Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Several Spyware Issues

Started by smuckerzs , Feb 09 2012 02:06 PM

Please log in to reply

#1
smuckerzs

Posted 09 February 2012 - 02:06 PM

Member

Member
26 posts

Hello, Here is the OTL. Txt file from the scan:

OTL logfile created on: 2/9/2012 2:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\justin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 65.32% Memory free
12.09 Gb Paging File | 10.16 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 522.18 Gb Free Space | 76.39% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.33 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive F: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAHJA | User Name: justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\justin\Downloads\OTL.exe
PRC - [2012/01/12 00:33:53 | 000,177,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/02/04 04:17:18 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
PRC - [2009/07/07 09:37:58 | 001,724,416 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WNA1000\WNA1000.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 10:03:14 | 000,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/12 23:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2004/06/13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe

========== Modules (No Company Name) ==========

MOD - [2007/08/08 16:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Lexmark Z2300 Series\iptk.dll
MOD - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/09/06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/22 15:49:11 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/06 07:07:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/10 04:03:22 | 000,902,656 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/19 22:50:32 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdpcoms.exe -- (lxdp_device)
SRV:64bit: - [2006/11/03 18:07:28 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2012/01/12 00:33:53 | 000,177,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/10/05 14:50:42 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 10:27:05 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/10/14 00:04:40 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/22 15:47:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/24 13:23:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 10:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1000\jswpsapi.exe -- (jswpsapi)
SRV - [2007/11/19 17:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)
SRV - [2004/06/13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/28 17:10:12 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/01 20:44:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/01/13 09:30:00 | 000,560,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WNA1000.sys -- (WNA1000)
DRV:64bit: - [2008/10/01 15:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/10 04:03:26 | 004,658,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/09/10 04:03:26 | 004,658,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/18 17:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/01 23:42:48 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/04/01 23:42:44 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/04/01 23:42:42 | 000,087,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/28 20:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 20:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2012/02/07 03:34:53 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.003\EX64.SYS -- (NAVEX15)
DRV - [2012/02/07 03:34:53 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/07 03:34:53 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/07 03:34:53 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.003\ENG64.SYS -- (NAVENG)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120208.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/09/01 20:44:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090124
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090124
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=6090124
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.mywebs...7SQ&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\justin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/07 03:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/09 13:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 03:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/07 18:00:01 | 000,000,000 | ---D | M]

[2011/03/06 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Extensions
[2010/10/19 20:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/01/10 21:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions
[2011/03/06 16:25:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/20 16:16:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/10 21:52:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/21 15:00:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505}
[2011/05/28 20:13:56 | 000,002,469 | ---- | M] () -- C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\5738a74f.default\searchplugins\safesearch.xml
[2011/12/21 08:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/07 03:56:05 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/07 03:56:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/07 03:56:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! ()
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (no name) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\SysNative\HCIMNTR.DLL (Logitech Inc.)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxdpmon.exe] C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A06CE5B-D159-4F47-8C64-F8325CD80315}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4931226-4902-4CD5-BED1-D6CFD967BA78}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BB3FC6-A3FA-4A36-9F5C-5D4D39303058}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\justin\Pictures\Desktop Backs & Savers\summer.jpg
O24 - Desktop BackupWallPaper: C:\Users\justin\Pictures\Desktop Backs & Savers\summer.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/13 14:11:22 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\install.EXE id= ver=1.0.0.0
O33 - MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\Shell - "" = AutoRun
O33 - MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\Shell\AutoRun\command - "" = L:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\justin\AppData\Roaming\Masque
[2012/01/30 14:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masque Games
[2012/01/30 14:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Masque Slots Dual Pack
[2012/01/12 09:31:21 | 000,000,000 | ---D | C] -- C:\ConvergysHealthChecker
[2011/12/23 23:18:25 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdppmui.dll
[2011/12/23 23:18:25 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpinpa.dll
[2011/12/23 23:18:25 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpiesc.dll
[2011/12/23 23:18:24 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpserv.dll
[2011/12/23 23:18:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomc.dll
[2011/12/23 23:18:24 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpusb1.dll
[2011/12/23 23:18:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdphbn3.dll
[2011/12/23 23:18:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcoms.exe
[2011/12/23 23:18:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdplmpm.dll
[2011/12/23 23:18:24 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomm.dll
[2011/12/23 23:18:24 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcfg.exe
[2011/12/23 23:18:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpih.exe
[2011/12/23 23:18:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpprox.dll
[2009/07/23 22:41:21 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\justin\AppData\Roaming\DataSafeDotNet.exe
[2009/03/04 21:34:36 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2009/03/04 21:34:36 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2009/03/04 21:34:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2009/03/04 21:34:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2009/03/04 21:34:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2009/03/04 21:34:34 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2009/03/04 21:34:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2009/03/04 21:34:34 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2009/03/04 21:34:34 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2009/03/04 21:34:34 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2009/03/04 21:34:34 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2009/03/04 21:34:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2009/03/04 21:34:33 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2009/03/04 21:34:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2009/03/04 21:34:33 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\justin\Desktop\*.tmp files -> C:\Users\justin\Desktop\*.tmp -> ]
[1 C:\Users\justin\*.tmp files -> C:\Users\justin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 14:47:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/09 13:43:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 13:43:26 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/02/09 13:43:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/09 13:43:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/09 13:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/09 13:40:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/09 13:00:05 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 10:32:14 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012/02/07 03:19:51 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/07 03:18:52 | 003,032,730 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012/02/06 11:24:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/30 14:25:51 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\Slots Dual Pack.lnk
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012/01/19 12:09:08 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:09:08 | 000,613,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:09:08 | 000,107,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\justin\Desktop\*.tmp files -> C:\Users\justin\Desktop\*.tmp -> ]
[1 C:\Users\justin\*.tmp files -> C:\Users\justin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/09 13:00:05 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:25:51 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\Slots Dual Pack.lnk
[2011/12/23 23:18:25 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDPinst.dll
[2011/12/23 23:18:25 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdpcomx.dll
[2011/12/21 15:01:02 | 000,000,680 | ---- | C] () -- C:\Users\justin\AppData\Local\d3d9caps.dat
[2011/05/18 17:00:37 | 000,001,940 | ---- | C] () -- C:\Users\justin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/13 10:25:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/13 10:25:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/16 20:04:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/02 12:30:22 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011/04/02 12:30:13 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/02 12:30:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/04/02 12:29:11 | 000,000,312 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/02 12:29:11 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/02 12:24:34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/04/02 12:24:34 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/04/02 12:16:25 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/12/11 22:55:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/04/26 15:58:03 | 000,000,094 | ---- | C] () -- C:\Users\justin\AppData\Local\fusioncache.dat
[2010/04/25 10:56:05 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/17 15:13:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/17 14:41:41 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/11/22 09:42:50 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/09/16 21:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 21:39:05 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/16 21:38:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/31 22:28:51 | 000,000,074 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2009/03/04 21:34:36 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2009/03/04 21:34:35 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2009/03/04 21:34:35 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2009/03/04 21:34:35 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2009/03/04 21:34:35 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2009/03/04 21:34:35 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2009/03/04 21:34:35 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2009/03/04 21:34:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2009/03/04 21:34:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2009/03/04 21:34:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2009/02/24 21:04:20 | 000,010,240 | ---- | C] () -- C:\Users\justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 22:48:18 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/01/24 11:43:59 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/24 11:21:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/01/24 09:01:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/24 03:56:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/12/11 18:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 18:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/03/07 22:23:14 | 000,000,000 | -HSD | M] -- C:\Users\justin\AppData\Roaming\.#
[2011/10/04 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\.myPANTONE palettes
[2009/03/18 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\888poker.net
[2010/03/25 11:52:41 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Absolutist
[2009/07/25 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\acccore
[2010/02/28 19:27:27 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Alawar
[2010/09/03 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/13 08:26:44 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\ElementalsTheMagicKey
[2010/02/25 15:02:04 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Fabulous Finds
[2010/01/08 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Farm Mania 2
[2011/04/30 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\funkitron
[2011/03/27 10:53:52 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\GAS Softwares
[2010/02/25 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Home Sweet Home
[2010/01/17 15:20:09 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\iWin
[2010/02/24 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Jane s Hotel Family Hero
[2009/08/10 10:07:26 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Ludia
[2012/01/30 23:05:43 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Masque
[2010/12/11 22:58:19 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Meridian93
[2010/02/26 10:57:07 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\My Games
[2010/12/01 21:01:13 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Old Castle
[2011/04/02 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PC-FAX TX
[2010/02/25 21:29:24 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PlayFirst
[2010/03/01 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Playrix Entertainment
[2010/02/23 13:45:01 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PoBros
[2010/02/28 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Pogo Games
[2010/03/30 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Singlesnet
[2009/11/01 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\SpinTop
[2009/11/01 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\SpinTop Games
[2012/02/09 12:50:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Tific
[2010/02/23 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\TitanicMystery
[2010/02/25 10:11:12 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Virtual City
[2009/06/12 08:20:33 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\VTExtra
[2009/06/30 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\WeatherBug
[2012/02/06 11:24:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/02/09 13:43:26 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2012/02/09 13:40:49 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:F38450C8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DD392FDD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:CE524528
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:A31BF83C
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:5E3B85EF
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BFA9D961
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FBEADB83
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8C065E0D
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:2F79DE1D
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:701AFF06
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7FFEB376
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:26FD8642
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DD58AA6F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:79EB58D0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:892AEA67
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:47ADFAF3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C15FE8A0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:30079599
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22B9F101
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5ABFC306
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:82EAABC0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2CA54532
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:100CB1DD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2117D4B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9CF56DF4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7CC0A3F3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6B15C5BC
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:404D80C3
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9A8B14C1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CE276B4F

< End of report >

Okmy PC has been running like crap for sometime. But now its at the point that I cannot even surf the internet. The pages are redirected to a page with a blue S, safesearch. They are also redirected and I get these errors:

click.findsearchenginereults.com
us.data.toolbar.yahoo.com
bizzclick.com
are taking to long to respond.

I also get alot of unable to contact server errors and when I type in a site directly, the pages wont load.

Please help, I am so frustrated with this!

Thank you in advanced for any assitance!
Jenn

PS. There was also and extras.txt file that came with the OTL scan, I will paste it below just in case.

