Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

So many unknowns, errors & issues .... not sure where to start [Cl


  • This topic is locked This topic is locked

#1
Dowhich?

Dowhich?

    New Member

  • Member
  • Pip
  • 6 posts
Thank you in advance for any help you might offer.....I have not posted before and am a basic user and not so technically savvy. However I have been noticing odd things going on for quite some time now so not really sure of a time line. I have several computers in my home on a wireless network and all of the machines seem to be experiencing similar issues. In fact one will not even power on - and only got it in January. Not sure if all is related or not. The below OTL report is from one of the laptops - the specific things I have noticed here: slow connection, repeated errors of unsecure connections and invalid certificates, changes to the desktop, unfamiliar files - some hidden, programs I do not recall, processor consistently running, regular internet connection interruptions and at times cannot connect. I do not mean to be vague but at times I am not sure if something is wrong or I am being paranoid. Would you mind to have a peek at the below items I have included as per your instructions and let me know what you see? Should I run the OTL on each of the computers on my network and post those also or should those be in posts on their own? Thank you again for any insight, suggestions, help - whatever you can offer.

Many Thanks.


OTL logfile created on: 3/14/2012 10:58:44 AM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\MOM\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.86% Memory free
8.13 Gb Paging File | 5.99 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 169.40 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.96 Gb Free Space | 19.59% Space Free | Partition Type: NTFS

Computer Name: REDLAPTOP | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 10:53:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\MOM\Downloads\OTL.exe
PRC - [2012/03/10 05:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 10:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 05:21:42 | 000,429,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 05:21:41 | 003,772,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 05:20:28 | 000,527,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\libglesv2.dll
MOD - [2012/03/10 05:20:27 | 000,114,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\libegl.dll
MOD - [2012/03/10 05:20:17 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 05:20:16 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 05:20:15 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/10 01:56:11 | 008,593,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/12/22 06:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/23 16:23:24 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/08/01 17:19:34 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 18:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 06:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 05:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6B459101-BD86-4520-8F6C-2EAB6C918BAE}
IE:64bit: - HKLM\..\SearchScopes\{6B459101-BD86-4520-8F6C-2EAB6C918BAE}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/12 11:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 19:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions
[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/01 17:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/01 17:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/12 11:24:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/02/18 19:11:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 19:11:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 14:00:11 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/18 19:11:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SiteAdvisor = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [NapsterShell] "C:\Program Files (x86)\Napster\napster.exe" /systray File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE /FU "C:\Users\MOM\AppData\Local\Temp\E_S1DA1.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnet.com ([download] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A47AFA-E50D-458C-B97D-A5D202FC786B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CE9C0AC-BFEB-48FB-9BAF-2DF8883A7F93}: DhcpNameServer = 4.2.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 09:16:24 | 000,000,000 | --SD | C] -- C:\Users\MOM\Documents\My Data Sources
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2012/03/13 02:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlainSight Desktop Calendar
[2012/03/13 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\pdc
[2012/03/13 02:28:40 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Add-in Express
[2012/03/13 02:02:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\ARCHIVES
[2012/03/12 22:02:14 | 000,000,000 | ---D | C] -- C:\Users\MOM\Desktop\checks
[2012/03/11 17:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/03/11 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/03/08 00:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/08 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/07 12:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/07 12:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/07 12:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/07 12:23:56 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Google
[2012/03/06 09:50:32 | 000,000,000 | R--D | C] -- C:\Users\MOM\Documents\Outlook Files
[2012/03/06 08:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/05 20:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/05 20:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/05 20:48:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/05 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/05 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/05 20:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/03/05 20:43:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/05 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\OneNote Notebooks
[2012/03/05 14:54:07 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Apps
[2012/03/05 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Document work in Progress
[2012/03/05 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Microsoft Help
[2012/03/05 12:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/03/05 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/03/05 11:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/03/05 11:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/03/05 11:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/03/05 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\InstallShield
[2012/03/05 11:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/03/05 05:21:45 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/05 01:33:31 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Epson
[2012/03/05 00:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/03/02 01:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/03/02 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/03/02 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:30:54 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CharterSuite
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/03/01 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 10:57:49 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\OTL.exe - Shortcut.lnk
[2012/03/14 10:45:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 10:45:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 10:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 09:06:31 | 000,869,825 | ---- | M] () -- C:\Users\MOM\AppData\Local\census.cache
[2012/03/14 09:05:35 | 000,129,402 | ---- | M] () -- C:\Users\MOM\AppData\Local\ars.cache
[2012/03/14 08:37:00 | 000,746,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 08:37:00 | 000,637,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/14 08:37:00 | 000,113,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 08:34:14 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 08:30:59 | 000,383,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 08:30:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 14:02:58 | 000,039,829 | R--- | M] () -- C:\Users\MOM\Desktop\Photo on 2010-07-24 at 19 06 #2.jpg
[2012/03/13 13:03:53 | 000,007,680 | ---- | M] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 06:34:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:30:03 | 000,001,089 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/13 06:22:58 | 000,026,784 | ---- | M] () -- C:\Users\MOM\01120370.one
[2012/03/13 06:22:36 | 000,073,080 | ---- | M] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:22:31 | 000,043,200 | ---- | M] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:14:12 | 000,062,112 | ---- | M] () -- C:\Users\MOM\01120375.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 05:16:00 | 000,004,274 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat
[2012/03/13 04:44:53 | 000,000,162 | -HS- | M] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 03:57:46 | 000,008,671 | ---- | M] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 03:53:08 | 000,016,446 | ---- | M] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/13 03:52:40 | 000,026,452 | ---- | M] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 03:51:26 | 000,011,939 | ---- | M] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 03:48:36 | 000,153,600 | ---- | M] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 03:47:22 | 000,072,384 | ---- | M] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 03:47:00 | 000,061,839 | ---- | M] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 03:45:24 | 000,100,021 | ---- | M] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 03:44:07 | 000,201,905 | ---- | M] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 03:42:25 | 000,013,908 | ---- | M] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 02:53:33 | 000,761,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 02:53:30 | 000,000,767 | ---- | M] () -- C:\Users\MOM\Desktop\PlainSight Desktop Calendar.lnk
[2012/03/12 16:31:36 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/08 22:36:36 | 000,071,164 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/06 09:51:34 | 000,000,928 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/06 08:46:49 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/03/06 08:46:49 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | M] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/05 11:34:37 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/05 11:14:33 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2012/03/05 11:08:11 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/03/02 01:08:31 | 000,001,682 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/01 23:07:25 | 000,006,080 | ---- | M] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2012/02/14 18:16:33 | 000,000,000 | ---- | M] () -- C:\Users\MOM\Documents\Default.rdp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 10:57:49 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\OTL.exe - Shortcut.lnk
[2012/03/13 14:02:00 | 000,039,829 | R--- | C] () -- C:\Users\MOM\Desktop\Photo on 2010-07-24 at 19 06 #2.jpg
[2012/03/13 06:34:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:20:36 | 000,207,864 | ---- | C] () -- C:\Users\MOM\Legal Practice Notebook.onepkg
[2012/03/13 06:20:23 | 000,073,080 | ---- | C] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:20:05 | 000,050,872 | ---- | C] () -- C:\Users\MOM\01162359.one
[2012/03/13 06:19:50 | 000,006,448 | ---- | C] () -- C:\Users\MOM\01146168.one
[2012/03/13 06:19:30 | 000,106,688 | ---- | C] () -- C:\Users\MOM\01141981.one
[2012/03/13 06:19:11 | 000,043,200 | ---- | C] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:06:29 | 000,062,112 | ---- | C] () -- C:\Users\MOM\01120375.one
[2012/03/13 06:05:39 | 000,000,400 | ---- | C] () -- C:\Users\MOM\content.inf
[2012/03/13 06:05:22 | 000,026,784 | ---- | C] () -- C:\Users\MOM\01120370.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 04:48:08 | 000,153,600 | ---- | C] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 04:48:04 | 000,072,384 | ---- | C] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 04:47:49 | 000,061,839 | ---- | C] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 04:47:44 | 000,100,021 | ---- | C] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 04:47:39 | 000,201,905 | ---- | C] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 04:47:33 | 000,013,908 | ---- | C] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 04:47:25 | 000,000,162 | -HS- | C] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 04:47:14 | 000,008,671 | ---- | C] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 04:47:09 | 000,011,939 | ---- | C] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 04:47:04 | 000,026,452 | ---- | C] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 04:46:57 | 000,016,446 | ---- | C] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/13 02:53:30 | 000,000,767 | ---- | C] () -- C:\Users\MOM\Desktop\PlainSight Desktop Calendar.lnk
[2012/03/08 22:36:36 | 000,071,164 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 13:30:01 | 000,001,089 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 12:24:09 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 12:24:07 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 09:51:34 | 000,000,928 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | C] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/05 11:34:37 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/05 11:34:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/05 11:14:33 | 000,000,689 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2012/03/05 00:46:37 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/05 00:46:37 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/05 00:46:37 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/05 00:46:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/05 00:46:37 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/05 00:46:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/05 00:46:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/05 00:46:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/05 00:46:36 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/05 00:46:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/05 00:46:36 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/05 00:46:36 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/05 00:46:36 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/03/05 00:46:36 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/03/05 00:44:35 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/03/02 01:08:31 | 000,001,682 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/01 14:56:12 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/03/01 14:56:12 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/14 18:16:33 | 000,000,000 | ---- | C] () -- C:\Users\MOM\Documents\Default.rdp
[2011/11/20 08:18:59 | 000,869,825 | ---- | C] () -- C:\Users\MOM\AppData\Local\census.cache
[2011/11/20 08:18:53 | 000,129,402 | ---- | C] () -- C:\Users\MOM\AppData\Local\ars.cache
[2011/11/20 08:11:40 | 000,000,036 | ---- | C] () -- C:\Users\MOM\AppData\Local\housecall.guid.cache
[2011/10/28 02:31:00 | 000,024,247 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\UserTile.png
[2011/09/18 02:06:13 | 000,000,008 | -H-- | C] () -- C:\Users\MOM\AppData\Local\L8457789110
[2011/08/20 00:16:50 | 000,761,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/01 04:15:28 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/05/29 17:48:14 | 000,006,080 | ---- | C] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2010/05/23 12:51:52 | 000,007,680 | ---- | C] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 02:16:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/21 02:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/21 02:14:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/05/19 03:24:48 | 000,004,274 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/08/15 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/03/05 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Epson
[2011/09/18 02:26:39 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\FileMaker Pro
[2010/07/19 00:05:06 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\JobTabsLLC
[2012/03/13 03:05:17 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\pdc
[2011/10/28 02:31:00 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\PeerNetworking
[2010/05/19 03:25:03 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Template
[2011/11/20 09:08:17 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\TomTom
[2012/03/14 03:19:40 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/12 04:51:43 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1ABDF857-C0F7-45EA-81D9-8B8D9472C2B7}.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 3/14/2012 10:58:44 AM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\MOM\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.86% Memory free
8.13 Gb Paging File | 5.99 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 169.40 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.96 Gb Free Space | 19.59% Space Free | Partition Type: NTFS

