvc - ok
08:32:25.0935 0436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:32:25.0935 0436 WwanSvc - ok
08:32:25.0981 0436 X6va005 - ok
08:32:25.0997 0436 X6va008 - ok
08:32:26.0013 0436 ================ Scan global ===============================
08:32:26.0028 0436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:32:26.0059 0436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:32:26.0059 0436 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:32:26.0075 0436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:32:26.0091 0436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:32:26.0091 0436 [Global] - ok
08:32:26.0091 0436 ================ Scan MBR ==================================
08:32:26.0106 0436 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:32:26.0527 0436 \Device\Harddisk0\DR0 - ok
08:32:27.0697 0436 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk3\DR3
08:32:29.0554 0436 \Device\Harddisk3\DR3 - ok
08:32:29.0554 0436 ================ Scan VBR ==================================
08:32:29.0803 0436 [ 89FF595FD0C7DE1341CD9A403883A535 ] \Device\Harddisk0\DR0\Partition1
08:32:29.0835 0436 \Device\Harddisk0\DR0\Partition1 - ok
08:32:29.0835 0436 [ A5E2633D19A81682051E07C1DEC5527B ] \Device\Harddisk0\DR0\Partition2
08:32:29.0850 0436 \Device\Harddisk0\DR0\Partition2 - ok
08:32:29.0850 0436 [ 56DE9981A6AAD4C677DADB1EB8DA00AA ] \Device\Harddisk3\DR3\Partition1
08:32:29.0850 0436 \Device\Harddisk3\DR3\Partition1 - ok
08:32:29.0850 0436 ============================================================
08:32:29.0850 0436 Scan finished
08:32:29.0850 0436 ============================================================
08:32:29.0850 2020 Detected object count: 0
08:32:29.0850 2020 Actual detected object count: 0
08:33:10.0832 0660 Deinitialize success

TechieRanger
2012-09-19, 09:18
Thanks for the information:D:


I did check and I think the program that caused this mess is still in my programdata folder.
Yes, that is correct. Please do not touch it.:bigthumb:

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your Desktop.

Double click to run it
A window will open on your Desktop
If an unknown bootcode is found you will have further options available to you, but at this time press N then press Enter twice.
If nothing unusual is found just press Enter.
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your Desktop.
Please post the contents of that file.

In your next reply, please provide the following:

MBRCheck log.
Update on how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-09-19, 17:06
I have avoided using the computer until it's all clean. I've even disconnected it from the internet. But when I do start her up, she seems to run fine. I haven't checked any online actions though.

Tammy

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 620s
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x03065000 \SystemRoot\system32\ntoskrnl.exe
0x0301C000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C5D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CAC000 \SystemRoot\system32\PSHED.dll
0x00CC0000 \SystemRoot\system32\CLFS.SYS
0x00D1E000 \SystemRoot\system32\CI.dll
0x00E29000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDC000 \SystemRoot\system32\drivers\ACPI.sys
0x00F33000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F3C000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F46000 \SystemRoot\system32\drivers\pci.sys
0x00F79000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F86000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9B000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB0000 \SystemRoot\system32\drivers\intelide.sys
0x00FB8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE2000 \SystemRoot\system32\drivers\atapi.sys
0x0109B000 \SystemRoot\system32\drivers\ataport.SYS
0x010C5000 \SystemRoot\system32\drivers\amdxata.sys
0x010D0000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01130000 \SystemRoot\system32\drivers\mfehidk.sys
0x011CC000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01221000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014BD000 \SystemRoot\System32\Drivers\cng.sys
0x0152F000 \SystemRoot\System32\drivers\pcw.sys
0x01540000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01643000 \SystemRoot\system32\drivers\ndis.sys
0x01735000 \SystemRoot\system32\drivers\NETIO.SYS
0x01795000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0154A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01594000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01400000 \SystemRoot\system32\drivers\volsnap.sys
0x017BF000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x017C7000 \SystemRoot\System32\Drivers\mup.sys
0x017D9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E2000 \SystemRoot\system32\drivers\disk.sys
0x01486000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0105E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x015F2000 \SystemRoot\System32\Drivers\Null.SYS
0x017F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x013F2000 \SystemRoot\System32\drivers\vga.sys
0x011D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01200000 \SystemRoot\System32\drivers\watchdog.sys
0x01210000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01088000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01091000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00FEB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00DDE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00E11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CA0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CE5000 \SystemRoot\system32\drivers\afd.sys
0x03D6E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D77000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x03DAE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C68000 \SystemRoot\System32\drivers\discache.sys
0x03C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DEC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E85000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04809000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03EAB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F9F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053BE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x053CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04084000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04109000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04116000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0412C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0413C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04152000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04176000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04182000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041B1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04000000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0401A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04029000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04038000 \SystemRoot\system32\DRIVERS\serscan.sys
0x04040000 \SystemRoot\system32\drivers\ksthunk.sys
0x0422E000 \SystemRoot\system32\drivers\ks.sys
0x04271000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04273000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04285000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E45000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05E00000 \SystemRoot\system32\drivers\portcls.sys
0x05FD3000 \SystemRoot\system32\drivers\drmk.sys
0x042F4000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x04347000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0437D000 \SystemRoot\system32\drivers\mfefirek.sys
0x043F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04200000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05FF5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0420C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0421F000 \SystemRoot\System32\drivers\Dxapi.sys
0x04046000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04063000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04074000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x053E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x041ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x03FE5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x015D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x013DF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x007B0000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x0262C000 \SystemRoot\system32\drivers\luafv.sys
0x0264F000 \SystemRoot\system32\drivers\WudfPf.sys
0x02670000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02685000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0269D000 \SystemRoot\system32\drivers\HTTP.sys
0x02766000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02784000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0279C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x054A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x054F7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0551B000 \SystemRoot\system32\drivers\peauth.sys
0x055C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x055CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05400000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05412000 \SystemRoot\System32\DRIVERS\srv2.sys
0x088B3000 \SystemRoot\System32\DRIVERS\srv.sys
0x0894B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x08971000 \SystemRoot\system32\drivers\cfwids.sys
0x08980000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x089B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x089E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x089F4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x771E0000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF500000 \Windows\System32\apisetschema.dll
0xFFA80000 \Windows\System32\autochk.exe