OTL Extras logfile created on: 2/9/2012 2:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\justin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 65.32% Memory free
12.09 Gb Paging File | 10.16 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 522.18 Gb Free Space | 76.39% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.33 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive F: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAHJA | User Name: justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe (Adobe Systems, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E8 01 8F E2 4A 56 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21979710-6E07-4EDA-842E-6309C5C03FBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{51C2824F-31C4-4708-B9C7-9497FCFB5853}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{542C68A4-2F23-40EF-A0E3-93C83DE10E01}" = lport=139 | protocol=6 | dir=in | app=system |
"{616DAE7F-CF02-4470-BE03-DADC2C3084AC}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{65C09FD6-AB9D-4606-B0B7-A86F45980D9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8234188E-E9BB-4165-97E0-64EF9903FB5C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86198DF8-758F-4CDF-8794-BF79665F0110}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8972E9E8-3C6A-470D-BE6A-6127F61A48E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9CA535B4-F04D-44FB-AD67-F2C77855C92F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7466FE1-80E1-4836-B8F9-02DBDAE6D2F9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{B9C83212-09CA-49D4-9529-55F0A9B6861A}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE7C900D-1129-43FE-974A-97D15E398435}" = rport=139 | protocol=6 | dir=out | app=system |
"{C4104A15-4690-4F40-8D22-C595DAF7067A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3C77F27-8605-40A5-9C02-635C11E324AE}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D7496924-D5CC-4D40-8552-A2BCCB3EC42A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3D883BA-D387-4DC6-9091-BD9D97B0635A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC799A13-CF0C-414D-ACAE-3DB53BB39EE1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE0738A1-29C9-470F-B794-AABBAF87BF55}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5BEEAD-AA6D-4798-A41B-CF374A0FE66C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{0FF595DC-D970-4B9A-B4B8-C2F768131CD0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{0FFBDDF0-FA16-46B4-8A36-42552CF27928}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{1018912F-4973-41E8-9899-74C02C57EAF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{10572F6C-1B25-412A-BBAB-D42BEDAF5866}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile toolbar\troubleshooter.exe |
"{132229F5-2CD7-4A86-ADA7-8D2974448CB8}" = protocol=58 | dir=in | [email protected],-28545 |
"{18258A9E-60BD-4A0C-8FCB-EA6540F9464D}" = protocol=1 | dir=out | [email protected],-28544 |
"{26B147F1-1197-41F4-B653-6B2F50C734D1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26BBC7E4-2246-4969-8B36-C755CD7CAE79}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
"{29C5E260-415F-4C62-9A7D-D6ADA180C51B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
"{2F082918-ED67-4E4D-BDDE-92775D255FC7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{342DA2BC-7630-4955-B1DB-4372E3EE5926}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{383A1E18-E096-48E0-9491-D3C5EF882BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3C47A2C4-E91A-4830-B23F-148B0E72AA2B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdppswx.exe |
"{4036CA66-3313-4F8C-B175-92D5294A7FB0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4ABC2151-255A-47FF-AAD4-9D97BD50161C}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{4D429EC9-2531-4B86-9C8C-83C0271DF9F0}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{5114DB73-2C29-454F-A29B-B70249EE5078}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdppswx.exe |
"{58A0A300-5FBB-4A9B-B944-8FE34ECC53F9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{66A72199-C72F-4329-BF15-507F9EB74E3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A9F38C6-7782-4545-B220-F80E1ED4EBDD}" = protocol=58 | dir=out | [email protected],-28546 |
"{6B617CBB-FDDC-4EE6-A217-46544BF4F8E1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7391EE66-2880-4B39-9E6D-A71F028FFFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7394219B-3F0F-4015-966A-D5FFB2086062}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{748598D6-45D5-4235-BE6B-FB6EBAF083D2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7A120E89-8C2A-4DD5-8EE7-B26D6FEE4A22}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{884BB335-1170-4FEF-92E2-894FF32DFED6}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlcxcoms.exe |
"{8BABB57C-0146-459E-9081-1D7127C93DC0}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{8CAA5C8C-12A8-4B73-984D-F0B98119CC77}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark z2300 series\lxdpmon.exe |
"{8EBD0641-C1EF-4110-B1E7-7D93AAB0BB12}" = protocol=1 | dir=in | [email protected],-28543 |
"{901E1E70-EDA9-413B-9300-05D07C0716C1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxmon.exe |
"{967065B9-6B1F-4F81-B4EA-87D53D26FDAC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark z2300 series\lxdpmon.exe |
"{98A744C1-ADEB-4B58-B1D9-D8564D3F43A6}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile toolbar\toolbarupdate.exe |
"{98E2C367-4439-4267-BCEB-DBFF18CF0D65}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{9FE48D15-D366-4E7A-AC51-FF1410117186}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{AFB6D29A-8382-4DC7-88DE-2908364B930F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxmon.exe |
"{BA967A19-E942-4475-95D7-3DCFE0A90830}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BCFA40C7-C538-47FD-9AA8-46351B1D3296}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlcxcoms.exe |
"{C1CE77C5-786D-4809-B209-CD07DC79B458}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C446BC3D-7271-4DFF-B2BC-2F16E542B1DE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{C62A7F88-1F05-4D1F-B15D-1CC75CABA993}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{D4AA51CC-4197-42AD-A1B9-EC162EE9A1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAD16C9B-BEC0-4C6B-9515-771BE5FB2CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{DD4C662D-57B3-4E74-A914-7E64BE12F6BD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E00D6C64-D0D7-467E-BC7D-9CD55B0BBBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxaiox.exe |
"{EDC311B1-D3DC-496B-B502-6794B80F3816}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile toolbar\troubleshooter.exe |
"{F3BB57A1-8680-47CD-A647-AEC01F1E87B8}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile toolbar\toolbarupdate.exe |
"{FD757304-E0E9-4DF2-A0CF-32C6B2338E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxaiox.exe |
"TCP Query User{10DC4BF8-C5AB-4C0D-B8FF-80A1B29D59AD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5E1D5222-9976-47EC-9EEB-739D99539B56}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6B79B6C1-82B0-4F7F-B465-D6DF0AB6D2A0}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{8AD0279E-B905-4097-8B42-078E52C47121}C:\program files (x86)\adobe\adobe flash cs4\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
"TCP Query User{9425BA59-F924-48A4-B7F1-4BD073C42500}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{331F1132-233E-4B2B-8ED1-FB7CD5A389F0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{547BE8ED-43E5-41E7-BB0A-30C89E8D9E3A}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{C107A2CA-75DC-4F33-835F-FDAEC0FBF151}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C9D76870-2CF9-440E-802C-E11F4CBAEF65}C:\program files (x86)\adobe\adobe flash cs4\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
"UDP Query User{FEDB7D23-0A05-47F9-B2D4-5FACF2A77C14}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA0F68A4-CC52-D061-C239-CC54377E9B79}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0527E89C-E8B9-745F-8B7A-96530A214E54}" = Catalyst Control Center Localization Japanese
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A82E70-97F4-3BA9-65DB-692632659387}" = Catalyst Control Center InstallProxy
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DF30031-F15F-FD36-D9F8-EBC23B901894}" = Catalyst Control Center Graphics Light
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CD69C4-CF39-FCFC-3C36-02A6AEC62C42}" = CCC Help Spanish
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E61121B-87BA-469B-A294-2516B20AC1D1}" = WNA1000
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22D643F2-0DAA-4DB4-0B3F-C5B0B6F5AEC8}" = Catalyst Control Center Localization Polish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241FFFDE-06A1-BA33-1980-FC06F2F43ACD}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E35857A-0A45-D90C-7F9F-2C6EED18DF11}" = CCC Help French
"{2F179735-F134-7E5F-9494-E2C5C39F0FBE}" = CCC Help Portuguese
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{306CD8FB-C567-F39C-8A3C-752AFE392023}" = CCC Help Korean
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921564E-11A7-27AC-8D6F-D5FCA33DD083}" = Skins
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9016D4-5AD8-3A77-5A75-8C89C68992CD}" = Catalyst Control Center Graphics Previews Vista
"{4011B00E-26BE-7867-3D2C-BA85CF737C8B}" = Catalyst Control Center Localization Korean
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42A28621-B822-4B7B-8D91-6D14CB4E6292}" = Masque Slots Dual Pack
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DF6A05-B79C-0AA4-EF59-843EFE398E3D}" = Catalyst Control Center Localization French
"{463E450F-401B-37D8-CD6C-8782D755AB86}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51114DCF-C263-88F0-937D-A80930617A8B}" = CCC Help Chinese Standard
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C883FB3-9F17-C9F6-3D74-D2C2DAC3FA0D}" = Catalyst Control Center Localization Chinese Traditional
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60B3718D-B81B-FBFE-C6F8-88BAF5934C17}" = Catalyst Control Center Localization German
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69724AEA-DC5F-BF91-A2B3-9B97422173BC}" = ccc-core-static
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A08D9B3-5E90-CDEA-3796-1E5C7AAD7F7D}" = Catalyst Control Center Localization Italian
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8123165F-1AED-4B2A-9C70-BB42A777C97C}" = CCC Help Hungarian
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8841C16B-EACC-82C0-18BC-7767CC9E740D}" = Catalyst Control Center Localization Spanish
"{892B4819-7E37-9C59-3A8C-7AE8A8261A7D}" = Catalyst Control Center Localization Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9131B5A5-DCA5-8F8A-5799-14F7B0C0E97D}" = Catalyst Control Center Localization Hungarian
"{925E788B-7624-F7BD-E331-2039774A2688}" = CCC Help Thai
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{960DD947-B41A-2503-4079-E1EA314A4962}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2BDAD24-875E-FDCA-1512-52F76435F5EE}" = CCC Help Italian
"{A3E66D20-B986-0D55-7000-9A9427F51C54}" = Catalyst Control Center Localization Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1CC33D7-54AF-4874-B871-5F968C119276}" = GX e3300N User Guide
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B88A3C98-CB4D-E3C2-DE49-EDAF1DC55CC1}" = CCC Help English
"{B94F6A6A-56CB-465E-885E-CB099331E456}" = Convergys Health Checker
"{B9C73F69-63B7-552D-72D8-3C22B6B1A3E7}" = Catalyst Control Center Graphics Full New
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CE44ABFE-FAF9-3C62-1D27-C8B64C3DD321}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC1C90B-E9A4-F656-BCA2-2A71ECCBD8F5}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D62C1FAE-4092-A40C-CB31-4372494808CC}" = CCC Help German
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB7A862-71A2-C615-F620-5944F7FE8172}" = Catalyst Control Center Localization Turkish
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E01A8BFE-96AB-FEA3-4A3B-EEF9849D1E24}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F569596C-049F-BF15-E0A9-B7605D9B181E}" = Catalyst Control Center Core Implementation
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7D39F49-4D13-FEAB-CAB5-E508336F074B}" = CCC Help Chinese Traditional
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AIM_6" = AIM 6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.309
"InstallShield_{1E61121B-87BA-469B-A294-2516B20AC1D1}" = Wireless-N 150 USB Adapter WNA1000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"N360" = Norton 360
"NortonPCCheckup" = Norton PC Checkup
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TTB000001.TTB000001Toolbar" = CouponBar
"ULSdb" = ULSdb (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualLightBox" = VisualLightBox
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge" = Zuma's Revenge (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"oDVT" = oDesk Team
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 12:41:59 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 11606
Description =

Error - 7/21/2010 12:41:59 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 11606
Description =

Error - 7/21/2010 12:41:59 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 1024
Description =

Error - 7/21/2010 12:58:01 PM | Computer Name = GRUMPY | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2010 4:52:26 PM | Computer Name = GRUMPY | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2010 7:33:25 PM | Computer Name = GRUMPY | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 7/22/2010 6:41:12 PM | Computer Name = GRUMPY | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2010 6:47:13 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 11606
Description =

Error - 7/22/2010 6:47:13 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 11606
Description =

Error - 7/22/2010 6:47:13 PM | Computer Name = GRUMPY | Source = MsiInstaller | ID = 1024
Description =

[ OSession Events ]
Error - 6/15/2009 8:03:48 PM | Computer Name = GRUMPY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/10/2010 11:54:51 AM | Computer Name = GRUMPY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/9/2012 2:41:04 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/9/2012 2:43:17 PM | Computer Name = Rahja | Source = Print | ID = 19
Description = The print spooler failed to share printer Dell PC Fax with shared
resource name Dell PC Fax. Error 2114. The printer cannot be used by others on the
network.

Error - 2/9/2012 2:43:58 PM | Computer Name = Rahja | Source = Service Control Manager | ID = 7000
Description =

Error - 2/9/2012 2:44:18 PM | Computer Name = Rahja | Source = DCOM | ID = 10016
Description =

Error - 2/9/2012 2:49:15 PM | Computer Name = Rahja | Source = Service Control Manager | ID = 7022
Description =

Error - 2/9/2012 2:55:06 PM | Computer Name = Rahja | Source = DCOM | ID = 10005
Description =

Error - 2/9/2012 2:55:06 PM | Computer Name = Rahja | Source = Service Control Manager | ID = 7009
Description =

Error - 2/9/2012 2:55:06 PM | Computer Name = Rahja | Source = Service Control Manager | ID = 7000
Description =

Error - 2/9/2012 2:58:16 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/9/2012 2:58:20 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

#2
RKinner

Posted 09 February 2012 - 10:55 PM

Malware Expert

Expert
24,625 posts

Uninstall
Java™ 6 Update 24
Java™ 6 Update 7 - Get latest Java from java.com
Ask Toolbar
Adobe Reader 9.4.6 - get latest Reader from adobe.com
Adobe Flash Player 10 ActiveX - get latest Flash from adobe.com must use IE to get it
Yahoo! Toolbar
Yahoo! BrowserPlus 2.9.8

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
[2011/12/20 16:16:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/10 21:52:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/21 15:00:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No CLSID value found.
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim6] File not found
O33 - MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\install.EXE id= ver=1.0.0.0
O33 - MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\Shell - "" = AutoRun
O33 - MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\Shell\AutoRun\command - "" = L:\setup.exe -a
[2012/02/09 13:43:26 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:F38450C8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DD392FDD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:CE524528
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:A31BF83C
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:5E3B85EF
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BFA9D961
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FBEADB83
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8C065E0D
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:2F79DE1D
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:701AFF06
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7FFEB376
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:26FD8642
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DD58AA6F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:79EB58D0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:892AEA67
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:47ADFAF3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C15FE8A0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:30079599
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22B9F101
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5ABFC306
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:82EAABC0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2CA54532
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:100CB1DD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2117D4B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9CF56DF4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7CC0A3F3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6B15C5BC
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:404D80C3
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9A8B14C1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CE276B4F

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE the free version of Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3
smuckerzs

Posted 10 February 2012 - 03:51 PM

Member

Topic Starter
Member
26 posts

Hi, thanks for the help, here is the output on everything requested. I also made A copy of my results in word with seperations of my comments, if that helps. I will try to seperate them here before I submit so its easier to read.

(Was unable to find ask toolbar to uninstall)

OTl log after running fix:
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632 removed from extensions.enabledItems
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505}\defaults\preferences folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505}\defaults folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505}\chrome folder moved successfully.
C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{969dded0-2969-473a-8df7-b5f828206505} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ab5fb2c-e9f4-11dd-805a-806e6f6e6963}\ not found.
File F:\install.EXE id= ver=1.0.0.0 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21ed42bf-2e6c-11e1-a68c-00197ee6a641}\ not found.
File L:\setup.exe -a not found.
C:\Windows\Tasks\PCConfidential.job moved successfully.
ADS C:\ProgramData\TEMP:F38450C8 deleted successfully.
ADS C:\ProgramData\TEMP:DD392FDD deleted successfully.
ADS C:\ProgramData\TEMP:CE524528 deleted successfully.
ADS C:\ProgramData\TEMP:837546C7 deleted successfully.
ADS C:\ProgramData\TEMP:A31BF83C deleted successfully.
ADS C:\ProgramData\TEMP:5E3B85EF deleted successfully.
ADS C:\ProgramData\TEMP:BFA9D961 deleted successfully.
ADS C:\ProgramData\TEMP:FBEADB83 deleted successfully.
ADS C:\ProgramData\TEMP:8C065E0D deleted successfully.
ADS C:\ProgramData\TEMP:2F79DE1D deleted successfully.
ADS C:\ProgramData\TEMP:701AFF06 deleted successfully.
ADS C:\ProgramData\TEMP:C210B4D5 deleted successfully.
ADS C:\ProgramData\TEMP:7FFEB376 deleted successfully.
ADS C:\ProgramData\TEMP:26FD8642 deleted successfully.
ADS C:\ProgramData\TEMP:DD58AA6F deleted successfully.
ADS C:\ProgramData\TEMP:C04C48D4 deleted successfully.
ADS C:\ProgramData\TEMP:A73EAFFB deleted successfully.
ADS C:\ProgramData\TEMP:3325D6E9 deleted successfully.
ADS C:\ProgramData\TEMP:79EB58D0 deleted successfully.
ADS C:\ProgramData\TEMP:D72D7897 deleted successfully.
ADS C:\ProgramData\TEMP:2DF54B62 deleted successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
ADS C:\ProgramData\TEMP:892AEA67 deleted successfully.
ADS C:\ProgramData\TEMP:47ADFAF3 deleted successfully.
ADS C:\ProgramData\TEMP:C15FE8A0 deleted successfully.
ADS C:\ProgramData\TEMP:89C6F032 deleted successfully.
ADS C:\ProgramData\TEMP:5466F106 deleted successfully.
ADS C:\ProgramData\TEMP:30079599 deleted successfully.
ADS C:\ProgramData\TEMP:7E0EFF7B deleted successfully.
ADS C:\ProgramData\TEMP:22B9F101 deleted successfully.
ADS C:\ProgramData\TEMP:0E1DD4C5 deleted successfully.
ADS C:\ProgramData\TEMP:5ABFC306 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:82EAABC0 deleted successfully.
ADS C:\ProgramData\TEMP:2CA54532 deleted successfully.
ADS C:\ProgramData\TEMP:25EFDD27 deleted successfully.
ADS C:\ProgramData\TEMP:100CB1DD deleted successfully.
ADS C:\ProgramData\TEMP:2117D4B2 deleted successfully.
ADS C:\ProgramData\TEMP:9CF56DF4 deleted successfully.
ADS C:\ProgramData\TEMP:7CC0A3F3 deleted successfully.
ADS C:\ProgramData\TEMP:6B15C5BC deleted successfully.
ADS C:\ProgramData\TEMP:404D80C3 deleted successfully.
ADS C:\ProgramData\TEMP:9A8B14C1 deleted successfully.
ADS C:\ProgramData\TEMP:CE276B4F deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\justin\Desktop\cmd.bat deleted successfully.
C:\Users\justin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\justin\Desktop\cmd.bat deleted successfully.
C:\Users\justin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\justin\Desktop\cmd.bat deleted successfully.
C:\Users\justin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\justin\Desktop\cmd.bat deleted successfully.
C:\Users\justin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: justin
->Flash cache emptied: 2927932 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: justin
->Java cache emptied: 104683096 bytes

User: Public

Total Java Files Cleaned = 100.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02102012_100623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

The quick scan for malware bytes found 0 objects.
Malwarebytes log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.10.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
justin :: RAHJA [administrator]

2/10/2012 10:43:16 AM
mbam-log-2012-02-10 (10-43-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189085
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

COMBOFIX was not able to run successfully because it froze up the PC and I didn't know if I should run it again.
Tried several time to download TDSS Killer but it kept saying unable to read file so could not download.

Here is the log for the aswMBR: The fix button was NOT enabled.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 16:19:51
-----------------------------
16:19:51.837 OS Version: Windows x64 6.0.6002 Service Pack 2
16:19:51.837 Number of processors: 8 586 0x1A04
16:19:51.837 ComputerName: RAHJA UserName:
16:19:55.737 Initialize success
16:20:42.433 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:20:42.448 Disk 0 Vendor: ST3750630AS DE13 Size: 715404MB BusType: 3
16:20:42.464 Disk 0 MBR read successfully
16:20:42.464 Disk 0 MBR scan
16:20:42.464 Disk 0 Windows VISTA default MBR code
16:20:42.479 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
16:20:42.479 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
16:20:42.495 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699980 MB offset 31586304
16:20:42.495 Service scanning
16:20:43.774 Modules scanning
16:20:43.774 Scan finished successfully
16:21:26.715 Disk 0 MBR has been saved successfully to "C:\Users\justin\Desktop\geeks to go\MBR.dat"
16:21:26.715 The log file has been saved successfully to "C:\Users\justin\Desktop\geeks to go\aswMBR.txt"

After the sfc /scannow it said that there were file that were corrupt but unable to be fixed. There was NO log.

When trying to download the http://images.malwar...om/vino/VEW.exe my virus protection wouldnt allow me to because it said there was a threat found.

#4
RKinner

Posted 10 February 2012 - 04:08 PM

Malware Expert

Expert
24,625 posts

Uninstall Malwarebytes Anti-Malware.

Please Pause your Anti-Virus so it doesn't stop you from downloading and running VEW.

I just downloaded VEW then uploaded it to virustotal.com and it tells me it is clean:

SHA256: 8f747616645e7c224836e949dafda4a3da62f3a2347c41f671377e41c8458e95
File name: VEW(1).exe
Detection ratio: 0 / 43
Analysis date: 2012-02-10 21:58:40 UTC ( 1 minute ago )

Did you remember to pause the anti-virus when downloading and running Combofix?

That might also be why you can't get TDSSKiller.

Ron

#5
smuckerzs

Posted 10 February 2012 - 04:18 PM

Member

Topic Starter
Member
26 posts

Ok I will uninstall that. And yup I did disable the antivirus for combo mix, it had a red x on it. It is the Norton 360, however it did say it was running background tasks?

#6
smuckerzs

Posted 10 February 2012 - 04:32 PM

Member

Topic Starter
Member
26 posts

ok I got the tdss to download, here is the log:

17:23:51.0623 3264 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:23:53.0636 3264 ============================================================
17:23:53.0636 3264 Current date / time: 2012/02/10 17:23:53.0636
17:23:53.0636 3264 SystemInfo:
17:23:53.0636 3264
17:23:53.0636 3264 OS Version: 6.0.6002 ServicePack: 2.0
17:23:53.0636 3264 Product type: Workstation
17:23:53.0636 3264 ComputerName: RAHJA
17:23:53.0636 3264 UserName: justin
17:23:53.0636 3264 Windows directory: C:\Windows
17:23:53.0636 3264 System windows directory: C:\Windows
17:23:53.0636 3264 Running under WOW64
17:23:53.0636 3264 Processor architecture: Intel x64
17:23:53.0636 3264 Number of processors: 8
17:23:53.0636 3264 Page size: 0x1000
17:23:53.0636 3264 Boot type: Normal boot
17:23:53.0636 3264 ============================================================
17:23:55.0945 3264 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:23:55.0991 3264 \Device\Harddisk0\DR0:
17:23:55.0991 3264 MBR used
17:23:55.0991 3264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
17:23:55.0991 3264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000
17:23:56.0054 3264 Initialize success
17:23:56.0054 3264 ============================================================
17:24:06.0490 3236 ============================================================
17:24:06.0490 3236 Scan started
17:24:06.0490 3236 Mode: Manual;
17:24:06.0490 3236 ============================================================
17:24:08.0487 3236 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:24:08.0487 3236 ACPI - ok
17:24:08.0627 3236 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
17:24:08.0627 3236 adfs - ok
17:24:08.0705 3236 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:24:08.0721 3236 adp94xx - ok
17:24:08.0815 3236 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:24:08.0908 3236 adpahci - ok
17:24:08.0939 3236 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:24:08.0939 3236 adpu160m - ok
17:24:09.0033 3236 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:24:09.0033 3236 adpu320 - ok
17:24:09.0329 3236 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:24:09.0329 3236 AFD - ok
17:24:09.0392 3236 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:24:09.0392 3236 agp440 - ok
17:24:09.0501 3236 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:24:09.0532 3236 aic78xx - ok
17:24:09.0579 3236 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
17:24:09.0579 3236 aliide - ok
17:24:09.0641 3236 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:24:09.0641 3236 amdide - ok
17:24:09.0735 3236 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:24:09.0735 3236 AmdK8 - ok
17:24:09.0907 3236 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:24:09.0907 3236 arc - ok
17:24:10.0000 3236 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:24:10.0000 3236 arcsas - ok
17:24:10.0125 3236 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:10.0125 3236 AsyncMac - ok
17:24:10.0234 3236 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:24:10.0234 3236 atapi - ok
17:24:10.0889 3236 atikmdag (4ac28891bb930b0cdff8d958de34488a) C:\Windows\system32\DRIVERS\atikmdag.sys
17:24:10.0967 3236 atikmdag - ok
17:24:10.0999 3236 BCMH43XX - ok
17:24:11.0139 3236 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
17:24:11.0170 3236 BHDrvx64 - ok
17:24:11.0326 3236 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:24:12.0247 3236 blbdrive - ok
17:24:12.0621 3236 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:24:12.0699 3236 bowser - ok
17:24:13.0011 3236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:24:13.0011 3236 BrFiltLo - ok
17:24:13.0027 3236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:24:13.0027 3236 BrFiltUp - ok
17:24:13.0073 3236 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\DRIVERS\BrSerId.sys
17:24:13.0073 3236 Brserid - ok
17:24:13.0089 3236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:24:13.0089 3236 BrSerWdm - ok
17:24:13.0105 3236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:24:13.0105 3236 BrUsbMdm - ok
17:24:13.0120 3236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
17:24:13.0120 3236 BrUsbSer - ok
17:24:13.0167 3236 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
17:24:13.0167 3236 BthEnum - ok
17:24:13.0167 3236 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:24:13.0183 3236 BTHMODEM - ok
17:24:13.0198 3236 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
17:24:13.0198 3236 BthPan - ok
17:24:13.0245 3236 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
17:24:13.0245 3236 BTHPORT - ok
17:24:13.0276 3236 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
17:24:13.0276 3236 BTHUSB - ok
17:24:13.0323 3236 btwaudio (a44ad9ab3bf98a65eb58662e3c78eae0) C:\Windows\system32\drivers\btwaudio.sys
17:24:13.0323 3236 btwaudio - ok
17:24:13.0354 3236 btwavdt (a441d453821a6336f516f97f79bbfa17) C:\Windows\system32\drivers\btwavdt.sys
17:24:13.0354 3236 btwavdt - ok
17:24:13.0370 3236 btwrchid (b550c75397d96251a92391555fe5534c) C:\Windows\system32\DRIVERS\btwrchid.sys
17:24:13.0370 3236 btwrchid - ok
17:24:13.0495 3236 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:24:13.0510 3236 cdfs - ok
17:24:13.0541 3236 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:24:13.0541 3236 cdrom - ok
17:24:13.0573 3236 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:24:13.0573 3236 circlass - ok
17:24:13.0619 3236 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:24:13.0635 3236 CLFS - ok
17:24:13.0666 3236 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:24:13.0666 3236 cmdide - ok
17:24:13.0697 3236 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
17:24:13.0697 3236 Compbatt - ok
17:24:13.0713 3236 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:24:13.0713 3236 crcdisk - ok
17:24:13.0807 3236 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:24:13.0807 3236 DfsC - ok
17:24:13.0869 3236 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:24:13.0869 3236 disk - ok
17:24:14.0867 3236 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:24:14.0867 3236 drmkaud - ok
17:24:15.0164 3236 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:24:15.0226 3236 DXGKrnl - ok
17:24:15.0429 3236 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
17:24:15.0445 3236 e1express - ok
17:24:15.0476 3236 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:24:15.0476 3236 E1G60 - ok
17:24:15.0679 3236 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
17:24:15.0710 3236 e1yexpress - ok
17:24:15.0788 3236 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:24:15.0803 3236 Ecache - ok
17:24:15.0881 3236 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:24:15.0897 3236 eeCtrl - ok
17:24:15.0913 3236 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:24:15.0913 3236 elxstor - ok
17:24:15.0975 3236 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
17:24:15.0975 3236 EraserUtilDrv11122 - ok
17:24:16.0006 3236 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:24:16.0006 3236 ErrDev - ok
17:24:16.0069 3236 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:24:16.0069 3236 exfat - ok
17:24:16.0100 3236 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:24:16.0100 3236 fastfat - ok
17:24:16.0131 3236 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:24:16.0131 3236 fdc - ok
17:24:16.0178 3236 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:24:16.0178 3236 FileInfo - ok
17:24:16.0193 3236 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:24:16.0209 3236 Filetrace - ok
17:24:16.0240 3236 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:24:16.0240 3236 flpydisk - ok
17:24:16.0287 3236 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:24:16.0287 3236 FltMgr - ok
17:24:16.0334 3236 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:24:16.0334 3236 fssfltr - ok
17:24:16.0349 3236 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:24:16.0349 3236 Fs_Rec - ok
17:24:16.0365 3236 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:24:16.0365 3236 gagp30kx - ok
17:24:16.0396 3236 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:24:16.0396 3236 GEARAspiWDM - ok
17:24:16.0474 3236 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
17:24:16.0474 3236 HdAudAddService - ok
17:24:16.0942 3236 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:24:16.0942 3236 HDAudBus - ok
17:24:17.0005 3236 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:24:17.0005 3236 HidBth - ok
17:24:17.0036 3236 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:24:17.0036 3236 HidIr - ok
17:24:17.0083 3236 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:24:17.0083 3236 HidUsb - ok
17:24:17.0114 3236 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:24:17.0114 3236 HpCISSs - ok
17:24:17.0161 3236 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:24:17.0161 3236 HTTP - ok
17:24:17.0192 3236 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:24:17.0192 3236 i2omp - ok
17:24:17.0223 3236 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:24:17.0223 3236 i8042prt - ok
17:24:17.0285 3236 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
17:24:17.0285 3236 iaStor - ok
17:24:17.0317 3236 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:24:17.0317 3236 iaStorV - ok
17:24:17.0457 3236 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120209.002\IDSvia64.sys
17:24:17.0473 3236 IDSVia64 - ok
17:24:17.0488 3236 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:24:17.0488 3236 iirsp - ok
17:24:17.0551 3236 IntcAzAudAddService (358a23acf3a78893eeacd4beb20953d5) C:\Windows\system32\drivers\RTKVHD64.sys
17:24:17.0582 3236 IntcAzAudAddService - ok
17:24:17.0613 3236 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
17:24:17.0613 3236 intelide - ok
17:24:17.0629 3236 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:24:17.0629 3236 intelppm - ok
17:24:17.0675 3236 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:24:17.0675 3236 IpFilterDriver - ok
17:24:17.0707 3236 IpInIp - ok
17:24:17.0738 3236 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:24:17.0738 3236 IPMIDRV - ok
17:24:17.0753 3236 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:24:17.0753 3236 IPNAT - ok
17:24:17.0800 3236 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:24:17.0800 3236 IRENUM - ok
17:24:17.0816 3236 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:24:17.0831 3236 isapnp - ok
17:24:17.0863 3236 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:24:17.0863 3236 iScsiPrt - ok
17:24:17.0878 3236 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:24:17.0878 3236 iteatapi - ok
17:24:17.0894 3236 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:24:17.0894 3236 iteraid - ok
17:24:17.0941 3236 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
17:24:17.0956 3236 JSWPSLWF - ok
17:24:17.0972 3236 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:24:17.0972 3236 kbdclass - ok
17:24:17.0987 3236 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:24:17.0987 3236 kbdhid - ok
17:24:18.0034 3236 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
17:24:18.0159 3236 KSecDD - ok
17:24:18.0190 3236 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:24:18.0190 3236 ksthunk - ok
17:24:18.0221 3236 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
17:24:18.0221 3236 Lbd - ok
17:24:18.0237 3236 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:24:18.0237 3236 lltdio - ok
17:24:18.0268 3236 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:24:18.0268 3236 LSI_FC - ok
17:24:18.0299 3236 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:24:18.0299 3236 LSI_SAS - ok
17:24:18.0346 3236 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:24:18.0346 3236 LSI_SCSI - ok
17:24:18.0377 3236 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:24:18.0377 3236 luafv - ok
17:24:18.0409 3236 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:24:18.0409 3236 megasas - ok
17:24:18.0455 3236 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:24:18.0455 3236 MegaSR - ok
17:24:18.0487 3236 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:24:18.0487 3236 Modem - ok
17:24:18.0518 3236 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:24:18.0518 3236 monitor - ok
17:24:18.0533 3236 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:24:18.0533 3236 mouclass - ok
17:24:18.0549 3236 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:24:18.0549 3236 mouhid - ok
17:24:18.0565 3236 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:24:18.0580 3236 MountMgr - ok
17:24:18.0596 3236 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:24:18.0596 3236 mpio - ok
17:24:18.0627 3236 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:24:18.0627 3236 mpsdrv - ok
17:24:18.0658 3236 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:24:18.0658 3236 Mraid35x - ok
17:24:18.0689 3236 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:24:18.0689 3236 MRxDAV - ok
17:24:18.0736 3236 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:18.0736 3236 mrxsmb - ok
17:24:18.0752 3236 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:18.0752 3236 mrxsmb10 - ok
17:24:18.0783 3236 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:18.0783 3236 mrxsmb20 - ok
17:24:18.0814 3236 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
17:24:18.0814 3236 msahci - ok
17:24:18.0830 3236 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:24:18.0830 3236 msdsm - ok
17:24:18.0861 3236 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:24:18.0861 3236 Msfs - ok
17:24:18.0892 3236 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:24:18.0892 3236 msisadrv - ok
17:24:18.0939 3236 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:24:18.0939 3236 MSKSSRV - ok
17:24:18.0955 3236 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:18.0955 3236 MSPCLOCK - ok
17:24:18.0970 3236 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:24:18.0970 3236 MSPQM - ok
17:24:19.0001 3236 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:24:19.0001 3236 MsRPC - ok
17:24:19.0033 3236 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:24:19.0033 3236 mssmbios - ok
17:24:19.0064 3236 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:24:19.0064 3236 MSTEE - ok
17:24:19.0079 3236 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:24:19.0079 3236 Mup - ok
17:24:19.0126 3236 NAL (b5a7ded4455d6d694091827dc91fed99) C:\Windows\system32\Drivers\iqvw64e.sys
17:24:19.0126 3236 NAL - ok
17:24:19.0157 3236 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:24:19.0173 3236 NativeWifiP - ok
17:24:19.0391 3236 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.034\ENG64.SYS
17:24:19.0469 3236 NAVENG - ok
17:24:19.0828 3236 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.034\EX64.SYS
17:24:19.0875 3236 NAVEX15 - ok
17:24:20.0140 3236 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:24:20.0156 3236 NDIS - ok
17:24:20.0327 3236 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:20.0327 3236 NdisTapi - ok
17:24:20.0483 3236 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:20.0483 3236 Ndisuio - ok
17:24:20.0842 3236 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:20.0858 3236 NdisWan - ok
17:24:20.0873 3236 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:24:20.0873 3236 NDProxy - ok
17:24:20.0889 3236 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:24:20.0889 3236 NetBIOS - ok
17:24:20.0936 3236 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:24:20.0936 3236 netbt - ok
17:24:20.0967 3236 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:24:20.0967 3236 nfrd960 - ok
17:24:20.0998 3236 NPF - ok
17:24:21.0045 3236 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:24:21.0045 3236 Npfs - ok
17:24:21.0061 3236 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:24:21.0061 3236 nsiproxy - ok
17:24:21.0123 3236 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:24:21.0139 3236 Ntfs - ok
17:24:21.0154 3236 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:24:21.0154 3236 Null - ok
17:24:21.0170 3236 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:24:21.0170 3236 nvraid - ok
17:24:21.0201 3236 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:24:21.0201 3236 nvstor - ok
17:24:21.0232 3236 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:24:21.0248 3236 nv_agp - ok
17:24:21.0263 3236 NwlnkFlt - ok
17:24:21.0295 3236 NwlnkFwd - ok
17:24:21.0560 3236 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:24:21.0560 3236 ohci1394 - ok
17:24:21.0591 3236 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
17:24:21.0591 3236 Packet - ok
17:24:21.0622 3236 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:24:21.0638 3236 Parport - ok
17:24:21.0669 3236 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:24:21.0669 3236 partmgr - ok
17:24:21.0700 3236 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
17:24:21.0716 3236 PCAMp50a64 - ok
17:24:21.0731 3236 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
17:24:21.0731 3236 PCASp50a64 - ok
17:24:21.0778 3236 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:24:21.0778 3236 pci - ok
17:24:21.0794 3236 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
17:24:21.0794 3236 pciide - ok
17:24:21.0825 3236 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:24:21.0825 3236 pcmcia - ok
17:24:21.0872 3236 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:24:21.0872 3236 PEAUTH - ok
17:24:21.0934 3236 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:24:21.0934 3236 PptpMiniport - ok
17:24:21.0965 3236 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:24:21.0965 3236 Processor - ok
17:24:21.0997 3236 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:24:22.0012 3236 PSched - ok
17:24:22.0028 3236 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
17:24:22.0028 3236 PxHlpa64 - ok
17:24:22.0075 3236 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:24:22.0090 3236 ql2300 - ok
17:24:22.0137 3236 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:24:22.0137 3236 ql40xx - ok
17:24:22.0168 3236 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:24:22.0168 3236 QWAVEdrv - ok
17:24:22.0355 3236 R300 (4ac28891bb930b0cdff8d958de34488a) C:\Windows\system32\DRIVERS\atikmdag.sys
17:24:22.0387 3236 R300 - ok
17:24:22.0418 3236 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:24:22.0418 3236 RasAcd - ok
17:24:22.0449 3236 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:24:22.0449 3236 Rasl2tp - ok
17:24:22.0480 3236 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:24:22.0480 3236 RasPppoe - ok
17:24:22.0527 3236 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:24:22.0527 3236 RasSstp - ok
17:24:22.0558 3236 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:24:22.0574 3236 rdbss - ok
17:24:22.0589 3236 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:24:22.0589 3236 RDPCDD - ok
17:24:22.0605 3236 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:24:22.0621 3236 rdpdr - ok
17:24:22.0621 3236 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:24:22.0621 3236 RDPENCDD - ok
17:24:22.0667 3236 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:24:22.0667 3236 RDPWD - ok
17:24:22.0745 3236 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
17:24:22.0745 3236 RFCOMM - ok
17:24:22.0761 3236 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:24:22.0761 3236 rspndr - ok
17:24:22.0792 3236 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:24:22.0808 3236 sbp2port - ok
17:24:22.0855 3236 SDDMI2 - ok
17:24:22.0886 3236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:24:22.0886 3236 secdrv - ok
17:24:22.0933 3236 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:24:22.0933 3236 Serenum - ok
17:24:22.0964 3236 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:24:22.0964 3236 Serial - ok
17:24:22.0995 3236 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:24:22.0995 3236 sermouse - ok
17:24:23.0042 3236 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:24:23.0042 3236 sffdisk - ok
17:24:23.0089 3236 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:24:23.0089 3236 sffp_mmc - ok
17:24:23.0135 3236 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:24:23.0135 3236 sffp_sd - ok
17:24:23.0151 3236 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:24:23.0151 3236 sfloppy - ok
17:24:23.0182 3236 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:24:23.0182 3236 SiSRaid2 - ok
17:24:23.0198 3236 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:24:23.0198 3236 SiSRaid4 - ok
17:24:23.0369 3236 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:24:23.0447 3236 Smb - ok
17:24:23.0915 3236 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:24:23.0915 3236 spldr - ok
17:24:24.0352 3236 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
17:24:24.0539 3236 SRTSP - ok
17:24:24.0586 3236 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
17:24:24.0586 3236 SRTSPX - ok
17:24:24.0727 3236 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:24:24.0727 3236 srv - ok
17:24:24.0758 3236 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:24:24.0758 3236 srv2 - ok
17:24:24.0805 3236 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:24:24.0805 3236 srvnet - ok
17:24:24.0867 3236 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:24:24.0867 3236 swenum - ok
17:24:24.0898 3236 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:24:24.0898 3236 Symc8xx - ok
17:24:24.0929 3236 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
17:24:24.0929 3236 SymDS - ok
17:24:24.0961 3236 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
17:24:24.0976 3236 SymEFA - ok
17:24:25.0007 3236 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:24:25.0007 3236 SymEvent - ok
17:24:25.0039 3236 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
17:24:25.0054 3236 SymIRON - ok
17:24:25.0085 3236 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS
17:24:25.0101 3236 SYMTDIv - ok
17:24:25.0132 3236 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:24:25.0148 3236 Sym_hi - ok
17:24:25.0163 3236 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:24:25.0179 3236 Sym_u3 - ok
17:24:25.0241 3236 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
17:24:25.0241 3236 Tcpip - ok
17:24:25.0288 3236 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
17:24:25.0288 3236 Tcpip6 - ok
17:24:25.0382 3236 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:24:25.0382 3236 tcpipreg - ok
17:24:25.0444 3236 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:24:25.0444 3236 TDPIPE - ok
17:24:25.0475 3236 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:24:25.0475 3236 TDTCP - ok
17:24:25.0507 3236 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:24:25.0507 3236 tdx - ok
17:24:25.0538 3236 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:24:25.0538 3236 TermDD - ok
17:24:25.0600 3236 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:24:25.0600 3236 tssecsrv - ok
17:24:25.0647 3236 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:24:25.0647 3236 tunmp - ok
17:24:25.0694 3236 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:24:25.0694 3236 tunnel - ok
17:24:25.0725 3236 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:24:25.0725 3236 uagp35 - ok
17:24:25.0772 3236 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:24:25.0772 3236 udfs - ok
17:24:25.0959 3236 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:24:25.0959 3236 uliagpkx - ok
17:24:26.0006 3236 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:24:26.0006 3236 uliahci - ok
17:24:26.0021 3236 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:24:26.0021 3236 UlSata - ok
17:24:26.0068 3236 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:24:26.0068 3236 ulsata2 - ok
17:24:26.0099 3236 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:24:26.0099 3236 umbus - ok
17:24:26.0770 3236 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
17:24:26.0770 3236 usbaudio - ok
17:24:26.0833 3236 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:24:26.0833 3236 usbccgp - ok
17:24:26.0911 3236 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:24:26.0911 3236 usbcir - ok
17:24:26.0926 3236 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:24:26.0926 3236 usbehci - ok
17:24:26.0957 3236 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:24:26.0957 3236 usbhub - ok
17:24:26.0973 3236 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:24:26.0973 3236 usbohci - ok
17:24:27.0004 3236 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:24:27.0004 3236 usbprint - ok
17:24:27.0035 3236 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:24:27.0035 3236 usbscan - ok
17:24:27.0067 3236 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:24:27.0067 3236 USBSTOR - ok
17:24:27.0098 3236 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:24:27.0098 3236 usbuhci - ok
17:24:27.0129 3236 VERSALdr - ok
17:24:27.0160 3236 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:24:27.0160 3236 vga - ok
17:24:27.0191 3236 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:24:27.0191 3236 VgaSave - ok
17:24:27.0207 3236 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:24:27.0207 3236 viaide - ok
17:24:27.0238 3236 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:24:27.0238 3236 volmgr - ok
17:24:27.0269 3236 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:24:27.0285 3236 volmgrx - ok
17:24:27.0301 3236 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:24:27.0301 3236 volsnap - ok
17:24:27.0363 3236 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:24:27.0363 3236 vsmraid - ok
17:24:27.0425 3236 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:24:27.0425 3236 WacomPen - ok
17:24:27.0457 3236 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:24:27.0457 3236 Wanarp - ok
17:24:27.0457 3236 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:24:27.0457 3236 Wanarpv6 - ok
17:24:27.0503 3236 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:24:27.0503 3236 Wd - ok
17:24:27.0535 3236 Wdf01000 (dbb4397d703a755facb05486c449c507) C:\Windows\system32\drivers\Wdf01000.sys
17:24:27.0535 3236 Wdf01000 - ok
17:24:27.0597 3236 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:24:27.0613 3236 WmiAcpi - ok
17:24:27.0659 3236 WNA1000 (b5a32905b0c2e676ab5432ae1028e847) C:\Windows\system32\DRIVERS\WNA1000.sys
17:24:27.0659 3236 WNA1000 - ok
17:24:27.0706 3236 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:24:27.0706 3236 WpdUsb - ok
17:24:27.0753 3236 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:24:27.0753 3236 ws2ifsl - ok
17:24:27.0784 3236 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:24:27.0784 3236 WSDPrintDevice - ok
17:24:27.0831 3236 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:24:27.0831 3236 WUDFRd - ok
17:24:27.0862 3236 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:24:27.0909 3236 \Device\Harddisk0\DR0 - ok
17:24:27.0925 3236 Boot (0x1200) (f45ecc75a3050b58ae6c5132b7f74e28) \Device\Harddisk0\DR0\Partition0
17:24:27.0925 3236 \Device\Harddisk0\DR0\Partition0 - ok
17:24:27.0925 3236 Boot (0x1200) (f47c4fd28683628814693d2cabce6bee) \Device\Harddisk0\DR0\Partition1
17:24:27.0925 3236 \Device\Harddisk0\DR0\Partition1 - ok
17:24:27.0925 3236 ============================================================
17:24:27.0925 3236 Scan finished
17:24:27.0925 3236 ============================================================
17:24:27.0940 4236 Detected object count: 0
17:24:27.0940 4236 Actual detected object count: 0

Here are the scans for the VEW for system and application:

SYSTEM:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 10/02/2012 5:28:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2012 8:59:58 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 10/02/2012 8:59:24 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ULS VersaLaser Engraver Firmware Loader service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/02/2012 8:58:59 PM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer Dell PC Fax with shared resource name Dell PC Fax. Error 2114. The printer cannot be used by others on the network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

APPLICATION:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 10/02/2012 5:29:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/02/2012 8:59:24 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/02/2012 5:48:47 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2380949953-2287432058-1739909872-1000:
Process 3272 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-2380949953-2287432058-1739909872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2

Should i re-run combo fix?

#7
smuckerzs

Posted 11 February 2012 - 06:59 AM

Member

Topic Starter
Member
26 posts

I thought I should also mention that something just popped up on the PC that said svchost.exe high usage. Not sure what that is all about, but my internet is hardly working

#8
RKinner

Posted 11 February 2012 - 04:48 PM

Malware Expert

Expert
24,625 posts

See if you can get this to work:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#9
smuckerzs

Posted 11 February 2012 - 05:55 PM

Member

Topic Starter
Member
26 posts

Ok here are the logs of the scans you asked for:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by justin at 18:10:46 on 2012-02-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3300 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\dlcxcoms.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\lxdpcoms.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090124
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090124
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
mRun: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7A06CE5B-D159-4F47-8C64-F8325CD80315} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C4931226-4902-4CD5-BED1-D6CFD967BA78} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E9BB3FC6-A3FA-4A36-9F5C-5D4D39303058} : DhcpNameServer = 192.168.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
mRun-x64: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
mRun-x64: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\5738a74f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdp_device;lxdp_device;C:\Windows\system32\lxdpcoms.exe -service --> C:\Windows\system32\lxdpcoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-2-6 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2010-12-9 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2010-12-9 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-7-25 24652]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-16 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-22 1038088]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_service.exe [2011-10-5 161144]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-16 135664]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.txt=
.
=============== Created Last 30 ================
.
2012-02-11 09:16:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B1A8338-9167-4B4E-9478-2E873D3DDB3C}\offreg.dll
2012-02-11 08:40:37 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B1A8338-9167-4B4E-9478-2E873D3DDB3C}\mpengine.dll
2012-02-10 15:54:26 98816 ----a-w- C:\Windows\sed.exe
2012-02-10 15:54:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-10 15:54:26 256000 ----a-w- C:\Windows\PEV.exe
2012-02-10 15:54:26 208896 ----a-w- C:\Windows\MBR.exe
2012-02-10 15:54:15 -------- d-s---w- C:\ComboFix
2012-02-10 15:06:23 -------- d-----w- C:\_OTL
2012-02-10 03:36:31 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-02-07 23:02:16 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-02-06 20:28:59 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-06 20:28:59 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-06 20:28:59 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-06 20:28:59 432760 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symtdiv.sys
2012-02-06 20:28:59 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-06 20:28:59 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-06 20:28:59 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-06 20:28:48 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-02-06 20:22:20 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-02-06 20:22:20 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-02-06 20:22:20 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-02-06 20:22:20 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-02-06 20:22:19 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-02-06 20:22:19 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-02-06 20:22:19 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-02-06 20:22:19 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-02-06 20:22:19 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-01-30 19:26:00 -------- d-----w- C:\Users\justin\AppData\Roaming\Masque
2012-01-30 19:23:43 -------- d-----w- C:\Program Files (x86)\Masque Slots Dual Pack
.
==================== Find3M ====================
.
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-31 01:07:18 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 18:11:11.93 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/24/2009 3:57:02 AM
System Uptime: 2/10/2012 3:57:24 PM (27 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 520.551 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.334 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1207: 1/20/2012 12:08:07 AM - Scheduled Checkpoint
RP1208: 1/22/2012 5:22:56 PM - Windows Update
RP1209: 1/23/2012 3:00:10 AM - Windows Update
RP1210: 1/24/2012 3:00:10 AM - Windows Update
RP1211: 1/25/2012 - Scheduled Checkpoint
RP1212: 1/25/2012 3:00:11 AM - Windows Update
RP1213: 1/26/2012 2:48:22 AM - Scheduled Checkpoint
RP1214: 1/26/2012 3:00:10 AM - Windows Update
RP1215: 1/27/2012 - Scheduled Checkpoint
RP1216: 1/27/2012 3:00:11 AM - Windows Update
RP1217: 1/28/2012 2:44:48 AM - Scheduled Checkpoint
RP1218: 1/28/2012 3:00:11 AM - Windows Update
RP1219: 1/29/2012 - Scheduled Checkpoint
RP1220: 1/29/2012 3:00:11 AM - Windows Update
RP1221: 1/30/2012 3:00:10 AM - Windows Update
RP1222: 1/30/2012 2:23:25 PM - Installed Masque Slots Dual Pack
RP1223: 1/31/2012 3:00:12 AM - Windows Update
RP1224: 2/1/2012 2:52:06 AM - Scheduled Checkpoint
RP1225: 2/1/2012 3:00:10 AM - Windows Update
RP1226: 2/2/2012 1:34:36 AM - Scheduled Checkpoint
RP1227: 2/2/2012 3:00:11 AM - Windows Update
RP1228: 2/3/2012 2:37:31 AM - Scheduled Checkpoint
RP1229: 2/3/2012 3:00:10 AM - Windows Update
RP1230: 2/4/2012 1:25:40 AM - Scheduled Checkpoint
RP1231: 2/4/2012 3:00:10 AM - Windows Update
RP1232: 2/5/2012 3:55:30 PM - Windows Update
RP1233: 2/6/2012 3:00:10 AM - Windows Update
RP1234: 2/7/2012 1:07:50 AM - Scheduled Checkpoint
RP1235: 2/7/2012 3:00:11 AM - Windows Update
RP1236: 2/7/2012 8:56:06 PM - Scheduled Checkpoint
RP1237: 2/8/2012 3:00:11 AM - Windows Update
RP1238: 2/9/2012 2:58:19 AM - Scheduled Checkpoint
RP1239: 2/9/2012 3:00:11 AM - Windows Update
RP1240: 2/9/2012 11:37:00 AM - Removed NETGEAR WNA3100 wireless USB 2.0 adapter
RP1241: 2/9/2012 1:38:29 PM - Windows Update
RP1242: 2/9/2012 1:51:40 PM - Norton 360 Registry Clean
RP1243: 2/10/2012 3:00:11 AM - Windows Update
RP1244: 2/10/2012 9:58:42 AM - Removed Java™ 6 Update 24
RP1245: 2/10/2012 9:59:31 AM - Removed Java™ 6 Update 7
RP1246: 2/10/2012 10:02:12 AM - Removed Adobe Reader 9.4.6.
RP1247: 2/11/2012 12:00:01 AM - Scheduled Checkpoint
RP1248: 2/11/2012 3:00:11 AM - Windows Update
RP1249: 2/11/2012 3:40:20 AM - Windows Update
RP1250: 2/11/2012 7:42:35 AM - Removed Convergys Health Checker
RP1251: 2/11/2012 7:44:50 AM - Configured Wireless-N 150 USB Adapter WNA1000
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Computer Requirements 1.0
Connect
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CouponBar
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Remote Access
Dell Video Chat (remove only)
EDocs
Feedback Tool
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToAssist Customer 1.6.0.309
GX e3300N User Guide
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Jing
Junk Mail filter update
kuler
Masque Slots Dual Pack
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Norton 360
Norton PC Checkup
oDesk Team
PaperPort
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QualXServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scrapbook Flair
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skins
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
swMSM
ULSdb (remove only)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualLightBox
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/11/2012 8:45:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
2/11/2012 8:44:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
2/11/2012 3:02:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2656353).
2/10/2012 3:59:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/10/2012 3:59:24 PM, Error: Service Control Manager [7000] - The ULS VersaLaser Engraver Firmware Loader service failed to start due to the following error: The system cannot find the file specified.
2/10/2012 3:58:59 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Dell PC Fax with shared resource name Dell PC Fax. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================

OTL logfile created on: 2/11/2012 6:13:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\justin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 55.04% Memory free
12.15 Gb Paging File | 9.88 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 520.55 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.33 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive F: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAHJA | User Name: justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\justin\Desktop\OTL.exe
PRC - [2012/01/12 00:33:53 | 000,177,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
PRC - [2012/01/07 03:56:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/02/04 04:17:18 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 10:03:14 | 000,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/12 23:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2004/06/13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/07 03:56:05 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/30 20:07:18 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007/08/08 16:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Lexmark Z2300 Series\iptk.dll
MOD - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/09/06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/22 15:49:11 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/10/06 07:07:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/10 04:03:22 | 000,902,656 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/19 22:50:32 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdpcoms.exe -- (lxdp_device)
SRV:64bit: - [2006/11/03 18:07:28 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2012/01/12 00:33:53 | 000,177,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/10/05 14:50:42 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 10:27:05 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/10/14 00:04:40 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/22 15:47:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/24 13:23:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 10:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2007/11/19 17:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)
SRV - [2004/06/13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/28 17:10:12 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/01 20:44:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/10 04:03:26 | 004,658,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/09/10 04:03:26 | 004,658,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/18 17:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/01 23:42:48 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/04/01 23:42:44 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/04/01 23:42:42 | 000,087,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/28 20:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 20:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2012/02/11 08:41:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120210.035\ex64.sys -- (NAVEX15)
DRV - [2012/02/11 08:41:56 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120210.035\eng64.sys -- (NAVENG)
DRV - [2012/02/07 03:34:53 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 16:29:00 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/09/01 20:44:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090124
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090124
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=6090124
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/07 03:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/10 16:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 03:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/10 10:02:52 | 000,000,000 | ---D | M]

[2011/03/06 10:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Extensions
[2010/10/19 20:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/02/10 10:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions
[2011/03/06 16:25:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\justin\AppData\Roaming\mozilla\Firefox\Profiles\5738a74f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/28 20:13:56 | 000,002,469 | ---- | M] () -- C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\5738a74f.default\searchplugins\safesearch.xml
[2011/12/21 08:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/07 03:56:05 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/07 03:56:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/07 03:56:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! ()
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\SysNative\HCIMNTR.DLL (Logitech Inc.)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxdpmon.exe] C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A06CE5B-D159-4F47-8C64-F8325CD80315}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4931226-4902-4CD5-BED1-D6CFD967BA78}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BB3FC6-A3FA-4A36-9F5C-5D4D39303058}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\justin\Pictures\Desktop Backs & Savers\summer.jpg
O24 - Desktop BackupWallPaper: C:\Users\justin\Pictures\Desktop Backs & Savers\summer.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/13 14:11:22 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe - (Macrovision Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Bluetooth HCI Monitor - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MsConfig:64bit - StartUpReg: e8329028b0956f9887f04877fc134698 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EasyLinkAdvisor - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files (x86)\Dell PC Fax\fm3032.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Singlesnet - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Weather - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\309\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4BB4F695-5EC4-D20F-B76F-E358EC2AA20A} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8FDD32D1-34F3-0C6B-1B9F-F56389B97DCA} - Adobe Shockwave Director 11.0.3
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 18:06:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\justin\Desktop\dds.com
[2012/02/11 07:37:33 | 000,000,000 | ---D | C] -- C:\Users\justin\AppData\Roaming\Yahoo!
[2012/02/10 17:27:37 | 000,061,440 | ---- | C] ( ) -- C:\Users\justin\Desktop\VEW.exe
[2012/02/10 17:22:31 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\justin\Desktop\tdsskiller.exe
[2012/02/10 16:17:11 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\justin\Desktop\aswMBR.exe
[2012/02/10 10:54:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/10 10:54:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/10 10:54:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/10 10:54:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/10 10:54:15 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/10 10:51:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/10 10:50:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/10 10:14:50 | 000,000,000 | ---D | C] -- C:\Users\justin\Desktop\geeks to go
[2012/02/10 10:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/09 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/02/09 14:43:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\justin\Desktop\OTL.exe
[2012/02/07 18:02:16 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2012/02/06 15:22:20 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/06 15:22:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/30 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\justin\AppData\Roaming\Masque
[2012/01/30 14:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masque Games
[2012/01/30 14:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Masque Slots Dual Pack
[2011/12/23 23:18:25 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdppmui.dll
[2011/12/23 23:18:25 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpinpa.dll
[2011/12/23 23:18:25 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpiesc.dll
[2011/12/23 23:18:24 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpserv.dll
[2011/12/23 23:18:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomc.dll
[2011/12/23 23:18:24 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpusb1.dll
[2011/12/23 23:18:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdphbn3.dll
[2011/12/23 23:18:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcoms.exe
[2011/12/23 23:18:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdplmpm.dll
[2011/12/23 23:18:24 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomm.dll
[2011/12/23 23:18:24 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcfg.exe
[2011/12/23 23:18:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpih.exe
[2011/12/23 23:18:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpprox.dll
[2009/07/23 22:41:21 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\justin\AppData\Roaming\DataSafeDotNet.exe
[2009/03/04 21:34:36 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2009/03/04 21:34:36 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2009/03/04 21:34:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2009/03/04 21:34:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2009/03/04 21:34:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2009/03/04 21:34:34 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2009/03/04 21:34:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2009/03/04 21:34:34 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2009/03/04 21:34:34 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2009/03/04 21:34:34 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2009/03/04 21:34:34 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2009/03/04 21:34:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2009/03/04 21:34:33 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2009/03/04 21:34:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2009/03/04 21:34:33 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\justin\Desktop\*.tmp files -> C:\Users\justin\Desktop\*.tmp -> ]
[1 C:\Users\justin\*.tmp files -> C:\Users\justin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 18:06:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\justin\Desktop\dds.com
[2012/02/11 17:58:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 17:58:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 17:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 16:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 08:29:38 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012/02/10 17:27:37 | 000,061,440 | ---- | M] ( ) -- C:\Users\justin\Desktop\VEW.exe
[2012/02/10 17:23:08 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\justin\Desktop\tdsskiller.exe
[2012/02/10 16:19:13 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\justin\Desktop\aswMBR.exe
[2012/02/10 15:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 12:48:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/10 11:24:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/10 10:10:10 | 003,294,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/09 14:43:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\justin\Desktop\OTL.exe
[2012/02/07 03:19:51 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/07 03:18:52 | 003,032,730 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012/01/30 14:25:51 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\Slots Dual Pack.lnk
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012/01/19 12:09:08 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:09:08 | 000,613,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:09:08 | 000,107,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[22 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\justin\Desktop\*.tmp files -> C:\Users\justin\Desktop\*.tmp -> ]
[1 C:\Users\justin\*.tmp files -> C:\Users\justin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 10:54:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/10 10:54:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/10 10:54:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/10 10:54:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/10 10:54:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/30 14:25:51 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\Slots Dual Pack.lnk
[2011/12/23 23:18:25 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDPinst.dll
[2011/12/23 23:18:25 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdpcomx.dll
[2011/12/21 15:01:02 | 000,000,680 | ---- | C] () -- C:\Users\justin\AppData\Local\d3d9caps.dat
[2011/05/18 17:00:37 | 000,001,940 | ---- | C] () -- C:\Users\justin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/13 10:25:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/13 10:25:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/16 20:04:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/02 12:30:22 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011/04/02 12:30:13 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/02 12:30:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/04/02 12:29:11 | 000,000,312 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/02 12:29:11 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/02 12:24:34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/04/02 12:24:34 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/04/02 12:16:25 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/12/11 22:55:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/04/26 15:58:03 | 000,000,094 | ---- | C] () -- C:\Users\justin\AppData\Local\fusioncache.dat
[2010/04/25 10:56:05 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/17 15:13:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/17 14:41:41 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/11/22 09:42:50 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/09/16 21:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 21:39:05 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/16 21:38:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/31 22:28:51 | 000,000,074 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2009/03/04 21:34:36 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2009/03/04 21:34:35 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2009/03/04 21:34:35 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2009/03/04 21:34:35 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2009/03/04 21:34:35 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2009/03/04 21:34:35 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2009/03/04 21:34:35 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2009/03/04 21:34:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2009/03/04 21:34:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2009/03/04 21:34:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2009/02/24 21:04:20 | 000,010,240 | ---- | C] () -- C:\Users\justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 22:48:18 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/01/24 11:43:59 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/24 11:21:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/01/24 09:01:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/24 03:56:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/12/11 18:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 18:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/03/07 22:23:14 | 000,000,000 | -HSD | M] -- C:\Users\justin\AppData\Roaming\.#
[2011/10/04 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\.myPANTONE palettes
[2009/03/18 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\888poker.net
[2010/03/25 11:52:41 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Absolutist
[2009/07/25 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\acccore
[2011/10/20 09:26:59 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Adobe
[2010/02/28 19:27:27 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Alawar
[2010/11/16 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Apple Computer
[2009/01/28 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\ATI
[2011/04/02 12:51:17 | 000,000,000 | R--D | M] -- C:\Users\justin\AppData\Roaming\Brother
[2010/09/03 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 13:01:32 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Corel
[2009/01/28 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Dell
[2011/01/28 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\DellFaxCtr
[2010/03/13 08:26:44 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\ElementalsTheMagicKey
[2010/02/25 15:02:04 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Fabulous Finds
[2010/01/08 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Farm Mania 2
[2011/04/30 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\funkitron
[2011/03/27 10:53:52 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\GAS Softwares
[2009/01/29 14:31:19 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Google
[2009/05/17 14:09:30 | 000,000,000 | -H-D | M] -- C:\Users\justin\AppData\Roaming\GTek
[2010/02/25 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Home Sweet Home
[2009/01/28 20:44:11 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Identities
[2009/02/10 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Intuit
[2010/01/17 15:20:09 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\iWin
[2010/02/24 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Jane s Hotel Family Hero
[2009/08/10 10:07:26 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Ludia
[2009/01/28 22:44:16 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Macromedia
[2011/12/21 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Malwarebytes
[2012/01/30 23:05:43 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Masque
[2006/11/02 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Media Center Programs
[2010/12/11 22:58:19 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Meridian93
[2010/04/26 14:46:01 | 000,000,000 | --SD | M] -- C:\Users\justin\AppData\Roaming\Microsoft
[2011/03/06 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Mozilla
[2010/02/26 10:57:07 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\My Games
[2010/12/01 21:01:13 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Old Castle
[2011/04/02 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PC-FAX TX
[2010/02/25 21:29:24 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PlayFirst
[2010/03/01 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Playrix Entertainment
[2010/02/23 13:45:01 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\PoBros
[2010/02/28 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Pogo Games
[2010/03/30 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Singlesnet
[2011/04/30 07:17:31 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Skype
[2011/04/30 07:17:05 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\skypePM
[2009/11/01 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\SpinTop
[2009/11/01 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\SpinTop Games
[2009/01/28 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Symantec
[2012/02/09 12:50:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Tific
[2010/02/23 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\TitanicMystery
[2010/02/25 10:11:12 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Virtual City
[2009/06/12 08:20:33 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\VTExtra
[2009/06/30 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\WeatherBug
[2010/12/11 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\WinRAR
[2012/02/11 07:37:33 | 000,000,000 | ---D | M] -- C:\Users\justin\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/01/24 11:22:02 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/01/24 11:22:02 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/07 03:56:04 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/07 03:56:04 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/07 03:56:04 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/07 03:56:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/07 03:56:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/07 03:56:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/02 13:00:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/02 13:00:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/02 13:00:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/02 13:00:26 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/04/02 13:00:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/02 13:00:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/02 13:00:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/02 13:00:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/02 13:00:26 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/02 13:00:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 2/11/2012 6:13:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\justin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 55.04% Memory free
12.15 Gb Paging File | 9.88 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 520.55 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.33 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive F: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAHJA | User Name: justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe (Adobe Systems, Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E8 01 8F E2 4A 56 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21979710-6E07-4EDA-842E-6309C5C03FBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{51C2824F-31C4-4708-B9C7-9497FCFB5853}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{542C68A4-2F23-40EF-A0E3-93C83DE10E01}" = lport=139 | protocol=6 | dir=in | app=system |
"{616DAE7F-CF02-4470-BE03-DADC2C3084AC}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{65C09FD6-AB9D-4606-B0B7-A86F45980D9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8234188E-E9BB-4165-97E0-64EF9903FB5C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86198DF8-758F-4CDF-8794-BF79665F0110}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8972E9E8-3C6A-470D-BE6A-6127F61A48E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9CA535B4-F04D-44FB-AD67-F2C77855C92F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7466FE1-80E1-4836-B8F9-02DBDAE6D2F9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{B9C83212-09CA-49D4-9529-55F0A9B6861A}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE7C900D-1129-43FE-974A-97D15E398435}" = rport=139 | protocol=6 | dir=out | app=system |
"{C4104A15-4690-4F40-8D22-C595DAF7067A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3C77F27-8605-40A5-9C02-635C11E324AE}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D7496924-D5CC-4D40-8552-A2BCCB3EC42A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3D883BA-D387-4DC6-9091-BD9D97B0635A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC799A13-CF0C-414D-ACAE-3DB53BB39EE1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE0738A1-29C9-470F-B794-AABBAF87BF55}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5BEEAD-AA6D-4798-A41B-CF374A0FE66C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{0FF595DC-D970-4B9A-B4B8-C2F768131CD0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{0FFBDDF0-FA16-46B4-8A36-42552CF27928}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{1018912F-4973-41E8-9899-74C02C57EAF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{10572F6C-1B25-412A-BBAB-D42BEDAF5866}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile toolbar\troubleshooter.exe |
"{132229F5-2CD7-4A86-ADA7-8D2974448CB8}" = protocol=58 | dir=in | [email protected],-28545 |
"{18258A9E-60BD-4A0C-8FCB-EA6540F9464D}" = protocol=1 | dir=out | [email protected],-28544 |
"{26B147F1-1197-41F4-B653-6B2F50C734D1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26BBC7E4-2246-4969-8B36-C755CD7CAE79}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
"{29C5E260-415F-4C62-9A7D-D6ADA180C51B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
"{2F082918-ED67-4E4D-BDDE-92775D255FC7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{342DA2BC-7630-4955-B1DB-4372E3EE5926}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{383A1E18-E096-48E0-9491-D3C5EF882BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3C47A2C4-E91A-4830-B23F-148B0E72AA2B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdppswx.exe |
"{4036CA66-3313-4F8C-B175-92D5294A7FB0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4ABC2151-255A-47FF-AAD4-9D97BD50161C}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{4D429EC9-2531-4B86-9C8C-83C0271DF9F0}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{5114DB73-2C29-454F-A29B-B70249EE5078}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdppswx.exe |
"{58A0A300-5FBB-4A9B-B944-8FE34ECC53F9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{66A72199-C72F-4329-BF15-507F9EB74E3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A9F38C6-7782-4545-B220-F80E1ED4EBDD}" = protocol=58 | dir=out | [email protected],-28546 |
"{6B617CBB-FDDC-4EE6-A217-46544BF4F8E1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7391EE66-2880-4B39-9E6D-A71F028FFFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7394219B-3F0F-4015-966A-D5FFB2086062}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{748598D6-45D5-4235-BE6B-FB6EBAF083D2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7A120E89-8C2A-4DD5-8EE7-B26D6FEE4A22}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{884BB335-1170-4FEF-92E2-894FF32DFED6}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlcxcoms.exe |
"{8BABB57C-0146-459E-9081-1D7127C93DC0}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{8CAA5C8C-12A8-4B73-984D-F0B98119CC77}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark z2300 series\lxdpmon.exe |
"{8EBD0641-C1EF-4110-B1E7-7D93AAB0BB12}" = protocol=1 | dir=in | [email protected],-28543 |
"{901E1E70-EDA9-413B-9300-05D07C0716C1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxmon.exe |
"{967065B9-6B1F-4F81-B4EA-87D53D26FDAC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark z2300 series\lxdpmon.exe |
"{98A744C1-ADEB-4B58-B1D9-D8564D3F43A6}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile toolbar\toolbarupdate.exe |
"{98E2C367-4439-4267-BCEB-DBFF18CF0D65}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{9FE48D15-D366-4E7A-AC51-FF1410117186}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{AFB6D29A-8382-4DC7-88DE-2908364B930F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxmon.exe |
"{BA967A19-E942-4475-95D7-3DCFE0A90830}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BCFA40C7-C538-47FD-9AA8-46351B1D3296}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlcxcoms.exe |
"{C1CE77C5-786D-4809-B209-CD07DC79B458}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C446BC3D-7271-4DFF-B2BC-2F16E542B1DE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{C62A7F88-1F05-4D1F-B15D-1CC75CABA993}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{D4AA51CC-4197-42AD-A1B9-EC162EE9A1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAD16C9B-BEC0-4C6B-9515-771BE5FB2CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{DD4C662D-57B3-4E74-A914-7E64BE12F6BD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E00D6C64-D0D7-467E-BC7D-9CD55B0BBBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxaiox.exe |
"{EDC311B1-D3DC-496B-B502-6794B80F3816}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile toolbar\troubleshooter.exe |
"{F3BB57A1-8680-47CD-A647-AEC01F1E87B8}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile toolbar\toolbarupdate.exe |
"{FD757304-E0E9-4DF2-A0CF-32C6B2338E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 926\dlcxaiox.exe |
"TCP Query User{10DC4BF8-C5AB-4C0D-B8FF-80A1B29D59AD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5E1D5222-9976-47EC-9EEB-739D99539B56}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6B79B6C1-82B0-4F7F-B465-D6DF0AB6D2A0}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{8AD0279E-B905-4097-8B42-078E52C47121}C:\program files (x86)\adobe\adobe flash cs4\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
"TCP Query User{9425BA59-F924-48A4-B7F1-4BD073C42500}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{331F1132-233E-4B2B-8ED1-FB7CD5A389F0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{547BE8ED-43E5-41E7-BB0A-30C89E8D9E3A}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{C107A2CA-75DC-4F33-835F-FDAEC0FBF151}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C9D76870-2CF9-440E-802C-E11F4CBAEF65}C:\program files (x86)\adobe\adobe flash cs4\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
"UDP Query User{FEDB7D23-0A05-47F9-B2D4-5FACF2A77C14}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA0F68A4-CC52-D061-C239-CC54377E9B79}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0527E89C-E8B9-745F-8B7A-96530A214E54}" = Catalyst Control Center Localization Japanese
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A82E70-97F4-3BA9-65DB-692632659387}" = Catalyst Control Center InstallProxy
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DF30031-F15F-FD36-D9F8-EBC23B901894}" = Catalyst Control Center Graphics Light
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CD69C4-CF39-FCFC-3C36-02A6AEC62C42}" = CCC Help Spanish
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22D643F2-0DAA-4DB4-0B3F-C5B0B6F5AEC8}" = Catalyst Control Center Localization Polish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241FFFDE-06A1-BA33-1980-FC06F2F43ACD}" = CCC Help Turkish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E35857A-0A45-D90C-7F9F-2C6EED18DF11}" = CCC Help French
"{2F179735-F134-7E5F-9494-E2C5C39F0FBE}" = CCC Help Portuguese
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{306CD8FB-C567-F39C-8A3C-752AFE392023}" = CCC Help Korean
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921564E-11A7-27AC-8D6F-D5FCA33DD083}" = Skins
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9016D4-5AD8-3A77-5A75-8C89C68992CD}" = Catalyst Control Center Graphics Previews Vista
"{4011B00E-26BE-7867-3D2C-BA85CF737C8B}" = Catalyst Control Center Localization Korean
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42A28621-B822-4B7B-8D91-6D14CB4E6292}" = Masque Slots Dual Pack
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DF6A05-B79C-0AA4-EF59-843EFE398E3D}" = Catalyst Control Center Localization French
"{463E450F-401B-37D8-CD6C-8782D755AB86}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51114DCF-C263-88F0-937D-A80930617A8B}" = CCC Help Chinese Standard
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C883FB3-9F17-C9F6-3D74-D2C2DAC3FA0D}" = Catalyst Control Center Localization Chinese Traditional
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60B3718D-B81B-FBFE-C6F8-88BAF5934C17}" = Catalyst Control Center Localization German
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69724AEA-DC5F-BF91-A2B3-9B97422173BC}" = ccc-core-static
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A08D9B3-5E90-CDEA-3796-1E5C7AAD7F7D}" = Catalyst Control Center Localization Italian
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8123165F-1AED-4B2A-9C70-BB42A777C97C}" = CCC Help Hungarian
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8841C16B-EACC-82C0-18BC-7767CC9E740D}" = Catalyst Control Center Localization Spanish
"{892B4819-7E37-9C59-3A8C-7AE8A8261A7D}" = Catalyst Control Center Localization Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9131B5A5-DCA5-8F8A-5799-14F7B0C0E97D}" = Catalyst Control Center Localization Hungarian
"{925E788B-7624-F7BD-E331-2039774A2688}" = CCC Help Thai
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{960DD947-B41A-2503-4079-E1EA314A4962}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2BDAD24-875E-FDCA-1512-52F76435F5EE}" = CCC Help Italian
"{A3E66D20-B986-0D55-7000-9A9427F51C54}" = Catalyst Control Center Localization Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1CC33D7-54AF-4874-B871-5F968C119276}" = GX e3300N User Guide
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B88A3C98-CB4D-E3C2-DE49-EDAF1DC55CC1}" = CCC Help English
"{B9C73F69-63B7-552D-72D8-3C22B6B1A3E7}" = Catalyst Control Center Graphics Full New
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CE44ABFE-FAF9-3C62-1D27-C8B64C3DD321}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC1C90B-E9A4-F656-BCA2-2A71ECCBD8F5}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D62C1FAE-4092-A40C-CB31-4372494808CC}" = CCC Help German
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB7A862-71A2-C615-F620-5944F7FE8172}" = Catalyst Control Center Localization Turkish
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E01A8BFE-96AB-FEA3-4A3B-EEF9849D1E24}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F569596C-049F-BF15-E0A9-B7605D9B181E}" = Catalyst Control Center Core Implementation
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7D39F49-4D13-FEAB-CAB5-E508336F074B}" = CCC Help Chinese Traditional
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AIM_6" = AIM 6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.309
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"N360" = Norton 360
"NortonPCCheckup" = Norton PC Checkup
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TTB000001.TTB000001Toolbar" = CouponBar
"ULSdb" = ULSdb (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualLightBox" = VisualLightBox
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"oDVT" = oDesk Team

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2012 4:59:24 PM | Computer Name = Rahja | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 4:01:08 AM | Computer Name = Rahja | Source = MsiInstaller | ID = 11606
Description =

Error - 2/11/2012 4:01:08 AM | Computer Name = Rahja | Source = MsiInstaller | ID = 11606
Description =

Error - 2/11/2012 4:01:08 AM | Computer Name = Rahja | Source = MsiInstaller | ID = 1023
Description =

Error - 2/11/2012 8:25:00 AM | Computer Name = Rahja | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 2/11/2012 8:25:00 AM | Computer Name = Rahja | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

[ OSession Events ]
Error - 6/15/2009 8:03:48 PM | Computer Name = GRUMPY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/10/2010 11:54:51 AM | Computer Name = GRUMPY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/11/2012 4:42:36 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 4:42:39 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 8:43:35 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 8:43:38 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 8:46:40 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 8:46:43 AM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 9:44:54 AM | Computer Name = Rahja | Source = Service Control Manager | ID = 7011
Description =

Error - 2/11/2012 9:45:24 AM | Computer Name = Rahja | Source = Service Control Manager | ID = 7011
Description =

Error - 2/11/2012 7:18:27 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 2/11/2012 7:18:30 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

#10
RKinner

Posted 12 February 2012 - 09:04 AM

Malware Expert

Expert
24,625 posts

Error - 2/11/2012 7:18:30 PM | Computer Name = Rahja | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

This may be what is preventing Combofix from running. Let's see if we can fix the hard drive.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#11
smuckerzs

Posted 12 February 2012 - 12:51 PM

Member

Topic Starter
Member
26 posts

Ok here is the log, I see something in there about a Versa Laser, this should not be installed on my PC anymore, I checked the add remove programs but do not see it there:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/02/2012 1:48:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/02/2012 6:22:13 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 12/02/2012 6:21:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ULS VersaLaser Engraver Firmware Loader service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 12/02/2012 6:21:14 PM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer Dell PC Fax with shared resource name Dell PC Fax. Error 2114. The printer cannot be used by others on the network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
RKinner

Posted 12 February 2012 - 04:54 PM

Malware Expert

Expert
24,625 posts

Copy the next line:

sc delete VERSA2

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

There is another drive often associated with this software. You might want to try:

sc delete VERSALdr

Is it still acting up?

I don't suppose COmbofix would like to work now?

#13
smuckerzs

Posted 12 February 2012 - 07:21 PM

Member

Topic Starter
Member
26 posts

I am running combo fix now, its been going for 45 minus es or so and shows up to stage 4 completed. Is it still running and how many stages are there?

#14
RKinner

Posted 13 February 2012 - 12:27 AM

Malware Expert

Expert
24,625 posts

Last time I ran it there were at least 50 stages. It can take a lot longer than the 10 or 20 minutes that it promises. I've had it take 3 hours. It really depends on how fast the PC is, how big the hard drive, how many files you have and busy the CPU is doing malware and other things. If the drive light is still flashing just let it run.