Computer Name: REDLAPTOP | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 09 A1 64 5A 3D 00 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1632BE84-4BE6-4AA0-8030-9BD29785B036}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A0779DE-F8C9-40DF-8532-2B655A63637F}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AC977D3-0108-4E48-A907-6AB37D3D7B71}" = lport=139 | protocol=6 | dir=in | app=system |
"{48854B5D-6F83-4378-BAFE-B2FD17D88EDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F6A672B-6832-4D21-8A49-9D968F5C7D6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{80AC3652-18F1-420C-9F29-5337D9F3308B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A446F192-E7AA-49E1-9EC0-BAE216C5A8D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B7A8C32F-82F7-4D45-9E2A-A6C6077232F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDDBA8B1-ADAD-43B7-B42E-46BB23E4F389}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE62B73B-5FBD-49C7-962D-162AA2F726A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA4F9F31-C629-4AA5-9FEE-5D888526E098}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C8C4EE-FABE-4FF3-8D95-DA7DF7803005}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3D735E17-F232-4471-9E47-77EEBC26BD83}" = protocol=1 | dir=in | [email protected],-28543 |
"{94314334-371C-446D-B7D0-32CE7EB0E297}" = protocol=58 | dir=out | [email protected],-28546 |
"{94AC536B-8489-4E5A-9637-F8007F56B343}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{963B2F22-4B5D-488C-A11D-FCE6613F9FAA}" = protocol=1 | dir=out | [email protected],-28544 |
"{C1757856-F537-46B2-A90B-82B1C7B66F77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D0599000-AC5A-4FA5-9819-D6A7A3CC1948}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F647C28B-7E89-4F67-918B-AFB51AE3DD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{398795DC-1B3D-40A1-BFD5-FBC8006F2B68}C:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |
"TCP Query User{4B341A2E-4825-4517-8D1A-02AFEAB7AFFF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{DE6C246C-F0B7-4FE6-A14E-0584870C609B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{999AEEF5-6DEF-4FEC-A971-90DC66CFA340}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{99E05B90-2CC8-4A90-AB03-A81D61695984}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B1BB7C56-4C22-418B-BCC7-A0643401CB2C}C:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E0E07D0E-2B41-FCB0-6596-FEE18AABE9FD}" = Livescribe Connect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.livescribe.LivescribeConnect" = Livescribe Connect
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Livescribe Desktop 2.8" = Livescribe Desktop
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"PlainSight Desktop Calendar_is1" = PlainSight Desktop Calendar 2.6.1.2
"ST6UNST #1" = CharterSuite
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2012 12:49:12 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3572

Error - 3/11/2012 12:49:13 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:49:13 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4664

Error - 3/11/2012 12:49:13 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4664