Processes (total 53):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
452 csrss.exe
528 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
180 C:\Windows\System32\svchost.exe
340 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
568 C:\Windows\System32\audiodg.exe
112 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\spoolsv.exe
1232 C:\Windows\System32\svchost.exe
1340 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1372 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1428 C:\Windows\System32\taskhost.exe
1524 C:\Windows\System32\dwm.exe
1548 C:\Windows\explorer.exe
1692 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\mfevtps.exe
1848 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
1876 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
1916 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2004 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1056 C:\Windows\System32\svchost.exe
1328 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2060 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
2112 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2204 C:\Windows\System32\rundll32.exe
2276 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2348 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
2844 C:\Windows\System32\SearchIndexer.exe
2372 C:\Windows\System32\svchost.exe
2824 WUDFHost.exe
3188 C:\Windows\splwow64.exe
3248 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3296 C:\Program Files\Windows Media Player\wmpnetwk.exe
2976 WmiPrvSE.exe
1708 C:\PROGRA~1\mcafee.com\agent\mcagent.exe
3928 <unknown>
3500 C:\Windows\System32\taskeng.exe
3964 C:\Program Files\Dell Support Center\uaclauncher.exe
1836 C:\Users\Tams\Desktop\MBRCheck.exe
2020 C:\Windows\System32\conhost.exe
3956 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`b6800000 (NTFS)

PhysicalDrive0 Model Number: ST3500413AS, Rev: JC49

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

TechieRanger
2012-09-20, 13:14
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and save it on your Desktop.

Quit all programs.
Start RogueKiller.exe. For Vista or Windows 7, right-click on the program, select Run as Administrator to start, then when prompted, press Allow to run.
Wait until Pre-scan has finished.
Click on Scan.
Wait for the scan to complete.
When the scan completes, close the program.
The report has been created on the Desktop.
Please post the contents of the RKreport.txt file located on your Desktop.

In your next reply, please provide the following:

RK report log.
Update on how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-09-20, 17:08
Everything is the same as before.

Thanks
Tammy

User : Tams [Admin rights]
Mode : Scan -- Date : 09/20/2012 08:58:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Officejet Pro 8600.lnk @Tams : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN238BS2JD05KC;CONNECTION=USB;MONITOR=1; -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] b1f02b5ae6222e42518151ebda7f38ee
[BSP] f0ed52227c5a750a084a39073d193a7e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461717 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 89c1f5d3152c5363e23a03831c028d20
[BSP] f0ed52227c5a750a084a39073d193a7e : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461717 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo

+++++ PhysicalDrive3: HP Officejet Pro 86 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

TechieRanger
2012-09-21, 11:22
You have a hidden malware partition that we need to deactivate and remove.
We'll need a flashdrive and if possible your Windows 7 disk.

Download ListParts64 (http://www.bleepingcomputer.com/download/listparts/dl/78/) and save it to the flashdrive.

With the flash drive attached to the computer boot to the System Recovery Options screen.
Select the command prompt
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
Listparts will start to run
Check the box beside List BCD
Press the Scan button
When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.



Regards,

Richard:greeting:

y_molina
2012-09-21, 19:37
I've ran into a bit of a snag. When I try to start System Recovery Options it just gives a black screens that says "Loading Windows Files..." I've waited over an hour and a half. I don't know what to do.

Tammy

TechieRanger
2012-09-22, 18:22
Have you tried entering System Recovery Options by using your Windows 7 DVD?:)

Plug the USB drive with Listparts into the infected machine.

To enter System Recovery Options by using your Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
http://i1090.photobucket.com/albums/i366/garyr56/W7InstallDisk2.png
Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)

Listparts will start to run
Check the box beside List BCD
Press the Scan button


When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.



Regards,

Richard:greeting:

y_molina
2012-09-22, 21:47
Ok so the computer didn't come with a Windows Installation disk. But when I got the computer, I did make the recovery disks for it. When I put the first one in and I make it boot to the CD drive it goes to a system restore screen. When I press F8 while loading with the disk drive set to boot first, I get the black screen with all the options as when I start it with the hard drive to boot first except for it is missing the "Repair the computer" option.

The only other disk I have is the drives and utilities disk. That didn't work either.

I appreciate your help!

Tammy

TechieRanger
2012-09-23, 21:11
We need to create a Windows 7 System Repair Disk. Note that this disk can only be used to access the Recovery Environment, not to reinstall Windows 7.

Press the Windows Key + R, then type recdisc.exe in the Run box and press Enter.
If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:
Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.

Let me know when you have this.



Regards,

Richard:greeting:

y_molina
2012-09-23, 22:00
Ok I have it made.

Tammy

TechieRanger
2012-09-24, 01:38
Let`s try entering System Recovery Options by using your Windows 7 System Repair Disk. :):bigthumb:

Plug the USB drive with Listparts into the infected machine.

To enter System Recovery Options by using your Windows 7 System Repair Disk:

Insert the Windows 7 System Repair Disk.
Restart your computer.
If prompted, press any key to start Windows from the disk. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
http://i1090.photobucket.com/albums/i366/garyr56/W7InstallDisk2.png
Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)

Listparts will start to run
Check the box beside List BCD
Press the Scan button


When finished scanning it will make a log Result.txt on the flash drive. Please copy and paste it to your reply.



Regards,

Richard:greeting:

y_molina
2012-09-24, 04:22
It finally worked! Yeah! Here is the log

ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 24-09-2012 at 00:19:01
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4008.64 MB
Available physical RAM: 3535.41 MB
Total Pagefile: 4006.84 MB
Available Pagefile: 3516.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.9 GB) (Free:340.75 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
4 Drive f: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 120 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 450 GB 14 GB
Partition 4 Primary 10 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT Removable 120 MB Healthy

======================================================================================================
The boot configuration data store could not be opened.
The system cannot find the file specified.


****** End Of Log ******

TechieRanger
2012-09-25, 08:27
Nice job:bigthumb:

Please do the following:

Click Start and in the Search programs and files box type Notepad.exe then hit Enter.
An empty Notepad file will open.
Copy and paste the contents of the code box below into Notepad.

Disk=0 Partition=2 active
Disk=0 Partition=4 delete
custom
Press File and Save it as fix.txt to the flash drive where ListParts resides.

Now please enter System Recovery Options by using your Windows 7 System Repair Disk, then run ListParts again:

Boot your computer into Recovery Environment using the Windows 7 System Repair Disk.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select the Command Prompt option.
Type e:\listparts64.exe and hit Enter.

(where e: is replaced by the drive letter for your USB drive)
ListParts will start to run.
Press the Fix button.
ListParts will process the script in Fix.txt
When finished, please press Scan.
A log Result.txt will be saved to the flash drive.
Close the command window.
Boot back into normal mode then post the resultant log.




Regards,

Richard:police:

y_molina
2012-09-25, 18:01
OK here is what happened. There is a new file on my flash drive called PLfixlog. It has this in it. I've ran it twice (in case I did something wrong) and both times this is what happened.

Script used: "Disk=0 Partition=2 active "
Script used: "Disk=0 Partition=4 delete"
Script used: "custom"

An error occurred while attempting to delete the specified data element.
Element not found.


The content of the result file is listed below.

Thank you,

Tammy

ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 25-09-2012 at 15:56:47
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4008.64 MB
Available physical RAM: 3492.72 MB
Total Pagefile: 4006.84 MB
Available Pagefile: 3478.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.9 GB) (Free:340.41 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
6 Drive h: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 120 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 450 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 120 MB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G FAT Removable 120 MB Healthy

======================================================================================================

****** End Of Log ******

TechieRanger
2012-09-27, 02:28
Do any start menu/Desktop items still need to be restored?:)

can you access everything on the computer now?

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by OldTimer.

Save it to your Desktop.
Please click OTL and then click >> run.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Processes
explorer.exe

:Files
C:\ProgramData\9CB2PVYe52Lx0U.exe

:Commands
[purity]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.


Next

Please delete your copy of aswMBR.exe and then download a fresh copy of aswMBR:

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.

Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.

Click Scan


Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


In your next reply, please provide the following:

OTL log.
aswMBR log.
Description of how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-09-27, 03:26
Ok everything seems to run fine. The desktop /menu items are back to normal. I can access everything that I tested (the important things.) So it seems like all is running great!

After running OTL, the files in the programdata file that were labled with random charcters and numbers were still there.

One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?

Thanks for your patience and help!
Tammy

OTL Log

Error: Unable to interpret <Code:> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\9CB2PVYe52Lx0U.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.68.0 log created on 09272012_004248

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


aswmbr log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 00:46:27
-----------------------------
00:46:27.192 OS Version: Windows x64 6.1.7601 Service Pack 1
00:46:27.192 Number of processors: 2 586 0x2A07
00:46:27.192 ComputerName: TAMS-PC UserName: Tams
00:46:28.721 Initialize success
00:47:54.805 AVAST engine defs: 12092601
00:48:03.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:48:03.915 Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
00:48:03.931 Disk 0 MBR read successfully
00:48:03.931 Disk 0 MBR scan
00:48:03.931 Disk 0 Windows VISTA default MBR code
00:48:03.946 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
00:48:03.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
00:48:03.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461717 MB offset 31145984
00:48:04.055 Disk 0 scanning C:\Windows\system32\drivers
00:48:19.858 Service scanning
00:49:19.575 Modules scanning
00:49:19.575 Disk 0 trace - called modules:
00:49:19.591 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:49:19.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c20060]
00:49:19.591 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80045c5dc0]
00:49:19.591 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800471a060]
00:49:26.938 AVAST engine scan C:\Windows
00:49:37.220 AVAST engine scan C:\Windows\system32
18:53:29.947 AVAST engine scan C:\Windows\system32\drivers
18:53:44.814 AVAST engine scan C:\Users\Tams
19:11:36.556 AVAST engine scan C:\ProgramData
19:13:19.064 Scan finished successfully
19:14:43.819 Disk 0 MBR has been saved successfully to "C:\Users\Tams\Desktop\MBR.dat"
19:14:43.834 The log file has been saved successfully to "C:\Users\Tams\Desktop\aswMBR.txt"
19:14:55.272 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
19:14:55.335 The log file has been saved successfully to "G:\aswMBR.txt"

y_molina
2012-09-27, 03:28
Sorry, I thought I attached the zip file but I guess I didn't do it right. Here is is..

TechieRanger
2012-09-28, 21:06
One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?
I think those could be legitimate updates.:bigthumb:

Run OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
DRIVES
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


In your next reply, please provide the following:

OTL log.
Description of how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-09-30, 19:29
Here are the logs