Error - 3/11/2012 12:49:14 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:49:14 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5788

Error - 3/11/2012 12:49:14 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5788

Error - 3/11/2012 12:49:15 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:49:15 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6911

Error - 3/11/2012 12:49:15 AM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6911

[ Broadcom Wireless LAN Events ]
Error - 11/7/2011 2:45:38 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 01:45:37, Mon, Nov 07, 11 Error - Unable to gain access to user store


Error - 11/20/2011 6:24:39 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 05:24:39, Sun, Nov 20, 11 Error - Unable to gain access to user store


Error - 11/23/2011 7:29:50 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 18:29:49, Wed, Nov 23, 11 Error - Unable to gain access to user store


Error - 11/28/2011 5:44:36 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 16:44:35, Mon, Nov 28, 11 Error - Unable to gain access to user store


Error - 11/30/2011 6:52:24 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 17:52:23, Wed, Nov 30, 11 Error - Unable to gain access to user store


Error - 3/1/2012 2:47:05 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 01:47:04, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 7:56:53 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 06:56:52, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 8:18:42 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 19:18:41, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 10:52:06 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 21:52:05, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/10/2012 9:11:27 PM | Computer Name = RedLaptop | Source = WLAN-Tray | ID = 0
Description = 20:11:26, Sat, Mar 10, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 3/14/2012 8:31:45 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/14/2012 8:32:06 AM | Computer Name = RedLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/14/2012 8:32:15 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/14/2012 8:32:15 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2012 8:32:45 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/14/2012 8:32:45 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/14/2012 8:32:46 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/14/2012 8:33:52 AM | Computer Name = RedLaptop | Source = DCOM | ID = 10005
Description =

Error - 3/14/2012 8:33:52 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 3/14/2012 8:33:52 AM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Dowhich?, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator priviledges.
  • If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

We need to get some updated logs. Please delete the current copy of OTL from the C:\Users\MOM\Downloads folder, along with the OTL.txt file and the Extras.txt file and download a fresh copy of OTL to the desktop. It is important that it be saved to the desktop


Step-1.

OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)


Step-2

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c
[CREATERESTOREPOINT]

2.
  • Right click the Posted Image OTL icon on the desktop and click Run as Administrator to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console<---Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-4.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log<---NOTE: aswMBR will put a file named MBR.dat on the desktop. Don't remove it.
  • 0

#3
Dowhich?

Dowhich?

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you so much for responding. It has been such a long time to be honest I have ran fifty hundred things since I posted this. So I was not sure the fixes would still be relevant.

Please know I have not received help elsewhere and agree to abide by your instructions thru-out and I apologize if I have messed this up already.

As I mentioned above, since I have made changes I did not run the fixes sent but did remove, reinstall and send new log re: OTL. But I only see the otl file and not the extras file - did I not do it correctly?

I have only one user account that I have created.

Also I did not complete step three as again was not sure still relevant

I will wait going forward and follow your instructions completely.

Thanks again.





OTL logfile created on: 3/26/2012 5:14:21 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\MOM\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.87% Memory free
8.09 Gb Paging File | 6.14 Gb Available in Paging File | 75.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 181.91 Gb Free Space | 63.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.96 Gb Free Space | 19.59% Space Free | Partition Type: NTFS

Computer Name: REDLAPTOP | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 04:57:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
PRC - [2012/02/07 17:19:44 | 003,865,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/02/07 17:18:30 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/02/07 17:18:24 | 001,181,104 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/19 16:44:06 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
PRC - [2012/01/19 16:12:10 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2012/01/19 16:11:20 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/06 04:34:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 12:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/20 11:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/12/22 06:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/19 16:12:10 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/19 16:11:20 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 09:24:02 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/01/17 09:24:02 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/01/17 09:24:02 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/08/01 17:19:34 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 18:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 06:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 05:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6B459101-BD86-4520-8F6C-2EAB6C918BAE}
IE:64bit: - HKLM\..\SearchScopes\{6B459101-BD86-4520-8F6C-2EAB6C918BAE}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes,DefaultScope = {DCD79D4E-A969-46FF-8108-725FA254442B}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{DCD79D4E-A969-46FF-8108-725FA254442B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{EE0620F8-0BB0-411D-8DA5-D206C1F05EBA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/12 11:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 19:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions
[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/01 17:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/01 17:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/12 11:24:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/02/18 19:11:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 19:11:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 14:00:11 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/18 19:11:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Spybot - Search & Destroy = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.7.20106_0\
CHR - Extension: YouTube = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: SiteAdvisor = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/24 11:10:25 | 000,000,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (IMDb Toolbar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\IMDb Toolbar\IMDbToolbar.9.40.dll (IMDb)
O3 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE /FU "C:\Users\MOM\AppData\Local\Temp\E_S1DA1.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..Trusted Domains: cnet.com ([download] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A47AFA-E50D-458C-B97D-A5D202FC786B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 04:58:05 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
[2012/03/26 03:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/03/25 14:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/03/25 14:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/03/25 14:49:46 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/03/25 14:48:51 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/03/25 14:48:49 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/03/25 14:48:48 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/03/25 14:48:48 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/03/25 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/03/25 14:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/03/25 14:45:56 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\GFI Software
[2012/03/25 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\231A5020-5631-4FB2-8408-B1E6A7A68721.aplzod
[2012/03/24 10:38:17 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012/03/24 06:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/24 06:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/03/24 06:38:37 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/03/24 06:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/03/24 05:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2012/03/23 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMDb Toolbar
[2012/03/23 12:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/23 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\PackageAware
[2012/03/23 11:24:44 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/22 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\APN
[2012/03/20 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Avery
[2012/03/14 01:05:20 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 01:05:20 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/14 01:05:19 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/14 01:05:19 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/14 01:05:19 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/14 01:04:45 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/03/14 01:04:44 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/03/13 09:16:24 | 000,000,000 | --SD | C] -- C:\Users\MOM\Documents\My Data Sources
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2012/03/13 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\pdc
[2012/03/13 02:28:40 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Add-in Express
[2012/03/13 02:02:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\ARCHIVES
[2012/03/11 17:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/03/11 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/03/08 00:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/08 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/07 12:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/07 12:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/07 12:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/07 12:23:56 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Google
[2012/03/06 09:50:32 | 000,000,000 | R--D | C] -- C:\Users\MOM\Documents\Outlook Files
[2012/03/06 08:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/05 20:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/05 20:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/05 20:48:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/05 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/05 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/05 20:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/03/05 20:43:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/05 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\OneNote Notebooks
[2012/03/05 14:54:07 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Apps
[2012/03/05 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Document work in Progress
[2012/03/05 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Microsoft Help
[2012/03/05 12:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/03/05 11:17:04 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2012/03/05 11:17:04 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2012/03/05 11:17:04 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2012/03/05 11:17:04 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2012/03/05 11:17:04 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2012/03/05 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/03/05 11:16:54 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2012/03/05 11:16:54 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2012/03/05 11:16:54 | 000,537,600 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2012/03/05 11:16:54 | 000,537,600 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2012/03/05 11:16:54 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2012/03/05 11:16:54 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2012/03/05 11:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/03/05 11:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/03/05 11:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/03/05 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\InstallShield
[2012/03/05 11:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/03/05 05:21:45 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/05 01:33:31 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Epson
[2012/03/05 00:46:37 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2012/03/05 00:46:37 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2012/03/05 00:46:37 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2012/03/05 00:46:37 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2012/03/05 00:46:36 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2012/03/05 00:45:29 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMEMA.DLL
[2012/03/05 00:45:27 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBEMA.DLL
[2012/03/05 00:44:34 | 000,083,968 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2012/03/05 00:44:34 | 000,012,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2012/03/05 00:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/03/02 01:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/03/02 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/03/02 01:01:51 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMHOA.DLL
[2012/03/02 01:01:49 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBHOA.DLL
[2012/03/02 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:32:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/03/02 00:30:54 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CharterSuite
[2012/03/02 00:30:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/03/02 00:30:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/03/01 17:41:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:41:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:41:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/03/01 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 05:09:03 | 000,637,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/26 05:09:02 | 000,746,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/26 05:09:02 | 000,113,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/26 05:05:23 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 05:04:36 | 000,000,610 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/26 05:03:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 05:03:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 05:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/26 04:57:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
[2012/03/26 04:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 19:49:12 | 000,000,680 | ---- | M] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2012/03/25 19:18:31 | 000,000,087 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\netstat.bat
[2012/03/25 14:49:56 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Internet Security.lnk
[2012/03/25 14:13:36 | 000,002,301 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/03/25 11:23:39 | 000,000,767 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2012/03/24 21:22:42 | 000,004,749 | ---- | M] () -- C:\Users\MOM\Documents\sightspeed_picon-1332638562.png
[2012/03/24 12:10:14 | 000,001,089 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/24 11:30:14 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/24 11:10:25 | 000,000,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/24 06:38:43 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/03/23 12:03:49 | 000,002,515 | ---- | M] () -- C:\Users\MOM\Desktop\HiJackThis.lnk
[2012/03/20 20:16:41 | 000,072,015 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.spx
[2012/03/20 20:16:41 | 000,004,531 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.rtf
[2012/03/14 09:06:31 | 000,869,825 | ---- | M] () -- C:\Users\MOM\AppData\Local\census.cache
[2012/03/14 09:05:35 | 000,129,402 | ---- | M] () -- C:\Users\MOM\AppData\Local\ars.cache
[2012/03/14 08:30:59 | 000,383,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 13:03:53 | 000,007,680 | ---- | M] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 06:34:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:22:58 | 000,026,784 | ---- | M] () -- C:\Users\MOM\01120370.one
[2012/03/13 06:22:36 | 000,073,080 | ---- | M] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:22:31 | 000,043,200 | ---- | M] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:14:12 | 000,062,112 | ---- | M] () -- C:\Users\MOM\01120375.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 05:16:00 | 000,004,274 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat
[2012/03/13 04:44:53 | 000,000,162 | -HS- | M] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 03:57:46 | 000,008,671 | ---- | M] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 03:53:08 | 000,016,446 | ---- | M] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/13 03:52:40 | 000,026,452 | ---- | M] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 03:51:26 | 000,011,939 | ---- | M] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 03:48:36 | 000,153,600 | ---- | M] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 03:47:22 | 000,072,384 | ---- | M] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 03:47:00 | 000,061,839 | ---- | M] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 03:45:24 | 000,100,021 | ---- | M] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 03:44:07 | 000,201,905 | ---- | M] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 03:42:25 | 000,013,908 | ---- | M] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 02:53:33 | 000,761,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 22:36:36 | 000,071,164 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/06 09:51:34 | 000,000,928 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/06 08:46:49 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | M] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/02 01:08:31 | 000,001,682 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/02 00:32:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/03/02 00:30:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/03/02 00:30:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/03/01 17:41:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/01 17:41:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:41:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:41:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 14:56:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 19:18:31 | 000,000,087 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\netstat.bat
[2012/03/25 14:49:56 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Internet Security.lnk
[2012/03/25 11:24:19 | 000,002,301 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/03/25 11:23:39 | 000,000,767 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2012/03/24 21:22:42 | 000,004,749 | ---- | C] () -- C:\Users\MOM\Documents\sightspeed_picon-1332638562.png
[2012/03/24 06:38:56 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/24 06:38:55 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 06:38:54 | 000,000,610 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/24 06:38:43 | 000,001,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/03/24 06:38:43 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/03/23 11:24:44 | 000,002,515 | ---- | C] () -- C:\Users\MOM\Desktop\HiJackThis.lnk
[2012/03/20 20:16:41 | 000,072,015 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.spx
[2012/03/20 20:16:41 | 000,004,531 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.rtf
[2012/03/13 06:34:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:20:36 | 000,207,864 | ---- | C] () -- C:\Users\MOM\Legal Practice Notebook.onepkg
[2012/03/13 06:20:23 | 000,073,080 | ---- | C] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:20:05 | 000,050,872 | ---- | C] () -- C:\Users\MOM\01162359.one
[2012/03/13 06:19:50 | 000,006,448 | ---- | C] () -- C:\Users\MOM\01146168.one
[2012/03/13 06:19:30 | 000,106,688 | ---- | C] () -- C:\Users\MOM\01141981.one
[2012/03/13 06:19:11 | 000,043,200 | ---- | C] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:06:29 | 000,062,112 | ---- | C] () -- C:\Users\MOM\01120375.one
[2012/03/13 06:05:39 | 000,000,400 | ---- | C] () -- C:\Users\MOM\content.inf
[2012/03/13 06:05:22 | 000,026,784 | ---- | C] () -- C:\Users\MOM\01120370.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 04:48:08 | 000,153,600 | ---- | C] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 04:48:04 | 000,072,384 | ---- | C] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 04:47:49 | 000,061,839 | ---- | C] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 04:47:44 | 000,100,021 | ---- | C] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 04:47:39 | 000,201,905 | ---- | C] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 04:47:33 | 000,013,908 | ---- | C] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 04:47:25 | 000,000,162 | -HS- | C] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 04:47:14 | 000,008,671 | ---- | C] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 04:47:09 | 000,011,939 | ---- | C] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 04:47:04 | 000,026,452 | ---- | C] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 04:46:57 | 000,016,446 | ---- | C] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/08 22:36:36 | 000,071,164 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 13:30:01 | 000,001,089 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 12:24:09 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 12:24:07 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 09:51:34 | 000,000,928 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | C] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/05 11:34:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/05 00:46:37 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/05 00:46:37 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/05 00:46:37 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/05 00:46:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/05 00:46:37 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/05 00:46:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/05 00:46:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/05 00:46:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/05 00:46:36 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/05 00:46:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/05 00:46:36 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/05 00:46:36 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/05 00:46:36 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/03/05 00:46:36 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/03/02 01:08:31 | 000,001,682 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/01 14:56:12 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/20 08:18:59 | 000,869,825 | ---- | C] () -- C:\Users\MOM\AppData\Local\census.cache
[2011/11/20 08:18:53 | 000,129,402 | ---- | C] () -- C:\Users\MOM\AppData\Local\ars.cache
[2011/11/20 08:11:40 | 000,000,036 | ---- | C] () -- C:\Users\MOM\AppData\Local\housecall.guid.cache
[2011/10/28 02:31:00 | 000,024,247 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\UserTile.png
[2011/09/18 02:06:13 | 000,000,008 | -H-- | C] () -- C:\Users\MOM\AppData\Local\L8457789110
[2011/08/20 00:16:50 | 000,761,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/01 04:15:28 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/05/29 17:48:14 | 000,000,680 | ---- | C] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2010/05/23 12:51:52 | 000,007,680 | ---- | C] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 02:16:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/21 02:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/21 02:14:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/05/19 03:24:48 | 000,004,274 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/03/21 00:09:06 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Avery
[2011/08/15 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/03/05 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Epson
[2011/09/18 02:26:39 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\FileMaker Pro
[2012/03/25 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\GFI Software
[2010/07/19 00:05:06 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\JobTabsLLC
[2012/03/23 11:22:47 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\pdc
[2011/10/28 02:31:00 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\PeerNetworking
[2010/05/19 03:25:03 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Template
[2011/11/20 09:08:17 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\TomTom
[2012/03/26 05:04:36 | 000,000,610 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,606 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/25 14:57:54 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/12 04:51:43 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1ABDF857-C0F7-45EA-81D9-8B8D9472C2B7}.job