OTL logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
IE - HKCU\..\SearchScopes\{41E10EB8-CA40-4091-9298-7425CCABFA95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/26 04:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/05 16:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/07 12:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tams\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/09/27 00:42:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 10:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/27 00:49:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 00:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/27 00:42:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 00:40:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/26 19:18:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/26 19:18:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/26 19:18:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/26 19:18:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/26 19:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/26 19:18:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/26 19:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/26 19:18:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/26 19:18:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/26 19:18:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/26 19:18:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/26 19:18:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/26 19:18:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/26 19:18:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/26 19:18:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\RK_Quarantine
[2012/09/18 08:30:39 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:30:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\New folder
[2012/09/14 14:29:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/09/14 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/09/14 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/09/14 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Citrix
[2012/09/12 08:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 08:28:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 08:28:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 08:28:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 21:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2012/09/10 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Aeria Games
[2012/09/10 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/09/10 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/10 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Akamai
[2012/09/10 17:31:36 | 000,000,000 | ---D | C] -- C:\AeriaGames
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 10:53:11 | 000,001,932 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/30 10:53:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 10:52:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 10:52:52 | 3152,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/28 09:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/28 08:26:01 | 000,002,971 | ---- | M] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/27 00:42:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/26 19:15:43 | 000,000,567 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/26 18:37:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/26 18:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/24 19:43:38 | 000,001,051 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 07:29:52 | 001,382,912 | ---- | M] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:42:32 | 000,080,384 | ---- | M] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:27:44 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:27:38 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 22:03:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 22:03:33 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 22:03:33 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 14:48:29 | 000,001,264 | ---- | M] () -- C:\Users\Tams\Desktop\Spybot - Search & Destroy.lnk
[2012/09/14 14:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/13 14:12:04 | 000,000,024 | ---- | M] () -- C:\Users\Tams\random.dat
[2012/09/13 13:52:52 | 000,000,043 | ---- | M] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/09/11 08:39:47 | 000,002,116 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/10 21:35:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/09 17:12:37 | 000,013,541 | ---- | M] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/09/05 08:48:54 | 000,002,062 | ---- | M] () -- C:\Users\Tams\Documents\Default.rdp
[2012/08/31 18:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 08:26:01 | 000,002,971 | ---- | C] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/26 19:15:43 | 000,000,567 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/24 19:43:38 | 000,001,051 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 08:57:06 | 001,382,912 | ---- | C] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:53:54 | 000,080,384 | ---- | C] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:48:17 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/18 08:48:17 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon Deluxe.lnk
[2012/09/18 08:48:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\musicmatch JUKEBOX.lnk
[2012/09/18 08:48:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/09/18 08:48:17 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon.lnk
[2012/09/18 08:48:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/18 08:48:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/18 08:48:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/18 08:48:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/18 08:48:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/18 08:48:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/18 08:48:17 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Launch School.exe.lnk
[2012/09/18 08:48:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/18 08:48:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/18 08:48:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/18 08:48:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/18 08:48:16 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/18 08:48:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/18 08:48:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/18 08:48:15 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/18 08:48:15 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2012/09/16 21:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/14 12:29:07 | 000,000,160 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 12:29:07 | 000,000,144 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | C] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/14 12:28:58 | 000,000,592 | ---- | C] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/09 17:14:37 | 000,013,541 | ---- | C] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/08/31 17:00:18 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/07/26 22:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/06/09 17:26:21 | 000,002,741 | ---- | C] () -- C:\Users\Tams\.recently-used.xbel
[2012/05/22 18:07:10 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE2.dat
[2012/05/19 20:15:05 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/05/05 14:40:03 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE1.dat
[2012/04/26 12:22:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 13:16:39 | 000,000,396 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/03/09 13:15:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/03/01 20:37:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/01 20:37:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/02/24 22:55:40 | 000,000,043 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/02/24 22:55:40 | 000,000,024 | ---- | C] () -- C:\Users\Tams\random.dat
[2012/02/24 15:43:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\D5uninst.dll
[2012/02/24 15:43:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2012/02/24 14:08:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/24 13:24:20 | 000,007,590 | ---- | C] () -- C:\Users\Tams\AppData\Local\Resmon.ResmonCfg
[2012/02/21 14:47:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 14:47:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 14:47:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 11:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/10 15:16:23 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\.minecraft
[2012/09/30 10:53:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Dropbox
[2012/06/02 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoft
[2012/04/29 14:03:24 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/13 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\EurekaLog
[2012/09/05 08:46:38 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FileZilla
[2012/02/24 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Fingertapps
[2012/03/01 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FOG Downloader
[2012/06/09 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\gtk-2.0
[2012/09/01 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\IcoFX2X
[2012/08/30 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\LolClient
[2012/03/09 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\MyHeritage
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy
[2012/02/24 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PADGen
[2012/07/11 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PCDr
[2012/03/02 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RIFT
[2012/03/12 12:16:51 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RootsMagic
[2012/09/05 08:48:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Tams11
[2012/08/07 01:48:43 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\TeamViewer
[2012/03/09 13:15:27 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/03/07 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Thunderbird
[2012/06/26 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Ulead Systems
[2012/06/15 13:24:14 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1999/06/25 10:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2012/09/14 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\1
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\4

< %temp%\smtmp\*.* /s > >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500413AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: OTi Flash Disk USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15946743808
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 120.00MB
Starting Offset: 16384
Hidden sectors: 0