========== Purity Check ==========



< End of report >
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dowhich?

You didn't get an Extras.txt because you didn't run the scan the way I asked. Please go back to my post and read the instructions carefully for Step 1 and Step 2. Then post the requested logs in Step 3.
Thanks.
  • 0

#5
Dowhich?

Dowhich?

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My sincere apologies - I still did not get an extras file.....truly I thought I followed every step as instructed - but i must have missed something. Can you clarify? I have attached the other items.

Please advise at your convenience and again my apologies.


OTL logfile created on: 3/26/2012 12:06:19 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\MOM\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.89% Memory free
8.12 Gb Paging File | 5.98 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 181.65 Gb Free Space | 63.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.96 Gb Free Space | 19.59% Space Free | Partition Type: NTFS

Computer Name: REDLAPTOP | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 12:03:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
PRC - [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/02/20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/07 17:19:44 | 003,865,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/02/07 17:18:30 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/02/07 17:18:24 | 001,181,104 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/19 16:44:06 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
PRC - [2012/01/19 16:12:10 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2012/01/19 16:11:20 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/06 04:34:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/10/05 18:08:38 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2011/09/29 05:31:34 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2011/08/20 10:54:44 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 08:21:12 | 000,429,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll
MOD - [2012/03/21 08:21:11 | 003,772,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
MOD - [2012/03/21 08:19:37 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avutil-51.dll
MOD - [2012/03/21 08:19:35 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avformat-53.dll
MOD - [2012/03/21 08:19:34 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\avcodec-53.dll
MOD - [2011/10/05 12:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/20 11:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/12/22 06:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/19 16:12:10 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/19 16:11:20 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 09:24:02 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/01/17 09:24:02 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/01/17 09:24:02 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/08/01 17:19:34 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 18:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 06:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 05:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6B459101-BD86-4520-8F6C-2EAB6C918BAE}
IE:64bit: - HKLM\..\SearchScopes\{6B459101-BD86-4520-8F6C-2EAB6C918BAE}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes,DefaultScope = {DCD79D4E-A969-46FF-8108-725FA254442B}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{DCD79D4E-A969-46FF-8108-725FA254442B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\SearchScopes\{EE0620F8-0BB0-411D-8DA5-D206C1F05EBA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/12 11:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/26 09:05:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions
[2011/11/20 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOM\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/26 09:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 11:24:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/03/26 09:05:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/18 19:11:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 14:00:11 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/18 19:11:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Spybot - Search & Destroy = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.7.20106_0\
CHR - Extension: YouTube = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: SiteAdvisor = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/24 11:10:25 | 000,000,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (IMDb Toolbar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\IMDb Toolbar\IMDbToolbar.9.40.dll (IMDb)
O3 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [EPSON Artisan 800(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE /FU "C:\Users\MOM\AppData\Local\Temp\E_S1DA1.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2837705201-415596233-1906003027-1000\..Trusted Domains: cnet.com ([download] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A47AFA-E50D-458C-B97D-A5D202FC786B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 12:03:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
[2012/03/26 11:58:29 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\B5BBD1F6-B9BC-43BE-9C19-BD3728E2040F.aplzod
[2012/03/26 03:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/03/25 14:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/03/25 14:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/03/25 14:49:46 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/03/25 14:48:51 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/03/25 14:48:49 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/03/25 14:48:48 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/03/25 14:48:48 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/03/25 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/03/25 14:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/03/25 14:45:56 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\GFI Software
[2012/03/24 10:38:17 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012/03/24 06:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/24 06:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/03/24 06:38:37 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/03/24 06:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/03/24 05:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2012/03/23 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMDb Toolbar
[2012/03/23 12:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/23 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\PackageAware
[2012/03/23 11:24:44 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/22 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\APN
[2012/03/20 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Avery
[2012/03/14 01:05:20 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 01:05:20 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/14 01:05:19 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/14 01:05:19 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/14 01:05:19 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/14 01:04:45 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/03/14 01:04:44 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/03/13 09:16:24 | 000,000,000 | --SD | C] -- C:\Users\MOM\Documents\My Data Sources
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2012/03/13 08:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2012/03/13 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2012/03/13 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\pdc
[2012/03/13 02:28:40 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Add-in Express
[2012/03/13 02:02:25 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\ARCHIVES
[2012/03/11 17:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/03/11 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/03/08 00:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/08 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/08 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/07 12:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/07 12:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/07 12:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/07 12:23:56 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Google
[2012/03/06 09:50:32 | 000,000,000 | R--D | C] -- C:\Users\MOM\Documents\Outlook Files
[2012/03/06 08:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/05 20:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/05 20:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/05 20:48:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/05 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/05 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/05 20:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/03/05 20:43:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/05 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\OneNote Notebooks
[2012/03/05 14:54:07 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Apps
[2012/03/05 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\MOM\Documents\Document work in Progress
[2012/03/05 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Local\Microsoft Help
[2012/03/05 12:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/03/05 11:17:04 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2012/03/05 11:17:04 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2012/03/05 11:17:04 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2012/03/05 11:17:04 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2012/03/05 11:17:04 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2012/03/05 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/03/05 11:16:54 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2012/03/05 11:16:54 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2012/03/05 11:16:54 | 000,537,600 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2012/03/05 11:16:54 | 000,537,600 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2012/03/05 11:16:54 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2012/03/05 11:16:54 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2012/03/05 11:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/03/05 11:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/03/05 11:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/03/05 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\InstallShield
[2012/03/05 11:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/03/05 05:21:45 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/05 01:33:31 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Epson
[2012/03/05 00:46:37 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2012/03/05 00:46:37 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2012/03/05 00:46:37 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2012/03/05 00:46:37 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2012/03/05 00:46:36 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2012/03/05 00:45:29 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMEMA.DLL
[2012/03/05 00:45:27 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBEMA.DLL
[2012/03/05 00:44:34 | 000,083,968 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2012/03/05 00:44:34 | 000,012,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2012/03/05 00:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/03/02 01:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/03/02 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/03/02 01:01:51 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMHOA.DLL
[2012/03/02 01:01:49 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBHOA.DLL
[2012/03/02 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:32:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/03/02 00:30:54 | 000,000,000 | ---D | C] -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CharterSuite
[2012/03/02 00:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CharterSuite
[2012/03/02 00:30:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/03/02 00:30:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/03/01 17:41:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:41:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:41:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/01 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/03/01 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 12:03:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\MOM\Desktop\OTL.exe
[2012/03/26 11:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/26 11:02:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 11:02:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 09:07:38 | 000,000,928 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/26 05:09:03 | 000,637,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/26 05:09:02 | 000,746,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/26 05:09:02 | 000,113,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/26 05:05:23 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 05:04:36 | 000,000,610 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/26 05:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 19:49:12 | 000,000,680 | ---- | M] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2012/03/25 19:18:31 | 000,000,087 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\netstat.bat
[2012/03/25 14:49:56 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Internet Security.lnk
[2012/03/25 14:13:36 | 000,002,301 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/03/25 11:23:39 | 000,000,767 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2012/03/24 21:22:42 | 000,004,749 | ---- | M] () -- C:\Users\MOM\Documents\sightspeed_picon-1332638562.png
[2012/03/24 12:10:14 | 000,001,089 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/24 11:30:14 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/24 11:10:25 | 000,000,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/24 06:38:43 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/03/23 12:03:49 | 000,002,515 | ---- | M] () -- C:\Users\MOM\Desktop\HiJackThis.lnk
[2012/03/20 20:16:41 | 000,072,015 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.spx
[2012/03/20 20:16:41 | 000,004,531 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.rtf
[2012/03/14 09:06:31 | 000,869,825 | ---- | M] () -- C:\Users\MOM\AppData\Local\census.cache
[2012/03/14 09:05:35 | 000,129,402 | ---- | M] () -- C:\Users\MOM\AppData\Local\ars.cache
[2012/03/14 08:30:59 | 000,383,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 13:03:53 | 000,007,680 | ---- | M] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 06:34:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | M] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:22:58 | 000,026,784 | ---- | M] () -- C:\Users\MOM\01120370.one
[2012/03/13 06:22:36 | 000,073,080 | ---- | M] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:22:31 | 000,043,200 | ---- | M] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | M] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:14:12 | 000,062,112 | ---- | M] () -- C:\Users\MOM\01120375.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | M] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 05:16:00 | 000,004,274 | ---- | M] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat
[2012/03/13 04:44:53 | 000,000,162 | -HS- | M] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 03:57:46 | 000,008,671 | ---- | M] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 03:53:08 | 000,016,446 | ---- | M] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/13 03:52:40 | 000,026,452 | ---- | M] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 03:51:26 | 000,011,939 | ---- | M] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 03:48:36 | 000,153,600 | ---- | M] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 03:47:22 | 000,072,384 | ---- | M] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 03:47:00 | 000,061,839 | ---- | M] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 03:45:24 | 000,100,021 | ---- | M] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 03:44:07 | 000,201,905 | ---- | M] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 03:42:25 | 000,013,908 | ---- | M] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 02:53:33 | 000,761,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 22:36:36 | 000,071,164 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | M] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/06 08:46:49 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | M] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/02 01:08:31 | 000,001,682 | ---- | M] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/02 00:32:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/03/02 00:30:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/03/02 00:30:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/03/01 17:41:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/01 17:41:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:41:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:41:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 14:56:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 19:18:31 | 000,000,087 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\netstat.bat
[2012/03/25 14:49:56 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Internet Security.lnk
[2012/03/25 11:24:19 | 000,002,301 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/03/25 11:23:39 | 000,000,767 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2012/03/24 21:22:42 | 000,004,749 | ---- | C] () -- C:\Users\MOM\Documents\sightspeed_picon-1332638562.png
[2012/03/24 06:38:56 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/24 06:38:55 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 06:38:54 | 000,000,610 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/24 06:38:43 | 000,001,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/03/24 06:38:43 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/03/23 11:24:44 | 000,002,515 | ---- | C] () -- C:\Users\MOM\Desktop\HiJackThis.lnk
[2012/03/20 20:16:41 | 000,072,015 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.spx
[2012/03/20 20:16:41 | 000,004,531 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics2.rtf
[2012/03/13 06:34:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001141981.cab - Shortcut.lnk
[2012/03/13 06:34:25 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001146168.cab - Shortcut.lnk
[2012/03/13 06:33:57 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001120370.cab - Shortcut.lnk
[2012/03/13 06:33:49 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP010211762.cab - Shortcut.lnk
[2012/03/13 06:33:43 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut (2).lnk
[2012/03/13 06:33:34 | 000,000,562 | ---- | C] () -- C:\Users\MOM\Desktop\TP001162359.cab - Shortcut.lnk
[2012/03/13 06:20:36 | 000,207,864 | ---- | C] () -- C:\Users\MOM\Legal Practice Notebook.onepkg
[2012/03/13 06:20:23 | 000,073,080 | ---- | C] () -- C:\Users\MOM\01221678.one
[2012/03/13 06:20:05 | 000,050,872 | ---- | C] () -- C:\Users\MOM\01162359.one
[2012/03/13 06:19:50 | 000,006,448 | ---- | C] () -- C:\Users\MOM\01146168.one
[2012/03/13 06:19:30 | 000,106,688 | ---- | C] () -- C:\Users\MOM\01141981.one
[2012/03/13 06:19:11 | 000,043,200 | ---- | C] () -- C:\Users\MOM\01135103.one
[2012/03/13 06:16:23 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110813 - Shortcut.lnk
[2012/03/13 06:16:14 | 000,000,536 | ---- | C] () -- C:\Users\MOM\Desktop\.20110811 - Shortcut.lnk
[2012/03/13 06:06:29 | 000,062,112 | ---- | C] () -- C:\Users\MOM\01120375.one
[2012/03/13 06:05:39 | 000,000,400 | ---- | C] () -- C:\Users\MOM\content.inf
[2012/03/13 06:05:22 | 000,026,784 | ---- | C] () -- C:\Users\MOM\01120370.one
[2012/03/13 05:30:53 | 000,000,817 | ---- | C] () -- C:\Users\MOM\Desktop\TP001221679.cab - Shortcut.lnk
[2012/03/13 04:48:08 | 000,153,600 | ---- | C] () -- C:\Users\MOM\Documents\TS001173485.dot
[2012/03/13 04:48:04 | 000,072,384 | ---- | C] () -- C:\Users\MOM\Documents\TP001221679.cab
[2012/03/13 04:47:49 | 000,061,839 | ---- | C] () -- C:\Users\MOM\Documents\TP001221678.cab
[2012/03/13 04:47:44 | 000,100,021 | ---- | C] () -- C:\Users\MOM\Documents\TP001141981.cab
[2012/03/13 04:47:39 | 000,201,905 | ---- | C] () -- C:\Users\MOM\Documents\TP010211762.cab
[2012/03/13 04:47:33 | 000,013,908 | ---- | C] () -- C:\Users\MOM\Documents\TP001120375.cab
[2012/03/13 04:47:25 | 000,000,162 | -HS- | C] () -- C:\Users\MOM\Documents\~$001178515.cab
[2012/03/13 04:47:14 | 000,008,671 | ---- | C] () -- C:\Users\MOM\Documents\TP001146168.cab
[2012/03/13 04:47:09 | 000,011,939 | ---- | C] () -- C:\Users\MOM\Documents\TP001120370.cab
[2012/03/13 04:47:04 | 000,026,452 | ---- | C] () -- C:\Users\MOM\Documents\TP001162359.cab
[2012/03/13 04:46:57 | 000,016,446 | ---- | C] () -- C:\Users\MOM\Documents\TP001135103.cab
[2012/03/08 22:36:36 | 000,071,164 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.spx
[2012/03/08 22:36:36 | 000,002,542 | ---- | C] () -- C:\Users\MOM\Documents\iTunes Diagnostics.rtf
[2012/03/08 00:38:53 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 13:30:01 | 000,001,089 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/07 12:28:31 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/07 12:26:48 | 000,001,971 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 12:24:09 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 12:24:07 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 09:51:34 | 000,000,928 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/05 12:56:43 | 000,000,545 | ---- | C] () -- C:\Users\MOM\Desktop\Document work in Progress - Shortcut.lnk
[2012/03/05 11:34:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/05 00:46:37 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/05 00:46:37 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/05 00:46:37 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/05 00:46:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/05 00:46:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/05 00:46:37 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/05 00:46:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/05 00:46:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/05 00:46:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/05 00:46:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/05 00:46:36 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/05 00:46:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/05 00:46:36 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/05 00:46:36 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/05 00:46:36 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/03/05 00:46:36 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/03/05 00:46:36 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/03/05 00:46:36 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/03/02 01:08:31 | 000,001,682 | ---- | C] () -- C:\Users\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/03/01 14:56:12 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/20 08:18:59 | 000,869,825 | ---- | C] () -- C:\Users\MOM\AppData\Local\census.cache
[2011/11/20 08:18:53 | 000,129,402 | ---- | C] () -- C:\Users\MOM\AppData\Local\ars.cache
[2011/11/20 08:11:40 | 000,000,036 | ---- | C] () -- C:\Users\MOM\AppData\Local\housecall.guid.cache
[2011/10/28 02:31:00 | 000,024,247 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\UserTile.png
[2011/09/18 02:06:13 | 000,000,008 | -H-- | C] () -- C:\Users\MOM\AppData\Local\L8457789110
[2011/08/20 00:16:50 | 000,761,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/01 04:15:28 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/05/29 17:48:14 | 000,000,680 | ---- | C] () -- C:\Users\MOM\AppData\Local\d3d9caps.dat
[2010/05/23 12:51:52 | 000,007,680 | ---- | C] () -- C:\Users\MOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 02:16:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/21 02:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/21 02:14:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/05/19 03:24:48 | 000,004,274 | ---- | C] () -- C:\Users\MOM\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/03/21 00:09:06 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Avery
[2011/08/15 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/03/05 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Epson
[2011/09/18 02:26:39 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\FileMaker Pro
[2012/03/25 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\GFI Software
[2010/07/19 00:05:06 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\JobTabsLLC
[2012/03/23 11:22:47 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\pdc
[2011/10/28 02:31:00 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\PeerNetworking
[2010/05/19 03:25:03 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\Template
[2011/11/20 09:08:17 | 000,000,000 | ---D | M] -- C:\Users\MOM\AppData\Roaming\TomTom
[2012/03/26 05:04:36 | 000,000,610 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,606 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/24 11:30:14 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/03/25 14:57:54 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/12 04:51:43 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1ABDF857-C0F7-45EA-81D9-8B8D9472C2B7}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/03/04 07:31:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/03/04 07:31:20 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/03/04 07:31:21 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/03/04 07:31:20 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2012/02/07 17:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/03/04 07:31:21 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/03/04 07:31:20 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/03/04 07:31:20 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/03/04 07:31:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/26 09:05:33 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/26 09:05:33 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/26 09:05:33 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/26 09:05:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/26 09:05:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/26 09:05:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/08/19 23:54:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/08/19 23:54:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/08/19 23:54:48 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 23:54:49 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/19 23:54:49 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/19 23:54:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/19 23:54:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/19 23:54:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 23:54:49 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/19 23:54:49 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9320325AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 82837504
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 288.00GB
Starting Offset: 10820255744
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: REDLAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 288 GB Healthy System