< End of report >

y_molina
2012-09-30, 19:30
OTL Extras logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1464B388-08F8-46F6-AD60-A7469DA607B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{167AF688-37C4-4477-961D-598878AB1642}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36F71FF8-672D-4251-B39E-815A21E9CD6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CF9A17E-0DBF-494B-AC56-E3D206EFC3EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{406CBF8C-37C3-4321-B683-D50287CB7A0A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57A7311C-E0D7-45CC-A09D-E9DDBD4D794C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64BFADA2-7E8B-449D-8F6F-EAECF9BF9553}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67EC299D-0562-4F84-967C-C3E53A9C0C29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7046522E-35D9-4DED-B095-1E89D7B0A130}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7488E346-4552-4631-932A-7323A838D3ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7919F9BB-734A-462F-8A93-752274C3B1AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B51ACF6-35CA-413E-A63A-E7D1734E9C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83622AF4-D04A-4FDF-BB73-48762248C5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8AD3186E-39BA-40E5-9000-0EC9E9C3AAA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91136997-DECC-4CBA-B2F1-94CF0212822D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{942086F9-26F5-4E13-A66B-A4DB33B6802F}" = rport=138 | protocol=17 | dir=out | app=system |
"{AABDCCC1-DF7C-4181-BE03-9A39EB443617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD639C33-6BC1-48A5-B108-8A0C3C807825}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{CA130D11-6658-41C6-BB91-DFC72AE19E9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD16550B-CD35-46BA-864F-F9A8F66490EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5BFB73E-011E-4C1B-AC55-153B3BB71FE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{D916F3E8-172C-4586-822F-EE1846C03122}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE5AAC2B-EA4D-44D9-85CB-C7857C6DF260}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF56BE71-5CC0-4BB0-9ABB-DA2935D6AAFA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E12BA499-862D-49F8-9F03-1D0E4C81A545}" = rport=445 | protocol=6 | dir=out | app=system |
"{E277ECA2-4742-4493-BE11-BF5BB9F587E5}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{E55DC234-34B9-4761-AD6B-D1791CD4288E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E84AAF86-24E8-4A27-BC82-DDB0EFA67648}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{FC4F3DE9-796F-4617-A230-B1050ACB06C9}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{FCE8ECB6-C5E4-4609-B30B-16A381FAD9EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4932C-63BA-4B2D-8A7D-9357BBDB6C81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02518F73-F3A7-43DC-A9F1-884F64C6E0F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03659674-33BD-4A43-B7BC-FF404CC0AFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{063FCA6F-CFA7-4061-B1C5-4E1A4D803C55}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{09C889EE-8AAC-45B9-ABCD-EA62C538A315}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{14D1399B-33E4-453B-8CF6-6383E48A4A9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{225FE529-1328-4ADD-9FD4-9A3DC8B21C08}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{22DD4444-857E-4AC1-A8A5-B483844243AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{23A1370E-58C0-4087-84CF-CD16C1405A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24A602D2-9491-4257-B339-DEF3CF9B8B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29509A13-47E2-46E1-8425-B07A77681F1F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{29EA3BB8-F022-4003-9779-7B5AE27010AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D64A147-0081-4C92-A22B-00F375D6C4CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3DE110B4-85AE-40BF-A057-132A1E943577}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FC49A4C-AFF2-4495-838A-5F680679A34F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4CD0C206-6927-4F76-9189-C7310044E303}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5066007F-C8A4-4C95-98F3-E8C3DAB50519}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5543EABD-86DC-4C81-B706-71F49C926B19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60FB9BED-BD29-47F9-913B-290275F708A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66018CE4-9C3E-446F-B42E-A98045140480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{679CE841-BBBE-4E20-BF05-E6D877B03850}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{67AA25AA-174F-43DD-91AB-FA9C461C7A99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68AABA27-5644-4EAF-977D-82517AE738E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{7AEE3632-1B5C-412A-8224-9DDB211F9092}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D5EB9BF-6EF4-4111-86C8-4556C867D74D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{857324FE-6F63-4E61-A8D3-DF269A505FAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AEE6261-76E9-42B9-95B0-BC36D0833FB4}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{8C2C479F-2872-4DA7-9E4D-690057709194}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{8ED8B386-5572-4F4D-B080-56F550C1A463}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{9072A8DB-166B-4C42-AD36-3DEE4C3DE954}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{91A9F05F-2828-4601-A3EF-6D9D55A63C8A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{9620D541-3579-4120-A711-816373B4B446}" = protocol=6 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{9738CF3F-AD7D-4347-B6FB-2ED61B38BD58}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E6EBBB2-326E-4437-B196-AC8634D18402}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1370E2F-1C1C-4DC5-8B24-07D0E34001D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A64733E8-2384-4CAD-8F41-8721D9FB6BFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB0C5F2A-CE98-4989-966E-BEABBCC7D4EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B35FF2B2-75E9-4BD5-ADE1-A59FEE18EA32}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{B842E036-1719-4BBF-AA42-C41865D78FE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD0222EA-E184-4CF9-80AD-B09390E6CED8}" = protocol=6 | dir=out | app=system |
"{BFA858F3-B6E0-40C7-A090-9AC1AD74BCBB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C28330CD-A07C-42B9-9C2A-74F375342C41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C437E09C-16DF-4F5C-92A7-9E657FC63410}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{CCA354D9-32C7-4B06-B459-A59DC698D90D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CD181354-77AC-4DC4-8CF8-CD289212186E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CDE531D0-1EAA-418D-A1DA-C355DCE8E669}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{D4AB81F3-A55E-4C5A-AF6C-6306237F7A73}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{DCEB27CE-E898-4B62-8E64-6CC1A27F2843}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E318DA92-68F7-4F2A-BB45-B83F896FA004}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E420A768-176B-4DBD-838C-565662BC75E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F4757A97-E6E0-4E6D-ACEF-B382D7D3CF37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6E8C4FF-10AC-426B-BFEC-F99EA4162850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F79115CE-2924-40BC-AF4C-759D44E0DF46}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{F7C0FBDD-EF59-4BCB-8E29-B40E97B14B01}" = protocol=17 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB74FB17-B215-4D8C-9574-22A77DC00F14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE09249-10A4-43E2-924D-869B5B50F42F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5F7762-F686-4D5D-8838-DD57975E80AF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A696A783-CE10-4920-A03F-82FC6EE9C759}" = Aeria Ignite
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1689DDD-6378-4966-8865-6292D7141A6A}_is1" = RootsMagic 5.0.2.1
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C5B047B0-E71E-4CF8-8A3F-4793E677B0B7}" = SI Lead Manager - Beta 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.1.50
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.12.1
"Acesup_is1" = Acesup 1.0.0.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.9.1511" = Aeria Ignite
"Big Biz Tycoon 2" = Big Biz Tycoon 2
"Block Drop_is1" = Block Drop 1.0.0.0
"Clue" = Clue
"Cribbage_is1" = Cribbage 2.0.8.14
"Delphi5" = Borland Delphi 5
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EADM" = EA Download Manager
"Family Tree Builder" = MyHeritage Family Tree Builder
"Farkle Solo_is1" = Farkle Solo 1.0.2.3
"Farkle_is1" = Farkle 3.0.13.10
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Google Chrome Frame" = Google Chrome Frame
"HandAndFoot_is1" = Hand And Foot 1.0.11.10
"IcoFX 2_is1" = IcoFX 2.1
"Inno Setup 5_is1" = Inno Setup version 5.4.3
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kings in the Corner_is1" = Kings in the Corner 1.0.2.0
"Laredo Client" = Laredo Client
"Lemonade Tycoon for Windows" = Lemonade Tycoon for Windows
"Mall Tycoon" = Mall Tycoon
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MumboJumbo_is1" = MumboJumbo 1.0.15.17
"Office14.SingleImage" = Microsoft Office Professional 2010
"SimCity 3000" = SimCity 3000
"Switch_is1" = UpStage 1.0.2.0
"Tams11 Software Gaming Lobby_is1" = Tams11 Software Gaming Lobby 1.7.8.24
"TriPeaks_is1" = TriPeaks 1.0.2.5
"Unlimited_is1" = Unlimited 1.0.3.0
"UpStage_is1" = UpStage 1.0.4.5
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Video Converter" = Video Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2012 11:08:14 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 4:36:09 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Sims3LauncherW.exe, version: 0.2.0.177,
time stamp: 0x4fc52077 Faulting module name: CmdPortalClient.dll, version: 2.0.0.1,
time stamp: 0x49ce8e3c Exception code: 0xc0000005 Fault offset: 0x0001d158 Faulting
process id: 0x27b4 Faulting application start time: 0x01cd83ca6370db98 Faulting application
path: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\Sims3LauncherW.exe
Faulting
module path: C:\Program Files (x86)\Electronic Arts\EADM\CmdPortalClient.dll Report
Id: aa93ad26-efbd-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:11:39 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2900 Start
Time: 01cd846bf207651b Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 28d4b4d0-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:12:22 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2b14 Start
Time: 01cd847705bda835 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 5637edc1-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/28/2012 8:37:05 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 3:32:21 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Corel PaintShop Pro.exe, version: 14.2.0.88,
time stamp: 0x4faccf07 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161,
time stamp: 0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x00056b1d Faulting
process id: 0x153c Faulting application start time: 0x01cd854ac2ef57dd Faulting application
path: C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 155de630-f147-11e1-8884-d4bed9bf6bad

Error - 8/29/2012 8:36:10 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 1:53:52 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: Flash32_11_3_300_270.ocx, version: 11.3.300.270,
time stamp: 0x50197f98 Exception code: 0xc0000005 Fault offset: 0x001cfc96 Faulting
process id: 0x2f58 Faulting application start time: 0x01cd86bc53340734 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_270.ocx Report Id: a88c8ed4-f2cb-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:07:44 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program LolClient.exe version 2.0.2.12610 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2de0 Start
Time: 01cd86fdd8d27c26 Termination Time: 7 Application Path: C:\Riot Games\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.198\deploy\LolClient.exe

Report
Id: d92921ce-f2ff-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:43:59 PM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/18/2012 12:13:26 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/19/2012 9:44:36 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/20/2012 9:37:55 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 9:48:45 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 10:22:08 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 12:46:01 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:29:25 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:48:33 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:49:42 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 5:34:53 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >

TechieRanger
2012-10-01, 07:52
Please run OTL.exe.

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy

:Files
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C

:Commands
[purity]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

In your next reply, please provide the following:

OTL Fix log.
Description of how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-10-01, 17:33
Ok I ran OTL as directed. When it was done it asked to reboot and I did. But I didn't see a log of any kind.

After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)

I'm not sure what I do now. :confused:

Thanks,
Tammy

TechieRanger
2012-10-01, 21:28
No worries:D:


After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)
These items were unhidden by OTL.:)

The folders that have locks are junction points. We will re-hide the desktop.ini files and junction points later.:bigthumb:

You should find some logs in the following location:

C:\_OTL\MovedFiles

The logs will be named MMDDYYYY_HHMMSS.log where MDYHMS are numbers indicating the date and time the log was created.

Please post the last one created, which could be from the fix you've just run.

In your next reply, please provide the following:

OTL log.
Description of how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-10-01, 21:44
Ok good good. I was worried there for a minute.

Thanks,
Tammy

Here is the log

========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\-9CB2PVYe52Lx0Ur moved successfully.
C:\ProgramData\-9CB2PVYe52Lx0U moved successfully.
C:\ProgramData\9CB2PVYe52Lx0U moved successfully.
C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\OpenCandy_9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy folder moved successfully.
========== FILES ==========
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\My Identity Protection.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\EA Download Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\AeriaGames\Ignite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Image Editor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Register Now!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Creating Custom Components.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Developing COM-based Applications.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Image Editor Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Object Pascal Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Programming with Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Using Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Visual Component Library Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\What's New in Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\ISAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Multimedia Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Programmer's Guide to Windows 95.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Tools Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Developers Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Performance Data Helper Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MIDL Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Multimedia API Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OLE Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OpenGL Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Pen API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Remote Procedure Call Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programming Techniques.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 SDK Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32s Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows SDK and OLE Knowledge Base.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Setup API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Sockets 2 Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Telephony API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch Readme.doc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Corel PaintShop Pro X4.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Restore Database.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Digital Delivery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\SyncUP.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Local Backup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe Online\Dell DataSafe Online.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Dell Stage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\MusicStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\PhotoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\VideoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Weather.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\PC Checkup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\Free YouTube Download Lite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\System Report.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing Uninstaller.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\FileZilla.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Hexacto.com.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Install AOL FREE Trial!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Register Lemonade Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Remove Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Casual Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Enthusiast Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Kids Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All MMO Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FATE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies - Game of the Year.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - dell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DirectX Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DXMWrap Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Readme.txt .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\UnInstall Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Officejet Pro 8600.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Product Improvement Study.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Printer Setup & Software.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Product Support Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Shop for Supplies.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Update IP Address.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Wireless Printing Online Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\Uninstall\Uninstall IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe Install Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe PDF Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Uninstall RCT Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\www.rollercoastertycoon.com.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Compiler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Example Scripts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Revision History.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Animation Shop 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Paint Shop Pro 7.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Utilites\Jasc Tube Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Play Mall Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Holistic Design.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Take2 Interactive.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit the Mall Tycoon site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Contact Support.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Electronic Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Uninstall SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\McAfee\McAfee SecurityCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 10\Nero ControlCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Outspark\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\Uninstall PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Perfect World Entertainment\Perfect World International\Uninstall Perfect World International.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\RIFT Game Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\Uninstall RIFT.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5 To-Go.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic Chart.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn Options.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Uninstall Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Uninstall Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Uninstall Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Uninstall Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\Uninstall KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\Uninstall MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Uninstall Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Uninstall Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\Uninstall UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\Uninstall BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\Uninstall FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\Uninstall TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Web site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter Help.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter.lnk
268 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\4\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\musicmatch JUKEBOX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Zoo Tycoon.lnk
7 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.68.0 log created on 10012012_091604