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 12:31:41
-----------------------------
12:31:41.863 OS Version: Windows x64 6.0.6002 Service Pack 2
12:31:41.863 Number of processors: 2 586 0x170A
12:31:41.864 ComputerName: REDLAPTOP UserName: MOM
12:31:43.328 Initialize success
12:33:06.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:33:06.025 Disk 0 Vendor: ST9320325AS 0002DEM1 Size: 305245MB BusType: 3
12:33:06.043 Disk 0 MBR read successfully
12:33:06.048 Disk 0 MBR scan
12:33:06.053 Disk 0 Windows VISTA default MBR code
12:33:06.059 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
12:33:06.075 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
12:33:06.090 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294925 MB offset 21133312
12:33:06.123 Disk 0 scanning C:\Windows\system32\drivers
12:33:16.772 Service scanning
12:33:24.986 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:33:35.761 Modules scanning
12:33:35.778 Disk 0 trace - called modules:
12:33:35.823 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:33:35.832 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005c816e0]
12:33:35.842 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bac4b0]
12:33:35.854 Scan finished successfully
12:34:29.671 Disk 0 MBR has been saved successfully to "C:\Users\MOM\Desktop\MBR.dat"
12:34:29.678 The log file has been saved successfully to "C:\Users\MOM\Desktop\aswMBR.txt"
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dowhich?,

My sincere apologies - I still did not get an extras file.....truly I thought I followed every step as instructed - but i must have missed something. Can you clarify?

Yes, I can. You don't owe me an apology, I owe you one. I didn't include the necessary setting to get the Extras.txt file. My bad. Let me try again. This scan will produce a very abbreviated OTL.txt log which I don't need you to post. It will also produce the Extras.txt log that I need you to post.