TechieRanger
2012-10-03, 01:35
Nice work:2thumb:

MALWAREBYTES' ANTI-MALWARE
-------------------------------------------
Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your Desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Next

ADWCLEANER
----------------------------
Download AdwCleaner from here (http://general-changelog-team.fr/en/tools/15-adwcleaner) and save it to your desktop.

Run AdwCleaner and select Delete.
Once done it will ask to reboot, allow the reboot.
On reboot a log will be produced, please attach the content of the log to your next reply.

Next

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the green ESET Online Scanner button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
Click on Download to download the ESET Smart Installer. Save it to your desktop.
Double click on the esetsmartinstaller_enu.exe icon on your desktop.

Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Check Scan archives.
Ensure that the option "Remove found threats" is Unchecked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats.
Push Export to text file..., and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
Push the Back button.
Push Finish.

Next

Please post a fresh OTL scan log so I can review it.

In your next reply, please provide the following:

MBAM log.
AdwCleaner log.
ESET log.
OTL log.
Update on how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-10-04, 23:57
I'm posting the OLT log here and attaching the other logs.

Thank you,
Tammy

OTL logfile created on: 10/4/2012 3:43:51 PM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.12% Memory free
7.83 Gb Paging File | 6.57 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 337.57 Gb Free Space | 74.87% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 94.04 Mb Free Space | 78.22% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{41E10EB8-CA40-4091-9298-7425CCABFA95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/26 04:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/05 16:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/07 12:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tams\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/09/27 00:42:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - Startup: C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/04 09:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/04 09:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/04 09:34:09 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Malwarebytes
[2012/10/04 09:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/04 09:33:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/04 09:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/27 00:49:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 00:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/27 00:42:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 00:40:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/26 19:18:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/26 19:18:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/26 19:18:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/26 19:18:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/26 19:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/26 19:18:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/26 19:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/26 19:18:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/26 19:18:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/26 19:18:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/26 19:18:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/26 19:18:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/26 19:18:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/26 19:18:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/26 19:18:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/18 08:30:39 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:30:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/14 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/09/14 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/09/14 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/09/14 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Citrix
[2012/09/12 08:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 08:28:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 08:28:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 08:28:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 21:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2012/09/10 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Aeria Games
[2012/09/10 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/09/10 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/10 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Akamai
[2012/09/10 17:31:36 | 000,000,000 | ---D | C] -- C:\AeriaGames
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/04 15:44:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 15:43:28 | 000,001,932 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/10/04 15:43:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 15:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 15:43:10 | 3152,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 09:48:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 09:48:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 18:19:40 | 000,513,501 | ---- | M] () -- C:\Users\Tams\Desktop\AdwCleaner.exe
[2012/09/28 08:26:01 | 000,002,971 | ---- | M] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/27 00:42:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/26 18:37:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/26 18:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/24 19:43:38 | 000,001,051 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 07:29:52 | 001,382,912 | ---- | M] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:42:32 | 000,080,384 | ---- | M] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:27:44 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:27:38 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 22:03:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 22:03:33 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 22:03:33 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 14:48:29 | 000,001,264 | ---- | M] () -- C:\Users\Tams\Desktop\Spybot - Search & Destroy.lnk
[2012/09/14 14:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/13 14:12:04 | 000,000,024 | ---- | M] () -- C:\Users\Tams\random.dat
[2012/09/13 13:52:52 | 000,000,043 | ---- | M] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/09/11 08:39:47 | 000,002,116 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/10 21:35:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 08:48:54 | 000,002,062 | ---- | M] () -- C:\Users\Tams\Documents\Default.rdp
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/04 09:39:56 | 000,513,501 | ---- | C] () -- C:\Users\Tams\Desktop\AdwCleaner.exe
[2012/09/28 08:26:01 | 000,002,971 | ---- | C] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/24 19:43:38 | 000,001,051 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 08:57:06 | 001,382,912 | ---- | C] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:53:54 | 000,080,384 | ---- | C] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:48:17 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/18 08:48:17 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon Deluxe.lnk
[2012/09/18 08:48:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\musicmatch JUKEBOX.lnk
[2012/09/18 08:48:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/09/18 08:48:17 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon.lnk
[2012/09/18 08:48:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/18 08:48:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/18 08:48:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/18 08:48:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/18 08:48:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/18 08:48:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/18 08:48:17 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Launch School.exe.lnk
[2012/09/18 08:48:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/18 08:48:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/18 08:48:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/18 08:48:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/18 08:48:16 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/18 08:48:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/18 08:48:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/18 08:48:15 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/18 08:48:15 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2012/09/16 21:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/07/26 22:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/06/09 17:26:21 | 000,002,741 | ---- | C] () -- C:\Users\Tams\.recently-used.xbel
[2012/05/22 18:07:10 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE2.dat
[2012/05/19 20:15:05 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/05/05 14:40:03 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE1.dat
[2012/04/26 12:22:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 13:16:39 | 000,000,396 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/03/09 13:15:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/03/01 20:37:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/01 20:37:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/02/24 22:55:40 | 000,000,043 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/02/24 22:55:40 | 000,000,024 | ---- | C] () -- C:\Users\Tams\random.dat
[2012/02/24 15:43:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\D5uninst.dll
[2012/02/24 15:43:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2012/02/24 14:08:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/24 13:24:20 | 000,007,590 | ---- | C] () -- C:\Users\Tams\AppData\Local\Resmon.ResmonCfg
[2012/02/21 14:47:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 14:47:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 14:47:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 11:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

TechieRanger
2012-10-06, 02:26
C:\_OTL\MovedFiles\09272012_004248\C_ProgramData\9CB2PVYe52Lx0U.exe a variant of Win32/Kryptik.ALUS trojan
The ESET scan looks nice. This file will be removed when we remove our tools. :)

We will be doing some updating next.:D:

Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe).
Save it to your Desktop.
Double click on SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please Copy/paste the contents of that document.


In your next reply, please provide the following:

Security Check log.
Update on how your PC is running.




Regards,

Richard:greeting:

y_molina
2012-10-06, 18:16
I'm glad you thought the scan looked good. I was worried when I saw the threats. :)

Below is the log.

Thanks,
Tammy


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.0
Java(TM) 6 Update 27
Java(TM) 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Thunderbird (15.0.1)
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

TechieRanger
2012-10-08, 02:15
If you are not having any other malware problems, it is time to do our final steps:

I'm pleased to let you know that the infections seem to have been taken care of!:2thumb:

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

Now, we need to do some house cleaning. You have out of date programs that leave you susceptible to future malware infections, so we will be updating those as well.:cleaning:

Step 1

Create a new, clean System Restore point
-------------
Create a new, clean System Restore point which you can use in case of future system problems:

Click Start > Right click on Computer, and select Properties.
Click on the System Protection link, located on the left hand side panel.
Press Create, type a name then press the Create button and once it's done press Close.

Now remove old, infected System Restore points:

Click Start > in the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
Select the C: drive and click OK.
Ensure the following boxes are checked:

Recycle Bin
Temporary Files
Temporary Internet Files


Select the Clean Up System Files button.
Select the C: drive and click OK.
Select the More Options tab and under System Restore and Shadow Copies, click the Clean up button.
Select Delete, press Delete Files and OK to confirm.

Step 2

OTL CleanUp and Leftover Tool/Log Removal

Run OTL.exe

Click the green CleanUp! button on the OTL start screen.
Accept any prompts to let the program proceed.
This will remove any tools we used, including itself, and will require a reboot.

Leftover Tool/Log Removal

Please remove the following logs/tools left on your Desktop (Right click and delete them.):


SecurityCheck.exe
checkup.txt
AdwCleaner[S1].txt
esetscan.txt
mbam-log-2012-10-04 (09-34-41).txt
listparts64.exe
Result.txt
fix.txt
MBR.dat
MBR.zip


After deleting these, please empty your Recycle Bin. To do this navigate to your Desktop, right click on the Recycle Bin icon and select Empty Recycle Bin.

Step 3

Re-hide hidden files

Open the Control Panel, click Appearance and Personalization, and then click Folder Options.
Click the View tab.
Under Advanced settings, click Don't show hidden files, folders, or drives, and then click OK.

Step 4

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

Please Verify your Java Version (http://www.java.com/en/download/installed.jsp)

If your version is out of date, install the newest version of the Sun Java Runtime Environment (http://majorgeeks.com/Sun_Java_Runtime_Environment_d7567.html).

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Remove any older versions:

Click on Start > Control Panel.
Click on Programs and Features.
Select the following from the list:


Java(tm) 6 Update 27 (64-bit)
Java(tm) 6 Update 27
Java(tm) 7 Update 4


Click the Uninstall button.

Step 5

Clean out your Temporary files

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your Desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator.

TFC will close all programs when run, so make sure you have saved all your work before you begin.

Click the Start button to begin the cleaning process.
Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Step 6

Update your AntiVirus Software

It is imperative that you update your antivirus software at least once a week. The best solution is to enable automatic updates. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.

Please see below for tips on how to better protect your computer from future malware infections.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft (http://v4.windowsupdate.microsoft.com/en/default.asp) and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them (http://www.microsoft.com/protect/yourself/password/create.mspx) and consider a password keeper (http://keepass.info/), to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)


Malwarebyte's Anti-Malware

Malwarebyte's Anti-Malware is an excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Emergency Recovery Utility NT

You should keep a copy of ERUNT (http://www.larshederer.homepage.t-online.de/erunt/index.htm) installed as a means to create a complete backup of your registry and restore it when needed.

Make your Internet Explorer more secure

Please follow these instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next, press the Apply button and then the OK to exit the Internet Properties page.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
WOT (http://www.mywot.com/), Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go
Yellow for caution
Red to stop


WOT has an add-on available for both Firefox and IE.

SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions to ask? Please do not hesitate to do so.



Regards,

Richard:greeting:

y_molina
2012-10-09, 18:21
Ok I think I have done everything.

They wanted me to pay for my antivirus so I went ahead unintalled it and downloaded Microsoft Security Essentials. I hope that is OK.

I so appreciate the time you spend on helping me! You explained things very well and step by step. I hope, with the tools that you gave me to download, that I won't have to bug you again. :)

Thanks!
Tammy

TechieRanger
2012-10-09, 21:14
You're very welcome!:D:

I think Microsoft Security Essentials is a great choice for protection.:2thumb:



Regards,

Richard:greeting:

oldman960
2012-10-24, 04:13
Since this issue appears to be resolved ... this Topic has been closed.