The good news is the aswMBR scan doesn't show any signs of a rootkit.

You stated that you don't have FireFox on the system. Did you ever have it? If you don't have it now, did you uninstall it through the Uninstall Programs section of the Control Panel, or did you use some other method?


Step-1.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Make sure the Output box at the top is set to Standard Output.
  • Click the radio button beside None in the following boxes:
    Processes
    Modules
    Services
    Drivers
    Standard Registry
    Files Created Within
    Files Modified Within
  • In the Extra Registry box, click the radio button beside Use Safelist<---Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    I don't need the OTL.txt file, but I do need you to post the Extras.txt file in your next reply.


Step-2.

Things For Your Next Post:
1. The Extras.txt file
2. Answer to the questions I asked above.
  • 0

#7
Dowhich?

Dowhich?

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for this - no worries.

I do have firefox and extras is below. Best/Lisa




OTL Extras logfile created on: 3/27/2012 12:34:44 AM - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\MOM\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.89% Memory free
8.12 Gb Paging File | 5.92 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 182.06 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.96 Gb Free Space | 19.59% Space Free | Partition Type: NTFS

Computer Name: REDLAPTOP | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 09 A1 64 5A 3D 00 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1632BE84-4BE6-4AA0-8030-9BD29785B036}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A0779DE-F8C9-40DF-8532-2B655A63637F}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AC977D3-0108-4E48-A907-6AB37D3D7B71}" = lport=139 | protocol=6 | dir=in | app=system |
"{48854B5D-6F83-4378-BAFE-B2FD17D88EDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F6A672B-6832-4D21-8A49-9D968F5C7D6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{80AC3652-18F1-420C-9F29-5337D9F3308B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A446F192-E7AA-49E1-9EC0-BAE216C5A8D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B7A8C32F-82F7-4D45-9E2A-A6C6077232F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDDBA8B1-ADAD-43B7-B42E-46BB23E4F389}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE62B73B-5FBD-49C7-962D-162AA2F726A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA4F9F31-C629-4AA5-9FEE-5D888526E098}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C8C4EE-FABE-4FF3-8D95-DA7DF7803005}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3D735E17-F232-4471-9E47-77EEBC26BD83}" = protocol=1 | dir=in | [email protected],-28543 |
"{94314334-371C-446D-B7D0-32CE7EB0E297}" = protocol=58 | dir=out | [email protected],-28546 |
"{94AC536B-8489-4E5A-9637-F8007F56B343}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{963B2F22-4B5D-488C-A11D-FCE6613F9FAA}" = protocol=1 | dir=out | [email protected],-28544 |
"{C1757856-F537-46B2-A90B-82B1C7B66F77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D0599000-AC5A-4FA5-9819-D6A7A3CC1948}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F647C28B-7E89-4F67-918B-AFB51AE3DD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{09FA2E21-3D20-4611-BBF6-A387B90D98F6}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{398795DC-1B3D-40A1-BFD5-FBC8006F2B68}C:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |
"TCP Query User{4B341A2E-4825-4517-8D1A-02AFEAB7AFFF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{DE6C246C-F0B7-4FE6-A14E-0584870C609B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{2C42F27E-4F3A-48F5-BCF1-2E1EE136EB79}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{999AEEF5-6DEF-4FEC-A971-90DC66CFA340}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{99E05B90-2CC8-4A90-AB03-A81D61695984}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B1BB7C56-4C22-418B-BCC7-A0643401CB2C}C:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DE652BA-C7C5-48BB-AA6A-6F41D17B5DB1}" = VIPRE Internet Security
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E0E07D0E-2B41-FCB0-6596-FEE18AABE9FD}" = Livescribe Connect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"IMDb Toolbar" = IMDb Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"ST6UNST #1" = CharterSuite
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2012 10:58:58 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/21/2012 10:58:58 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3214

Error - 3/21/2012 10:58:58 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3214

Error - 3/21/2012 10:58:59 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/21/2012 10:58:59 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4212

Error - 3/21/2012 10:58:59 PM | Computer Name = RedLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4212

Error - 3/22/2012 1:14:03 PM | Computer Name = RedLaptop | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 4:20:43 PM | Computer Name = RedLaptop | Source = EventSystem | ID = 4621
Description =

Error - 3/22/2012 4:23:50 PM | Computer Name = RedLaptop | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 5:19:01 PM | Computer Name = RedLaptop | Source = Application Error | ID = 1000
Description = Faulting application ARO.exe, version 8.0.7.0, time stamp 0x4f06a41c,
faulting module ARO.exe, version 8.0.7.0, time stamp 0x4f06a41c, exception code
0xc0000005, fault offset 0x0001ffca, process id 0x434, application start time 0x01cd087165b2e4c3.

[ Broadcom Wireless LAN Events ]
Error - 11/23/2011 7:29:50 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 18:29:49, Wed, Nov 23, 11 Error - Unable to gain access to user store


Error - 11/28/2011 5:44:36 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 16:44:35, Mon, Nov 28, 11 Error - Unable to gain access to user store


Error - 11/30/2011 6:52:24 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 17:52:23, Wed, Nov 30, 11 Error - Unable to gain access to user store


Error - 3/1/2012 2:47:05 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 01:47:04, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 7:56:53 AM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 06:56:52, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 8:18:42 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 19:18:41, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/1/2012 10:52:06 PM | Computer Name = MOM-PC | Source = WLAN-Tray | ID = 0
Description = 21:52:05, Thu, Mar 01, 12 Error - Unable to gain access to user store


Error - 3/10/2012 9:11:27 PM | Computer Name = RedLaptop | Source = WLAN-Tray | ID = 0
Description = 20:11:26, Sat, Mar 10, 12 Error - Unable to gain access to user store


Error - 3/19/2012 10:50:49 AM | Computer Name = RedLaptop | Source = WLAN-Tray | ID = 0
Description = 10:50:48, Mon, Mar 19, 12 Error - Unable to gain access to user store


Error - 3/22/2012 1:14:39 PM | Computer Name = RedLaptop | Source = WLAN-Tray | ID = 0
Description = 13:14:35, Thu, Mar 22, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 3/26/2012 4:47:31 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7034
Description =

Error - 3/26/2012 4:48:23 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 4:48:23 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 4:48:23 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 5:03:12 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 5:04:15 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 6:40:29 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 6:40:39 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 7:44:57 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2012 7:45:07 PM | Computer Name = RedLaptop | Source = Service Control Manager | ID = 7001
Description =


< End of report >
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dowhich?,

I got the logs and am reviewing them. I'll be back to you shortly.
  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dowhich?,

We are going to run an AV program from outside of windows. This process will allow the AV to scan the computer without loading windows.

You will need a blank cd.


Step-1.

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - On a lot of newer systems you can get to the boot menu by pressing the F12 key when the system starts up and selecting the CD from the boot menu. If you don't have a boot menu option, see this page for instructions.
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The program will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP