Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Check -XBV6RD5SZF - Is this Malware?


  • Please log in to reply

#1
Metalwork

Metalwork

    Member

  • Member
  • PipPip
  • 13 posts
Below is my OTL Report and Extras Report

OTL logfile created on: 7/10/2012 7:45:06 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 41.88% Memory free
6.21 Gb Paging File | 4.45 Gb Available in Paging File | 71.65% Paging File free
Paging file location(s): C:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 275.94 Gb Free Space | 61.63% Space Free | Partition Type: NTFS
Drive F: | 219.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 07:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
PRC - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/18 07:23:15 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/06/04 16:17:00 | 004,527,504 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/22 14:07:00 | 001,592,160 | ---- | M] () -- C:\Users\Bobby\Downloads\M4-Capture.exe
PRC - [2012/02/22 14:06:58 | 001,007,472 | ---- | M] () -- C:\Users\Bobby\Downloads\M4-Service.exe
PRC - [2010/11/19 09:17:20 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/08/04 04:51:38 | 000,069,632 | ---- | M] () -- C:\Windows\agent.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:12:56 | 000,027,136 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\FTmsgsvc.exe
PRC - [2009/08/18 17:12:32 | 000,114,688 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\FTclctrl.exe
PRC - [2009/08/18 14:50:24 | 000,009,216 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\Fapiexe.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/01 14:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/17 01:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/27 14:26:00 | 000,053,248 | ---- | M] ( Advanced Software Technologies) -- C:\Windows\System32\AstSrv.exe
PRC - [2006/08/14 10:10:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 15:49:26 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/18 07:23:17 | 001,977,312 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/06/18 07:23:17 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/06/18 07:23:17 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/06/13 10:20:39 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
MOD - [2012/06/13 09:42:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 09:42:22 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 03:54:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 03:50:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 03:48:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 03:47:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/11/04 11:04:32 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Inkjet.Diagnostics\5.4.6.4__5cc7ad8abd921325\Inkjet.Diagnostics.dll
MOD - [2010/11/04 11:04:31 | 000,058,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Inkjet.Automation\5.4.6.4__5cc7ad8abd921325\Inkjet.Automation.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/20 07:46:06 | 000,282,730 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\SimpleExt.dll
MOD - [2008/04/20 07:46:06 | 000,241,752 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll
MOD - [2006/08/14 10:10:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe
MOD - [2006/08/08 13:40:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SKHooks.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/07/09 19:55:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/19 15:49:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/12 20:14:51 | 000,289,928 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Bobby\Documents\ZohoMeeting\ZohoMeeting.exe -- (Zoho Assist)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/22 14:06:58 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\Bobby\Downloads\M4-Service.exe -- (M4-Service)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/04 04:51:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Windows\agent.exe -- (Agent)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/10 14:05:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 17:12:56 | 000,027,136 | ---- | M] (Thought Communications, Inc.) [Auto | Running] -- C:\Program Files\FaxTalk\FTmsgsvc.exe -- (FaxTalk FaxCenter Pro 7.5)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/02/01 14:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/27 14:26:00 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/11/03 04:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/11/03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/09/13 18:07:36 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/14 11:01:24 | 000,013,680 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/28 20:29:12 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)
DRV - [2006/11/08 03:54:04 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 03:53:00 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DPV)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/30 00:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMOUKE.sys -- (LMouKE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seoic.com/
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn, = http://search.nation...qcat=web&qkw=%s
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn, = %20
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,# = %23
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,& = %26
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,: = %3A
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,? = %3F
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,+ = %2B
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Internet Explorer\SearchURL\nn,= = %3D
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...&loc=PMAH10IESB
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://seoic.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/30 14:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/19 15:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/16 14:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/18 07:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/04/16 07:50:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bobby\AppData\Roaming\Move Networks [2010/11/06 08:43:02 | 000,000,000 | ---D | M]

[2011/08/08 16:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Extensions
[2009/07/17 10:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/17 10:32:04 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/07/05 13:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions
[2012/02/10 11:38:58 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/07/05 13:31:18 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions\[email protected]
[2012/06/16 14:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 14:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/11/06 08:43:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOVE NETWORKS
[2012/04/16 21:08:42 | 000,015,997 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/02/10 11:38:57 | 000,107,019 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/05/21 08:21:20 | 001,771,909 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/19 15:49:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/19 13:54:56 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/06/19 15:49:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/19 15:49:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Bouncy Mouse = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: http://football.fant...yahoo.com/f1/16 = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlafocckfanhknpficnkaacmpbokhah\2011.10.28.56276_0\
CHR - Extension: StumbleUpon = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.5.7.1_0\

O1 HOSTS File: ([2009/12/10 14:35:10 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 7.5] C:\Program Files\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SkDaemond] C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zoho Assist.lnk = C:\Users\Bobby\Documents\ZohoMeeting\ZohoTray.exe (Zoho Meeting)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..Trusted Domains: ideamarketers.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3979474346-4061523993-856938039-1004\..Trusted Domains: seoic.com ([www] https in Trusted sites)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://sites.clarkus.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F39EAF1-36C1-4950-AA32-4613267F1C86}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/09 19:18:51 | 000,000,000 | ---D | M] - C:\Auto Save -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/01/30 09:16:30 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{fea29f06-0ec3-11dd-b103-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fea29f06-0ec3-11dd-b103-806e6f6e6963}\Shell\AutoRun\command - "" = F:\START.EXE -- [2002/01/30 09:45:23 | 003,061,448 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 07:23:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2012/07/09 20:59:09 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTC.exe
[2012/07/09 20:45:40 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
[2012/07/09 20:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 06:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/30 06:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/06/30 06:38:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/28 08:56:29 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\dotPDN LLC
[2012/06/23 01:19:32 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/23 01:19:31 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/23 01:19:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/23 01:19:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/23 01:19:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/23 01:18:38 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/23 01:18:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/16 14:26:38 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/16 14:26:38 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/16 14:26:38 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/16 14:26:38 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/13 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Macromedia
[2012/06/13 08:56:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 08:56:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 08:56:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 08:56:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 08:56:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 08:56:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 08:56:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 06:07:30 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 14:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

========== Files - Modified Within 30 Days ==========

[2012/07/10 07:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2012/07/10 07:02:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 06:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004UA.job
[2012/07/10 06:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 06:56:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 06:56:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 06:56:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 06:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/10 01:45:31 | 000,005,172 | ---- | M] () -- C:\Windows\mozy.flt
[2012/07/10 01:45:31 | 000,003,486 | ---- | M] () -- C:\Windows\mozy.blk
[2012/07/09 20:59:12 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTC.exe
[2012/07/09 19:59:06 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004Core.job
[2012/07/09 19:55:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/09 19:55:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/06 17:11:57 | 009,572,753 | ---- | M] () -- C:\Users\Bobby\Desktop\plans.pdf
[2012/07/06 10:57:57 | 003,844,573 | R--- | M] () -- C:\Users\Bobby\Desktop\0WCH Markups.pdf
[2012/07/04 12:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2012/07/02 18:49:30 | 000,207,435 | ---- | M] () -- C:\Users\Bobby\Desktop\eleccib.pdf
[2012/06/29 08:09:59 | 000,834,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/29 08:09:59 | 000,188,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/25 14:21:25 | 000,060,304 | ---- | M] () -- C:\Users\Bobby\g2mdlhlpx.exe
[2012/06/18 17:17:22 | 000,018,629 | ---- | M] () -- C:\Users\Bobby\Desktop\Contacts.csv
[2012/06/16 14:25:56 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/16 14:25:56 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/16 14:25:56 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/16 14:25:55 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/16 14:25:55 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/15 01:28:13 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2012/06/13 09:34:40 | 002,523,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 14:52:59 | 000,000,955 | ---- | M] () -- C:\Users\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

========== Files Created - No Company Name ==========

[2012/07/09 19:55:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 17:11:55 | 009,572,753 | ---- | C] () -- C:\Users\Bobby\Desktop\plans.pdf
[2012/07/06 10:57:55 | 003,844,573 | R--- | C] () -- C:\Users\Bobby\Desktop\0WCH Markups.pdf
[2012/07/02 19:07:55 | 000,207,435 | ---- | C] () -- C:\Users\Bobby\Desktop\eleccib.pdf
[2012/06/18 17:17:19 | 000,018,629 | ---- | C] () -- C:\Users\Bobby\Desktop\Contacts.csv
[2012/06/12 14:52:59 | 000,000,955 | ---- | C] () -- C:\Users\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/12/06 14:10:41 | 000,000,306 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/12/06 14:10:41 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/12/06 14:03:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/12/06 14:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/11/30 00:04:41 | 000,004,003 | ---- | C] () -- C:\Users\Bobby\.recently-used.xbel
[2011/11/18 19:56:56 | 000,110,456 | ---- | C] () -- C:\Users\Bobby\g2ax_customer_downloadhelper_win32_x86.exe
[2011/08/12 22:51:04 | 000,000,284 | ---- | C] () -- C:\Users\Bobby\.AtD-OpenOffice.org
[2011/04/26 21:32:55 | 000,000,025 | ---- | C] () -- C:\Windows\WebEasy.INI
[2011/02/08 09:52:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/27 10:31:32 | 000,115,712 | ---- | C] () -- C:\Windows\Notespad Uninstaller.exe
[2010/08/24 15:01:49 | 000,000,132 | ---- | C] () -- C:\Windows\picture-shark.INI
[2010/08/20 15:15:01 | 000,069,632 | ---- | C] () -- C:\Windows\agent.exe
[2010/08/20 15:14:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\pmppm.dll
[2010/07/14 17:17:06 | 000,060,304 | ---- | C] () -- C:\Users\Bobby\g2mdlhlpx.exe
[2010/06/24 13:00:32 | 000,000,137 | ---- | C] () -- C:\Users\Bobby\.jalbum-recent-projects.properties
[2010/06/24 12:55:35 | 000,000,442 | ---- | C] () -- C:\Users\Bobby\.jalbum-ftp-accounts.xml
[2010/06/24 12:55:34 | 000,000,923 | ---- | C] () -- C:\Users\Bobby\.jalbum-defaults.jap
[2010/03/26 09:36:36 | 000,000,760 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\setup_ldm.iss
[2010/02/26 12:53:14 | 000,000,085 | ---- | C] () -- C:\Users\Bobby\appletfile.props
[2009/11/16 11:14:22 | 000,000,680 | ---- | C] () -- C:\Users\Bobby\AppData\Local\d3d9caps.dat
[2009/09/04 18:26:03 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2009/07/17 15:14:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 16:34:40 | 000,000,093 | ---- | C] () -- C:\Users\Bobby\AppData\Local\fusioncache.dat
[2008/09/02 03:32:28 | 000,004,864 | ---- | C] () -- C:\ProgramData\powjnvfp.pmy
[2008/09/01 09:52:51 | 000,064,512 | ---- | C] () -- C:\Users\Bobby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/05/24 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Audacity
[2011/11/18 17:28:00 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Autodesk
[2009/10/06 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Avanquest
[2010/03/26 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\BackToTheBeach
[2009/11/06 09:34:28 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CheckPoint
[2009/12/09 10:47:55 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ClipMagic
[2012/05/21 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CoffeeCup Software
[2011/12/06 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ControlCenter4
[2009/09/24 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DigitalPhotosExport
[2012/07/10 06:58:19 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Dropbox
[2011/11/18 17:59:19 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FabCAD
[2008/08/29 21:53:48 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FabCADinc
[2009/07/17 10:32:00 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Foxit
[2012/06/12 15:07:24 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Foxit Software
[2010/01/08 08:36:22 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\GoodSync
[2011/11/29 23:51:40 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\gtk-2.0
[2010/03/26 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\iHostStudio
[2008/08/29 12:18:10 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\InterVideo
[2012/06/28 09:01:04 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Jarte
[2011/10/12 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Leadertech
[2011/07/01 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\LiveSoftware
[2010/01/25 17:11:08 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\MAGIX
[2010/08/27 11:52:10 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\MyNesting
[2011/12/06 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Nuance
[2010/01/28 09:36:37 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\OpenOffice.org
[2012/04/04 12:02:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\PC-FAX TX
[2009/08/10 15:32:38 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Playrix Entertainment
[2010/06/11 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Snappy Fax
[2008/08/31 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Snappy Fax Archives
[2010/10/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\svBuilder
[2010/11/04 10:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Temp
[2011/08/08 16:51:21 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Thunderbird
[2010/03/09 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Turbine
[2010/08/20 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Two Pilots
[2009/10/27 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Unity
[2010/04/04 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\uTorrent
[2010/06/10 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Vu360
[2010/08/24 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\webex
[2010/10/25 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Windows Live Writer
[2011/08/12 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Zoundry
[2012/07/10 06:53:58 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/04 12:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Schedule Task Weekly.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 510 bytes -> C:\Users\Bobby\Documents\Builders.eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 7/10/2012 7:30:16 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.10% Memory free
6.21 Gb Paging File | 4.65 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): C:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 275.94 Gb Free Space | 61.63% Space Free | Partition Type: NTFS
Drive F: | 219.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06244662-C795-4D31-BAA4-AB092FD4B066}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{275CC055-F0C5-41F7-A72D-60BD594C505A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{285D19C9-1019-4BED-AD75-12792C704DD3}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{38B93BEC-9E96-4ED6-83D8-CC0C5DEDB7F7}" = lport=47917 | protocol=17 | dir=in | name=ut |
"{43983F86-E711-40B2-B5E1-2E3FBE48DC84}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{4FC2D385-0F73-4C20-8B0F-D258A1A9B863}" = lport=10243 | protocol=6 | dir=in | app=system |
"{513C341B-F195-47B9-9C07-268C88F45128}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53468DCF-4811-4137-A89B-20C1B099EE34}" = lport=47917 | protocol=6 | dir=in | name=utorrent |
"{69480888-037A-49A3-A8F1-108E9DD9855F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{869C23C6-FF40-4146-B082-D56FD29FA06F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A47207E8-90CB-4377-B247-C06CFF7E98B2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{BCD2BFC5-DCA6-47AD-A8A6-524F6D5F5386}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD26C054-F299-4876-AA17-0806FB594AE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDEAF94C-85D5-43FD-AE45-AAA1558DC5E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAF068F7-EF32-48C8-B50C-5CAA25B625A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D474EE9B-2EDE-4F4A-ABCA-CE7F9DF0B3AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7D79558-CCF0-4AC0-8FA2-318636A28D5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAD40A27-FA27-486E-BD30-764C33BCA511}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A4FF0A-07FA-4A7E-8296-21322BE5EE6C}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{01464AE5-0E13-4163-A848-E0100007C642}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0186AC0E-EAFA-430D-9AF5-581576F5B2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{01A24D1F-E309-4A9D-96F7-417FB6DE0229}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{020ACD3C-D6AE-4421-ACC9-66D581AC47B1}" = protocol=6 | dir=out | app=system |
"{03D82F9B-4A48-4251-9182-BA912DCDD522}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0425E799-F399-49F2-A6D5-5D38FDD2E2FC}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{075AF1BE-0FC7-4E71-8C85-CCF43140D8AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{082E45E5-97A2-4B6A-BAC0-468C8ED64A33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B6668FE-199E-492D-B026-D5D820D64F1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C5C21B8-17B4-43C3-88FE-CDFC0A2F8692}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CADF18F-30CC-44E0-843D-F768D8C3E352}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{12F0E047-F744-427D-AB67-D9FF9CC1A4F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13037D39-0266-46CD-BBE4-96448E1C1C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1519646A-92F4-474B-BB7E-5E221004812E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17E8A5D1-A2B0-4DEF-9F27-9DFFBA1F7705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{187876DB-8B31-45AB-A231-CB8F7E8943B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18FDF615-7D64-4612-8F9D-4D1807E8FFFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D1AFBFD-5065-4133-9C0D-2CDA03A0103A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E25F1F4-F0BA-4CA3-81AB-480E62931B4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E85DECB-9CCA-4B5B-BF40-5935BC2F95E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A5AD1F-98E1-4440-9984-18C07482E222}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{215BF307-AC5F-48E7-8E35-8F0E9C515EDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{225C217B-3501-454A-B4CC-1EC2F051BE9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22B0D424-5FAC-4EF4-8123-0D93B9BCCF14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2516AF7C-B3C2-418F-A4F0-8ED45E07FC8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25905682-75BB-408D-A91C-BFF010EBE97E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{260530FB-AD8B-482A-9FEF-5A34D21D6F9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2712D0E5-EE24-4E42-BD62-C870A5FECA8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29378638-35E3-436F-97CA-BD614DE8295B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{297F7F35-D746-4C4D-A30B-CBA86D03F4AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B035309-69E4-4092-877E-C5EB5277B6FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D753251-072A-41D8-A1D4-FF7BFA110E10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D76682F-9975-4464-B6C1-8C02702277EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F74D314-75E7-4C49-A985-0014214839C4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FDE89A3-AFB8-4B32-9FB9-F81F9F8FE4A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31E1F571-E50F-4324-B6DE-6011D055FB40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328752C6-FF99-4F81-9F4F-3A09DF2812CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32F781B6-5D38-40BD-A610-1E48380888E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33CAE0DE-F390-4151-933A-73F40A868283}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35EE5687-9C91-4059-9FC9-1A0D51841B5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A35C4BE-E304-45FB-98F5-E9BE5B1923D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E72B36B-6983-4E00-8A9D-62ADF26F7CB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{413C8DD5-EEDE-40AA-8BDF-4C8D086033A3}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{42165869-1C54-4765-A2A4-4A23BC8B9F63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42A50ED2-A8DD-4423-8068-1D65B9A250CA}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{44DE3D7C-1FD8-4D63-BB0B-4B838A5BBA56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47F452D4-41B3-4854-920C-47204305EE48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BA07B2C-DE5A-4D30-B6D0-51CD308A081B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E9E4879-61DA-449D-BE8C-F54A9D5B9202}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{542B05CA-D9D4-43D2-9A5E-231F2BA45259}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56F609E6-D591-40D4-A921-74B696A9EEB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5764A460-F7C6-4B3A-923A-9731F310BBF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58059BF5-81BE-4C80-8E97-E2841FEDE076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58833134-09AE-4606-9742-78AFF106FBCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5993569A-F64D-4FD1-8360-0AB611B945F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C5CD35B-71E3-470F-BDB0-B11113D0550A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DD894FE-4CDC-4E61-B072-152D3814411E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{636D7AD3-B50C-468E-8473-9E16A96483D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6735FD70-128C-4B51-A250-E1C90AFC984B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6DC54F15-700C-45FC-9DE7-3D2241A3AE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E1AB781-2654-402F-A1ED-6D1202D28E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F79F5A2-BCEF-47E3-96F8-6C2E5387BC20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F84ED0B-D8D7-4B1D-9869-FE1628949B47}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{707BDA81-F0B8-4958-9016-9E3F5FA5E0CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{711B164D-331D-4D5E-8C1C-B3F55F40300C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{71AE059F-4565-4EAD-B015-2F4E6DCBA87A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73B7C4E1-183F-411F-82BD-12CB3DF095EA}" = protocol=17 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"{758394EB-805F-4FAC-A982-AA2E8AC4AB83}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{7692BBA2-74C9-4B94-8B41-6D2AA3D936C7}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{76D28532-80E6-4BC5-96CE-58E2974000A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78A97533-CE58-4763-A3DF-52C10CB81BAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79FD3B6D-08DD-4917-ADBA-7B0869A82E4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8043ABD5-C563-4D61-A1BF-F9A07FFCD48C}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{8284183C-8E76-45DB-AEF6-D018B3C52EA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86F4B656-06B4-440A-9A2A-750D4EB2BB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88ED5EC2-D1E8-4133-A8BD-315B86C61699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89190588-E994-439C-95E8-4C92737A0F12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B383760-BEAC-412F-993E-1189B5C7D23C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E98921A-D508-484E-B13F-EB93B6362E4E}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imlc.exe |
"{8FFD1890-B8EB-4EA2-B186-DA81F28BBF12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{900C3931-0DDE-4545-939A-54322777A621}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9087A690-748B-449B-9535-17885222FA17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90E97613-36F2-4E77-AEE8-44E91D36C95F}" = protocol=6 | dir=in | app=c:\users\bobby\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{95A687AA-1E38-492F-99AF-2F2919530817}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E063F86-DA37-465E-879C-8C40322FA588}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{9F77BFEB-5D69-46CE-AEDD-892FDB0EC167}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0EB84E4-80A2-43F6-A4B6-2763E6D18D03}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{ACE64CC2-BC6C-4D5E-A63D-B23642A8FC42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD6B1C56-FB2F-4EB4-B89D-CD75492E987E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFC2CA9C-B3AF-42A7-A141-C1AD1A3AC210}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B00FF3EA-503C-4C1C-9604-272853611490}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0B97D5C-EBE2-4730-A6F4-3C2961149263}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B34118A5-5501-431E-9D33-9836261E77AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B51F157F-BE75-4F78-AB28-8C73021B6450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70B6CAC-3F45-4BBC-824F-5605AB69626B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8409F18-CD4E-4590-AA7A-AC22384F2A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAA6F57E-BA4F-4AB0-AF99-D7237C8E3931}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imlc.exe |
"{BAE3585C-1180-4493-8436-65BA400D6D72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF4DC1C0-C2BF-49E5-8F69-03E222D5DACA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFB53132-FB06-48E4-AC72-71114B37A8E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFF11C7D-5FA2-48DE-8B87-4C51D1290EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C03834C1-B0EA-47AE-832D-DFDE0E477645}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D6EF90-EBE2-4467-B23C-0EF58206D473}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C39334F1-0932-4834-B0B3-ED766ACBABDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3CC8A77-5455-4D5C-A8A1-986EE1103FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C932379B-B660-4EDF-B409-4FCC3BA979F2}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impackr.exe |
"{CC30CFE1-81CD-49E1-B613-962BE70A11BB}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{CE42C0C3-3B15-40FE-A8DD-CE527A8C7496}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF0031AF-000B-4B75-B7C7-A3E7D952BAB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0C78C87-3669-4FA6-B8DB-CEDDC542982D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0CC9B40-85F4-4EA5-A17B-8A866D2B930C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3DE0A90-529F-4498-84A6-B21343DF8E18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D789674B-F64F-477D-A10D-0442439F3623}" = dir=in | app=c:\program files\lenovo\lenovo media studio\pdr.exe |
"{D99508EA-3904-4690-BA7B-C811C8E09D5E}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{DA964C19-1C49-4BC2-8EAD-987CFF12DB4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBAB4B92-5A73-492A-AABC-BA9E9F74DEC3}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{DD72DF66-3BDD-4293-9B36-14FD32304B36}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{E0260DA2-809B-4ABF-97F9-2243D9C0FE63}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{E149CA84-1B93-4E57-9458-A45626EADD11}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E1E1FBDE-BC5A-4495-B805-074F420613E3}" = protocol=6 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"{E435CEBF-9764-426F-BEF9-C6102413973A}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{E604D464-525B-423F-AA18-91023F101256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BB691A-C769-4E84-98E6-C720C16AE3F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9F1F227-FE8E-4CB0-83F8-EC07DC693D41}" = protocol=17 | dir=in | app=c:\users\bobby\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EB63A012-6552-4C3B-B7AB-3338919A8096}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB66CC9E-1060-4EDA-BEAB-A9E6323EC714}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impackr.exe |
"{EB7F326C-C0BF-42E6-B601-A72E3F0025E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE216F14-E101-4B37-AE47-3576124700CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F11E6AC1-6AAF-4FCE-8A71-20A576E56A47}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F16CA5AA-ED6E-40FB-A21C-89C571F83CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F190B9EC-1B9A-4B59-A5F2-FB61130B01CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2604EFA-BAC1-42F0-8BF1-011D1C802E48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2F8FE73-8C8C-4A93-A12F-38E9D13D68D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4072371-565E-49D3-938A-046468194DC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5225974-8AC1-4D66-94BD-EEF3EDA663C7}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{F5257933-6BB4-4679-B88C-E9BE5B9A4F61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7C07BFE-12DC-4542-924A-3E2120FCDC30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA71106-FBFC-41A9-8E5F-A9EC9FBDD443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{109C342F-53D5-4C18-B1D5-53C4FEAD0A86}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{1E9C2E34-36C3-4CEC-8587-3C9779E6034C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{27E8377E-2411-48EA-8682-759E8E97387E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{572A624D-EEE4-4489-8B70-E5DF1FB19591}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{614B6629-E246-432A-B3EB-C7696D29F4D3}C:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{727ED5F4-3623-46DF-81A3-51F7D5C4971B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{7BDB2D11-E0AB-4B36-B3FF-66DF03E4B627}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D955212F-7080-4CA5-A10E-5724AE574899}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"TCP Query User{DB8E7EDB-3E60-4FEA-A5EB-50AD83CE669F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F53A70A6-DFB3-42A5-9865-1E2E30F6AF66}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{548E36CE-AA6C-41AF-92CE-E0877A7C9038}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"UDP Query User{911D9764-28AF-4432-BF60-B36615DBC120}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{9189A2D5-CFB0-4832-8291-468D8BAEF7CA}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"UDP Query User{94FB7540-83EE-4CB2-B507-94B6665B4BAB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AD5E3A7A-69A8-46AD-B9DB-28869FC1C90D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CAF48247-7355-4FD2-9DE1-72568A29DD29}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{D18DFE78-05AD-4E63-9071-2AB2CAC8E57E}C:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D6891F59-864F-482E-93C6-E32D0CC321C0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DCE82AC6-F57E-412C-8BDE-B33FFE9AEE04}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EA98BEC8-7E73-40D5-A156-F921D5D56C5B}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"%ProgramName%" = picture-shark 1.0
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF52D77-1DF7-4391-85B3-AE45CEE8BD86}" = Xara Xtreme Pro 5
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EC3F249-91D1-460B-BD2A-4779F9D5E793}" = FabCAD 2009 Disk2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35DC9F1E-5E88-4E69-A49A-9F4C2B33DDF3}" = Web Easy Professional
"{364AD023-F22D-4380-88D0-F9C6A778E194}" = Driver & Application Installation
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A097992-41D6-F477-4982-9617C0BFB9CA}" = svBuilder
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41DC9B1E-BB88-43F0-B886-99CF70AE6626}" = Greeting Card Factory Deluxe
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{47365D32-E881-4473-9565-6254ED0809E2}" = FaxTalk FaxCenter Pro 7.5
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56D8B4D1-0DCE-4DF6-B3FC-459157C9AC75}_is1" = PDF Maker Pilot Trial 2.2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FBDF1E0-E616-11D3-AFFB-AA0004003D04}" = Linear AccessBase v 1.52
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1D86F3-3FF4-400B-9B2F-27B269C594EE}" = Multiple Image Resizer .NET
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FC59A07-B17F-44A2-A5B0-3D78E78B4E13}" = ScreenShot V1.0.0.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{929648CA-A97F-4EB3-9CD8-563ADDF468DF}" = Zoho Assist
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A1D5854-F960-4198-B8B5-4E42F7CD97DD}" = Tec Basic for Windows Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3A6A319-F194-4065-A255-26C03D33A0F8}" = Email Verifier
"{A3D79488-45B9-4BCE-9CE7-AB24C0F1E645}" = Library Release 16
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB9C8D1-70A6-B2C2-D668-EA1BCFCCFC8D}" = MozyHome
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2520F31-1EC6-4299-95F4-9DF1592D4FAE}" = FabCAD 2012 Disk2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4287F1F-FD5C-4A8B-8BBB-7DBA436F269F}" = DiggThis for Windows Live Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBBFDD7B-71FC-443D-95C2-D014FED556CB}" = LVT
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E1077A0C-0DF2-4A9E-AD83-D6ACDFA40890}" = Twitter Plugin for Windows Live Writer
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E8481C18-EE4A-42FB-9762-D2EDAE58538E}" = FabCAD 2012
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2795DC8-50AE-4611-B7C9-AAE0DF93778D}" = FabCad 2009
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F484477C-6E96-4887-A0C1-00E20F525392}" = Lenovo Standard Keyboard Driver
"{F67382D1-971A-4086-818F-D16D060A71E5}" = MyNesting Client
"{F7E2EBD0-95F9-152E-A50A-59B46EF15E79}" = Library15
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"AI RoboForm" = AI RoboForm (All Users)
"Ask Toolbar_is1" = Foxit Toolbar
"Batch Watermark Creator_is1" = Batch Watermark Creator 7.0.3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"CoffeeCup Web Form Builder" = CoffeeCup Web Form Builder
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"CoffeeCup Website Access Manager" = CoffeeCup Website Access Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Concord Telephony Translation" = Concord Telephony Translation
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CTIAPI32" = CTIAPI32 (remove only)
"CtiLogC" = CtiLogC (remove only)
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Digital Photo Export_is1" = DigitalPhotoExport 0.4.0.7 (Beta)
"Ditto_is1" = Ditto
"DMGenie_is1" = DM Genie Version 2.25.345
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Email Verifier" = Email Verifier
"FabCad 2009" = FabCad 2009
"FabCAD 2012" = FabCAD 2012
"FabCAD 2012 SP1" = FabCAD 2012 SP1
"Foxit Reader_is1" = Foxit Reader
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel® Graphics Media Accelerator Driver
"iEasySite" = iEasySite (remove only)
"Img2CAD_is1" = Img2CAD 7.1
"IncrediMail" = IncrediMail 2.0
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Jarte_is1" = Jarte 4.1
"Java Web Start" = Java Web Start
"Live Writer Picasa Plugin" = Live Writer Picasa Plugin 1.3.0
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multiple Image Resizer .NET" = Multiple Image Resizer .NET
"Notespad" =
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"PlayerGenie_is1" = Player Genie Version 2.24.333
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel® PRO Network Connections 12.1.12.0
"Quick Search Box" = Google Quick Search Box
"svBuilder" = svBuilder
"SystemRequirementsLab" = System Requirements Lab
"The Blue Book" = Vu360
"uberOptions" = uberOptions 4.80.5
"UnityWebPlayer" = Unity Web Player
"VeriFace" = VeriFace
"WebCEO70_is1" = Web CEO 8.0
"Winamp" = Winamp
"WinFax" = Symantec WinFax PRO 10.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zoundry Raven" = Zoundry Raven

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3979474346-4061523993-856938039-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Move Media Player" = Move Media Player
"ShockWave" = ShockWave
"ShockWave 1.1" = ShockWave 1.1
"ShockWave Map Pack" = ShockWave Map Pack
"ShockWave V0.95" = ShockWave V0.95

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2012 12:48:07 PM | Computer Name = Bobby-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 4/24/2012 12:49:37 PM | Computer Name = Bobby-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 4/24/2012 5:38:32 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x05a82978, process id
0x12b0, application start time 0x01cd223e1b12ebe0.

Error - 4/24/2012 5:38:35 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x057e8e73, process id
0x12b0, application start time 0x01cd223e1b12ebe0.

Error - 4/25/2012 2:10:21 PM | Computer Name = Bobby-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/25 14:10:21.887]: [00003856]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 4/25/2012 2:14:00 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x05812978, process id
0x56c, application start time 0x01cd230f29ded770.

Error - 4/25/2012 2:14:02 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x05578e73, process id
0x56c, application start time 0x01cd230f29ded770.

Error - 4/25/2012 5:48:02 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x05a72978, process id
0x1650, application start time 0x01cd232cf72293d0.

Error - 4/25/2012 5:48:03 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x057d8e73, process id
0x1650, application start time 0x01cd232cf72293d0.

Error - 4/26/2012 11:20:07 AM | Computer Name = Bobby-PC | Source = Application Hang | ID = 1002
Description = The program FabCAD.exe version 24.2.107.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 958 Start Time: 01cd223a7c6093b0 Termination Time: 287

Error - 4/26/2012 11:26:44 AM | Computer Name = Bobby-PC | Source = Application Hang | ID = 1002
Description = The program FabCAD.exe version 24.2.107.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d48 Start Time: 01cd23c0136dbbd0 Termination Time: 21

[ Media Center Events ]
Error - 11/8/2009 11:03:41 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/8/2009 11:03:55 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/27/2010 7:51:32 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/15/2009 6:37:34 PM | Computer Name = Bobby-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/9/2012 7:51:04 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/9/2012 7:51:21 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/9/2012 7:57:46 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/9/2012 9:08:35 PM | Computer Name = Bobby-PC | Source = Print | ID = 23
Description = Printer PDF4U Adobe PDF Creator failed to initialize because a suitable
PDF4U Adobe PDF Creator driver could not be found. The new printer settings that
you specified have not taken effect. Install or reinstall the printer driver. You
might need to contact the vendor for an updated driver.

Error - 7/9/2012 9:08:36 PM | Computer Name = Bobby-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-7360N Printer
with shared resource name Brother MFC-7360N Printer. Error 2114. The printer cannot
be used by others on the network.

Error - 7/9/2012 9:08:36 PM | Computer Name = Bobby-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-4350 with shared
resource name Brother MFC-4350. Error 2114. The printer cannot be used by others
on the network.

Error - 7/9/2012 9:09:33 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2012 6:53:13 AM | Computer Name = Bobby-PC | Source = DCOM | ID = 10010
Description =

Error - 7/10/2012 6:56:09 AM | Computer Name = Bobby-PC | Source = Print | ID = 23
Description = Printer PDF4U Adobe PDF Creator failed to initialize because a suitable
PDF4U Adobe PDF Creator driver could not be found. The new printer settings that
you specified have not taken effect. Install or reinstall the printer driver. You
might need to contact the vendor for an updated driver.

Error - 7/10/2012 6:57:02 AM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
XBV6RD5SZF is malware but I don't see it in your logs.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran the MalwareByte prior to downloading OTL. I removed all items found and then deleted MalwareBytes.

Is there a chance I could disable any of my software programs. I use this computer for my business and it is critical that I do not disable any of the programs I use.

Thank You For your quick response.

Bobby
  • 0

#4
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ron,

Sorry...I forgot to ask do you want all of the logs in one reply or done separately.

Bobby
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
It is usually critical to pause/disable the a-v while downloading or running combofix. There are a lot of them that will eat combofix or one of its components and just having the a-v running will cause combofix to take a lot longer as every time it looks at a file the a-v wants to look at it too.
Your regular programs should not be bothered by the scans. If we do remove one by mistake we can put it back.

You can post each log as you get it or wait until you have them all.
  • 0

#6
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I was running the first one ASWMBR and it disappeared after starting ComboFix

ComboFix 12-07-10.01 - Bobby 07/10/2012 16:57:27.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1643 [GMT -4:00]
Running from: c:\users\Bobby\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bobby\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Bobby\g2mdlhlpx.exe
c:\windows\_detmp.2
c:\windows\iun6002.exe
c:\windows\s.bat
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
c:\windows\UA000091.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 21:08 . 2012-07-10 21:09 -------- d-----w- c:\users\Bobby\AppData\Local\temp
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 21:08 . 2012-07-10 21:08 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp
2012-07-10 11:08 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1F0391C-372D-47B4-BB98-EA048904F7C5}\mpengine.dll
2012-07-10 00:45 . 2012-07-10 00:45 -------- d-----w- c:\users\Bobby\AppData\Roaming\Malwarebytes
2012-07-10 00:45 . 2012-07-10 00:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 10:47 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 10:52 . 2012-02-10 13:48 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5E9CA62-32C0-4323-AE75-7DCD89645B82}\gapaengine.dll
2012-06-30 10:38 . 2012-06-30 10:38 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-28 12:56 . 2012-06-28 12:56 -------- d-----w- c:\users\Bobby\AppData\Local\dotPDN LLC
2012-06-23 05:19 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 05:19 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 05:19 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 05:19 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 05:19 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 05:19 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 05:19 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 05:18 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 05:18 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 19:49 . 2012-06-19 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 19:49 . 2012-06-19 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-16 18:26 . 2012-06-16 18:25 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-13 22:41 . 2012-06-13 22:41 -------- d-----w- c:\users\Bobby\AppData\Local\Macromedia
2012-06-13 10:07 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:07 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:07 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 10:07 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:07 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 23:55 . 2012-04-04 16:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 23:55 . 2011-06-16 11:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 18:25 . 2011-03-03 16:21 472840 ----a-w- c:\windows\system32\deployJava1.dll
2001-12-03 22:09 . 2010-02-26 16:43 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
2012-06-19 19:49 . 2012-02-10 13:57 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 20:16 4751760 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 20:16 4751760 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-04-20 11:46 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-09 2937528]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-19 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"SkDaemond"="c:\program files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe" [2006-08-14 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-29 126976]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"FaxTalk FaxCenter Pro 7.5"="c:\program files\FaxTalk\FTClCtrl.exe" [2009-08-18 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Zoho Assist.lnk - c:\users\Bobby\Documents\ZohoMeeting\ZohoTray.exe [2012-6-13 154760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-17 813584]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 4527504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Bobby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClipMagic.lnk]
path=c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk
backup=c:\windows\pss\ClipMagic.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Bobby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ditto]
2009-08-16 17:56 716800 ----a-w- c:\program files\Ditto\Ditto.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2010-09-02 12:23 1638400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-01-29 13:13 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-14 20:00 133104 ----atw- c:\users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Healthcare]
2008-02-23 22:20 466944 ----a-w- c:\program files\Lenovo\Healthcare\HealthCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-08-04 20:48 366024 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-09 05:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 16:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-09 05:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 00:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 01:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2004-09-01 23:34 139264 ----a-w- c:\program files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26103592 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-24 21:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:13]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:13]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004Core.job
- c:\users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-14 20:00]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004UA.job
- c:\users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-14 20:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seoic.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: facebook.com\www
Trusted Zone: ideamarketers.com\www
Trusted Zone: isqft.com\www
Trusted Zone: seoic.com\www
Trusted Zone: isqft.com\www
FF - ProfilePath - c:\users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\
FF - prefs.js: browser.startup.homepage - hxxp://seoic.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=FabCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{32827FE4-884D-49A3-9063-88E223E6DD2B} - (no file)
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
ShellExecuteHooks-{A213B520-C6C2-11d0-AF9D-008029E1027E} - (no file)
MSConfigStartUp-EssentialFax - c:\program files\EssentialFax\essfax.exe
MSConfigStartUp-WinFaxAppPortStarter - wfxsnt40.exe
MSConfigStartUp-XBV6RD5SZF - c:\users\Bobby\AppData\Local\Temp\Mtr.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-The Blue Book - c:\program files\The Blue Book\Vu360\uninstall.exe
AddRemove-WinFax - c:\program files\Symantec\WinFax\WFXUNIST.ISU
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 17:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3979474346-4061523993-856938039-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D9B2A3D-6D4A-F065-66B8-864E7F8159E7}*]
@Allowed: (Read) (RestrictedCode)
"iaobnfemchjhhjooap"=hex:69,61,70,65,6b,6b,6c,6c,6e,67,64,6c,66,6f,6c,63,65,6f,
00,00
"hamcpkinppekjike"=hex:69,61,6b,66,67,6c,64,6f,69,6c,63,6b,65,6e,6f,68,6e,6b,
00,00
"faobmfjpeegh"=hex:67,61,6a,65,6f,6a,65,6b,67,67,64,65,68,68,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-10 17:12:14
ComboFix-quarantined-files.txt 2012-07-10 21:11
.
Pre-Run: 295,785,455,616 bytes free
Post-Run: 302,425,890,816 bytes free
.
- - End Of File - - BFCF40AC167B631E3E02A96DA471A798
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
You have to run one at a time. Can't multitask here. Please run aswMBR again.
  • 0

#8
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey Ron,

I should known that....

"On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log"

Before I make another blunder..Do I scan, press fix, and then do a full scan again until finished and then click Save Log.

Also, Is it supposed to take a really long time for the Avast scan?


Bobby
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
The Avast scan should take a while. The fix button is only enabled in certain rather rare circumstances so you probably won't need to press it. If you need to press Fix you don't need to do another scan tho you can (you can tell it not to do the Avast scan and it won't take long at all to see if the Fix button is enabled.)
  • 0

#10
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 17:17:08
-----------------------------
17:17:08.307 OS Version: Windows 6.0.6002 Service Pack 2
17:17:08.308 Number of processors: 4 586 0xF0B
17:17:08.309 ComputerName: BOBBY-PC UserName: Bobby
17:17:09.977 Initialize success
17:19:59.226 AVAST engine defs: 12071001
17:31:44.030 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:31:44.033 Disk 0 Vendor: Hitachi_HDT725050VLA360 V56OA7DA Size: 476940MB BusType: 3
17:31:44.100 Disk 0 MBR read successfully
17:31:44.103 Disk 0 MBR scan
17:31:44.110 Disk 0 Windows VISTA default MBR code
17:31:44.137 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 458447 MB offset 2048
17:31:44.193 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 18488 MB offset 938902860
17:31:44.226 Disk 0 scanning sectors +976768065
17:31:44.396 Disk 0 scanning C:\Windows\system32\drivers
17:32:18.801 Service scanning
17:32:47.086 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:32:56.000 Modules scanning
17:33:51.544 AVAST engine scan C:\Windows
17:34:47.078 AVAST engine scan C:\Windows\system32
17:46:01.058 AVAST engine scan C:\Windows\system32\drivers
17:46:52.082 AVAST engine scan C:\Users\Bobby
19:15:28.879 File: C:\Users\Bobby\Desktop\Downloaded Programs\Xara3D v6+Serial+Patch-HeartBug\Serial+Patch\xara3d.6.00-patch.exe **INFECTED** Win32:Malware-gen
20:01:07.740 AVAST engine scan C:\ProgramData
20:12:28.141 Scan finished successfully
20:13:05.763 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat"
20:13:05.769 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt"
  • 0

Advertisements


#11
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
20:15:17.0046 3496 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:15:17.0486 3496 ============================================================
20:15:17.0486 3496 Current date / time: 2012/07/10 20:15:17.0486
20:15:17.0486 3496 SystemInfo:
20:15:17.0486 3496
20:15:17.0486 3496 OS Version: 6.0.6002 ServicePack: 2.0
20:15:17.0486 3496 Product type: Workstation
20:15:17.0486 3496 ComputerName: BOBBY-PC
20:15:17.0486 3496 UserName: Bobby
20:15:17.0486 3496 Windows directory: C:\Windows
20:15:17.0486 3496 System windows directory: C:\Windows
20:15:17.0487 3496 Processor architecture: Intel x86
20:15:17.0487 3496 Number of processors: 4
20:15:17.0487 3496 Page size: 0x1000
20:15:17.0487 3496 Boot type: Normal boot
20:15:17.0487 3496 ============================================================
20:15:18.0520 3496 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:15:18.0521 3496 ============================================================
20:15:18.0521 3496 \Device\Harddisk0\DR0:
20:15:18.0522 3496 MBR partitions:
20:15:18.0522 3496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37F67D4C
20:15:18.0522 3496 ============================================================
20:15:18.0569 3496 C: <-> \Device\Harddisk0\DR0\Partition0
20:15:18.0570 3496 ============================================================
20:15:18.0570 3496 Initialize success
20:15:18.0570 3496 ============================================================
20:16:14.0023 5736 ============================================================
20:16:14.0023 5736 Scan started
20:16:14.0023 5736 Mode: Manual; SigCheck; TDLFS;
20:16:14.0023 5736 ============================================================
20:16:15.0213 5736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:16:15.0328 5736 ACPI - ok
20:16:15.0425 5736 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:15.0440 5736 AdobeFlashPlayerUpdateSvc - ok
20:16:15.0473 5736 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:16:15.0523 5736 adp94xx - ok
20:16:15.0607 5736 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:16:15.0621 5736 adpahci - ok
20:16:15.0666 5736 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:16:15.0676 5736 adpu160m - ok
20:16:15.0762 5736 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:16:15.0774 5736 adpu320 - ok
20:16:15.0801 5736 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:16:15.0975 5736 AeLookupSvc - ok
20:16:16.0048 5736 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:16:16.0108 5736 AFD - ok
20:16:16.0190 5736 Agent (9c320fc18c2a424c1386a2a3e8964754) C:\Windows\agent.exe
20:16:16.0229 5736 Agent ( UnsignedFile.Multi.Generic ) - warning
20:16:16.0229 5736 Agent - detected UnsignedFile.Multi.Generic (1)
20:16:16.0271 5736 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:16:16.0282 5736 agp440 - ok
20:16:16.0305 5736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:16:16.0316 5736 aic78xx - ok
20:16:16.0363 5736 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:16:16.0430 5736 ALG - ok
20:16:16.0462 5736 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:16:16.0471 5736 aliide - ok
20:16:16.0486 5736 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:16:16.0496 5736 amdagp - ok
20:16:16.0508 5736 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:16:16.0517 5736 amdide - ok
20:16:16.0555 5736 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:16:16.0719 5736 AmdK7 - ok
20:16:16.0747 5736 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:16:16.0810 5736 AmdK8 - ok
20:16:16.0888 5736 AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
20:16:16.0969 5736 AppHostSvc - ok
20:16:17.0031 5736 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:16:17.0104 5736 Appinfo - ok
20:16:17.0129 5736 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:16:17.0140 5736 arc - ok
20:16:17.0150 5736 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:16:17.0161 5736 arcsas - ok
20:16:17.0371 5736 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:16:17.0381 5736 aspnet_state - ok
20:16:17.0412 5736 astcc (c2df2e3c676414d6f8c8f35f0ea46c60) C:\Windows\SYSTEM32\astsrv.exe
20:16:17.0442 5736 astcc ( UnsignedFile.Multi.Generic ) - warning
20:16:17.0442 5736 astcc - detected UnsignedFile.Multi.Generic (1)
20:16:17.0502 5736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:17.0552 5736 AsyncMac - ok
20:16:17.0593 5736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:16:17.0603 5736 atapi - ok
20:16:17.0652 5736 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:16:17.0695 5736 AudioEndpointBuilder - ok
20:16:17.0699 5736 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:16:17.0736 5736 Audiosrv - ok
20:16:17.0775 5736 Automatic LiveUpdate Scheduler - ok
20:16:17.0805 5736 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:16:17.0886 5736 bcm4sbxp - ok
20:16:17.0958 5736 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:16:17.0969 5736 BcmSqlStartupSvc - ok
20:16:18.0028 5736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:16:18.0074 5736 Beep - ok
20:16:18.0150 5736 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:16:18.0197 5736 BFE - ok
20:16:18.0267 5736 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:16:18.0330 5736 BITS - ok
20:16:18.0333 5736 blbdrive - ok
20:16:18.0443 5736 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
20:16:18.0466 5736 Bonjour Service - ok
20:16:18.0624 5736 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:16:18.0680 5736 bowser - ok
20:16:18.0708 5736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:16:18.0789 5736 BrFiltLo - ok
20:16:18.0811 5736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:16:18.0845 5736 BrFiltUp - ok
20:16:18.0878 5736 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:16:18.0924 5736 Browser - ok
20:16:19.0005 5736 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\Windows\system32\DRIVERS\BrSerIb.sys
20:16:19.0061 5736 BrSerIb - ok
20:16:19.0081 5736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:16:19.0154 5736 Brserid - ok
20:16:19.0181 5736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:16:19.0218 5736 BrSerWdm - ok
20:16:19.0237 5736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:16:19.0274 5736 BrUsbMdm - ok
20:16:19.0285 5736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:16:19.0342 5736 BrUsbSer - ok
20:16:19.0380 5736 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:16:19.0403 5736 BrUsbSIb - ok
20:16:19.0513 5736 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
20:16:19.0555 5736 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
20:16:19.0555 5736 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
20:16:19.0596 5736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:16:19.0659 5736 BTHMODEM - ok
20:16:19.0735 5736 catchme - ok
20:16:19.0784 5736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:16:19.0828 5736 cdfs - ok
20:16:19.0869 5736 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:16:19.0904 5736 cdrom - ok
20:16:19.0954 5736 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:16:19.0991 5736 CertPropSvc - ok
20:16:20.0024 5736 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:16:20.0087 5736 circlass - ok
20:16:20.0133 5736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:16:20.0148 5736 CLFS - ok
20:16:20.0220 5736 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:20.0232 5736 clr_optimization_v2.0.50727_32 - ok
20:16:20.0354 5736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:20.0365 5736 clr_optimization_v4.0.30319_32 - ok
20:16:20.0382 5736 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:16:20.0391 5736 cmdide - ok
20:16:20.0398 5736 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
20:16:20.0407 5736 Compbatt - ok
20:16:20.0411 5736 COMSysApp - ok
20:16:20.0420 5736 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:16:20.0430 5736 crcdisk - ok
20:16:20.0441 5736 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:16:20.0496 5736 Crusoe - ok
20:16:20.0574 5736 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:16:20.0644 5736 CryptSvc - ok
20:16:20.0696 5736 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:16:20.0724 5736 DcomLaunch - ok
20:16:20.0778 5736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:16:20.0829 5736 DfsC - ok
20:16:20.0937 5736 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:16:21.0061 5736 DFSR - ok
20:16:21.0174 5736 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:16:21.0222 5736 Dhcp - ok
20:16:21.0312 5736 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:16:21.0323 5736 disk - ok
20:16:21.0384 5736 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:16:21.0433 5736 Dnscache - ok
20:16:21.0465 5736 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:16:21.0508 5736 dot3svc - ok
20:16:21.0588 5736 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:16:21.0636 5736 DPS - ok
20:16:21.0683 5736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:16:21.0718 5736 drmkaud - ok
20:16:21.0792 5736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:16:21.0853 5736 DXGKrnl - ok
20:16:21.0920 5736 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\Windows\system32\DRIVERS\e100b325.sys
20:16:21.0936 5736 E100B - ok
20:16:21.0984 5736 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:16:22.0071 5736 E1G60 - ok
20:16:22.0105 5736 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:16:22.0145 5736 EapHost - ok
20:16:22.0207 5736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:16:22.0220 5736 Ecache - ok
20:16:22.0302 5736 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:16:22.0321 5736 ehRecvr - ok
20:16:22.0344 5736 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:16:22.0370 5736 ehSched - ok
20:16:22.0374 5736 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:16:22.0404 5736 ehstart - ok
20:16:22.0449 5736 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:16:22.0464 5736 elxstor - ok
20:16:22.0514 5736 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:16:22.0661 5736 EMDMgmt - ok
20:16:22.0717 5736 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:16:22.0759 5736 EventSystem - ok
20:16:22.0821 5736 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:16:22.0868 5736 exfat - ok
20:16:22.0888 5736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:16:22.0931 5736 fastfat - ok
20:16:23.0036 5736 FaxTalk FaxCenter Pro 7.5 (127667b22971191457fbe6030b7e8c0e) C:\Program Files\FaxTalk\FTmsgsvc.exe
20:16:23.0061 5736 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - warning
20:16:23.0061 5736 FaxTalk FaxCenter Pro 7.5 - detected UnsignedFile.Multi.Generic (1)
20:16:23.0098 5736 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:16:23.0154 5736 fdc - ok
20:16:23.0187 5736 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:16:23.0232 5736 fdPHost - ok
20:16:23.0262 5736 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:16:23.0320 5736 FDResPub - ok
20:16:23.0388 5736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:16:23.0398 5736 FileInfo - ok
20:16:23.0443 5736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:16:23.0482 5736 Filetrace - ok
20:16:23.0573 5736 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:16:23.0596 5736 FLEXnet Licensing Service - ok
20:16:23.0640 5736 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:16:23.0695 5736 flpydisk - ok
20:16:23.0741 5736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:16:23.0755 5736 FltMgr - ok
20:16:23.0845 5736 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:16:23.0911 5736 FontCache - ok
20:16:23.0960 5736 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:16:23.0970 5736 FontCache3.0.0.0 - ok
20:16:24.0021 5736 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:16:24.0075 5736 Fs_Rec - ok
20:16:24.0093 5736 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:16:24.0103 5736 gagp30kx - ok
20:16:24.0165 5736 GEARAspiWDM (f877c945233039914dbe63b76f9a1065) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:16:24.0175 5736 GEARAspiWDM - ok
20:16:24.0255 5736 getPlusHelper (947da3ad94a7593bfa439939ac5e823b) C:\Program Files\NOS\bin\getPlus_Helper.dll
20:16:24.0265 5736 getPlusHelper - ok
20:16:24.0315 5736 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:16:24.0370 5736 gpsvc - ok
20:16:24.0457 5736 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:16:24.0469 5736 gupdate - ok
20:16:24.0489 5736 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:16:24.0499 5736 gupdatem - ok
20:16:24.0581 5736 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:16:24.0596 5736 gusvc - ok
20:16:24.0647 5736 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:16:24.0657 5736 hamachi - ok
20:16:24.0805 5736 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:16:24.0846 5736 Hamachi2Svc - ok
20:16:24.0971 5736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:16:25.0030 5736 HdAudAddService - ok
20:16:25.0088 5736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:16:25.0147 5736 HDAudBus - ok
20:16:25.0172 5736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:16:25.0209 5736 HidBth - ok
20:16:25.0221 5736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:16:25.0257 5736 HidIr - ok
20:16:25.0314 5736 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:16:25.0380 5736 hidserv - ok
20:16:25.0424 5736 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:16:25.0467 5736 HidUsb - ok
20:16:25.0500 5736 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:16:25.0560 5736 hkmsvc - ok
20:16:25.0593 5736 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:16:25.0602 5736 HpCISSs - ok
20:16:25.0672 5736 HSF_DPV (350e180fa401e521983b00cb4e75d634) C:\Windows\system32\DRIVERS\HSX_DP.sys
20:16:25.0722 5736 HSF_DPV - ok
20:16:25.0744 5736 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:16:25.0758 5736 HSXHWBS2 - ok
20:16:25.0830 5736 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:16:25.0896 5736 HTTP - ok
20:16:25.0910 5736 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:16:25.0920 5736 i2omp - ok
20:16:25.0982 5736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:16:26.0021 5736 i8042prt - ok
20:16:26.0072 5736 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:16:26.0085 5736 iaStorV - ok
20:16:26.0166 5736 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:16:26.0172 5736 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:16:26.0172 5736 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:16:26.0243 5736 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:16:26.0274 5736 idsvc - ok
20:16:26.0611 5736 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:16:26.0800 5736 igfx - ok
20:16:26.0918 5736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:16:26.0928 5736 iirsp - ok
20:16:26.0968 5736 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:16:27.0025 5736 IKEEXT - ok
20:16:27.0148 5736 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
20:16:27.0204 5736 IntcAzAudAddService - ok
20:16:27.0385 5736 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:16:27.0395 5736 intelide - ok
20:16:27.0417 5736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:16:27.0464 5736 intelppm - ok
20:16:27.0501 5736 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:16:27.0525 5736 IPBusEnum - ok
20:16:27.0567 5736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:27.0613 5736 IpFilterDriver - ok
20:16:27.0665 5736 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:16:27.0725 5736 iphlpsvc - ok
20:16:27.0728 5736 IpInIp - ok
20:16:27.0750 5736 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:16:27.0809 5736 IPMIDRV - ok
20:16:27.0842 5736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:16:27.0888 5736 IPNAT - ok
20:16:27.0922 5736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:16:27.0965 5736 IRENUM - ok
20:16:27.0991 5736 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:16:28.0001 5736 isapnp - ok
20:16:28.0055 5736 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:16:28.0069 5736 iScsiPrt - ok
20:16:28.0082 5736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:16:28.0092 5736 iteatapi - ok
20:16:28.0121 5736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:16:28.0130 5736 iteraid - ok
20:16:28.0182 5736 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:16:28.0193 5736 IviRegMgr - ok
20:16:28.0240 5736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:16:28.0249 5736 kbdclass - ok
20:16:28.0275 5736 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
20:16:28.0336 5736 kbdhid - ok
20:16:28.0381 5736 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:16:28.0399 5736 KeyIso - ok
20:16:28.0535 5736 Kodak AiO Network Discovery Service (1a8d8cb042e2724385227f1a19a8decc) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
20:16:28.0550 5736 Kodak AiO Network Discovery Service - ok
20:16:28.0606 5736 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:16:28.0627 5736 KSecDD - ok
20:16:28.0695 5736 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:16:28.0751 5736 KtmRm - ok
20:16:28.0789 5736 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys
20:16:28.0799 5736 L8042Kbd - ok
20:16:28.0859 5736 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:16:28.0917 5736 LanmanServer - ok
20:16:28.0972 5736 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:16:29.0033 5736 LanmanWorkstation - ok
20:16:29.0062 5736 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\Windows\system32\Drivers\LBeepKE.sys
20:16:29.0087 5736 LBeepKE ( UnsignedFile.Multi.Generic ) - warning
20:16:29.0087 5736 LBeepKE - detected UnsignedFile.Multi.Generic (1)
20:16:29.0170 5736 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
20:16:29.0181 5736 LBTServ - ok
20:16:29.0255 5736 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:16:29.0264 5736 LHidFilt - ok
20:16:29.0284 5736 LHidKe (dd40c03d85649205ec086722474c8a63) C:\Windows\system32\DRIVERS\LHidKE.Sys
20:16:29.0307 5736 LHidKe ( UnsignedFile.Multi.Generic ) - warning
20:16:29.0307 5736 LHidKe - detected UnsignedFile.Multi.Generic (1)
20:16:29.0310 5736 LiveUpdate - ok
20:16:29.0349 5736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:16:29.0394 5736 lltdio - ok
20:16:29.0437 5736 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:16:29.0491 5736 lltdsvc - ok
20:16:29.0524 5736 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:16:29.0580 5736 lmhosts - ok
20:16:29.0626 5736 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:16:29.0635 5736 LMouFilt - ok
20:16:29.0655 5736 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\Windows\system32\DRIVERS\LMouKE.Sys
20:16:29.0686 5736 LMouKE ( UnsignedFile.Multi.Generic ) - warning
20:16:29.0686 5736 LMouKE - detected UnsignedFile.Multi.Generic (1)
20:16:29.0726 5736 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:16:29.0737 5736 LSI_FC - ok
20:16:29.0744 5736 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:16:29.0755 5736 LSI_SAS - ok
20:16:29.0767 5736 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:16:29.0777 5736 LSI_SCSI - ok
20:16:29.0824 5736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:16:29.0866 5736 luafv - ok
20:16:30.0015 5736 M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\Bobby\Downloads\M4-Service.exe
20:16:30.0050 5736 M4-Service - ok
20:16:30.0157 5736 mcdbus - ok
20:16:30.0205 5736 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:16:30.0216 5736 Mcx2Svc - ok
20:16:30.0248 5736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:16:30.0278 5736 mdmxsdk - ok
20:16:30.0324 5736 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:16:30.0334 5736 megasas - ok
20:16:30.0340 5736 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:16:30.0381 5736 MMCSS - ok
20:16:30.0416 5736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:16:30.0438 5736 Modem - ok
20:16:30.0489 5736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:16:30.0534 5736 monitor - ok
20:16:30.0540 5736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:16:30.0551 5736 mouclass - ok
20:16:30.0578 5736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:16:30.0599 5736 mouhid - ok
20:16:30.0641 5736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:16:30.0652 5736 MountMgr - ok
20:16:30.0714 5736 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:16:30.0728 5736 MozillaMaintenance - ok
20:16:30.0830 5736 mozybackup (55b717af54ac492fbd275835e5b485ad) C:\Program Files\MozyHome\mozybackup.exe
20:16:30.0839 5736 mozybackup - ok
20:16:30.0897 5736 mozyFilter (8e5f185f04d4ff203afbb0fd2b609e88) C:\Windows\system32\DRIVERS\mozy.sys
20:16:30.0907 5736 mozyFilter - ok
20:16:30.0946 5736 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
20:16:30.0961 5736 MpFilter - ok
20:16:30.0992 5736 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:16:31.0002 5736 mpio - ok
20:16:31.0046 5736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:16:31.0103 5736 mpsdrv - ok
20:16:31.0155 5736 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:16:31.0221 5736 MpsSvc - ok
20:16:31.0246 5736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:16:31.0267 5736 Mraid35x - ok
20:16:31.0299 5736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:16:31.0313 5736 MRxDAV - ok
20:16:31.0368 5736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:31.0426 5736 mrxsmb - ok
20:16:31.0484 5736 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:31.0517 5736 mrxsmb10 - ok
20:16:31.0559 5736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:31.0595 5736 mrxsmb20 - ok
20:16:31.0632 5736 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:16:31.0641 5736 msahci - ok
20:16:31.0652 5736 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:16:31.0662 5736 msdsm - ok
20:16:31.0711 5736 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:16:31.0753 5736 MSDTC - ok
20:16:31.0820 5736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:16:31.0859 5736 Msfs - ok
20:16:31.0902 5736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:16:31.0913 5736 msisadrv - ok
20:16:31.0953 5736 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:16:31.0976 5736 MSiSCSI - ok
20:16:31.0979 5736 msiserver - ok
20:16:32.0028 5736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:16:32.0073 5736 MSKSSRV - ok
20:16:32.0142 5736 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:16:32.0154 5736 MsMpSvc - ok
20:16:32.0170 5736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:32.0214 5736 MSPCLOCK - ok
20:16:32.0236 5736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:16:32.0267 5736 MSPQM - ok
20:16:32.0300 5736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:16:32.0313 5736 MsRPC - ok
20:16:32.0366 5736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:16:32.0376 5736 mssmbios - ok
20:16:32.0452 5736 MSSQL$MSSMLBIZ - ok
20:16:32.0618 5736 MSSQL$SQLEXPRESS - ok
20:16:32.0685 5736 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:16:32.0695 5736 MSSQLServerADHelper - ok
20:16:32.0767 5736 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:16:32.0778 5736 MSSQLServerADHelper100 - ok
20:16:32.0827 5736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:16:32.0868 5736 MSTEE - ok
20:16:32.0894 5736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:16:32.0906 5736 Mup - ok
20:16:32.0939 5736 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:16:32.0961 5736 napagent - ok
20:16:32.0999 5736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:16:33.0045 5736 NativeWifiP - ok
20:16:33.0093 5736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:16:33.0115 5736 NDIS - ok
20:16:33.0157 5736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:33.0197 5736 NdisTapi - ok
20:16:33.0231 5736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:33.0271 5736 Ndisuio - ok
20:16:33.0311 5736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:33.0352 5736 NdisWan - ok
20:16:33.0386 5736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:16:33.0403 5736 NDProxy - ok
20:16:33.0417 5736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:16:33.0456 5736 NetBIOS - ok
20:16:33.0504 5736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:16:33.0559 5736 netbt - ok
20:16:33.0605 5736 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:16:33.0616 5736 Netlogon - ok
20:16:33.0670 5736 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:16:33.0717 5736 Netman - ok
20:16:33.0874 5736 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:16:33.0886 5736 NetMsmqActivator - ok
20:16:33.0903 5736 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:16:33.0915 5736 NetPipeActivator - ok
20:16:33.0968 5736 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:16:34.0015 5736 netprofm - ok
20:16:34.0038 5736 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:16:34.0050 5736 NetTcpActivator - ok
20:16:34.0054 5736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:16:34.0066 5736 NetTcpPortSharing - ok
20:16:34.0086 5736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:16:34.0097 5736 nfrd960 - ok
20:16:34.0155 5736 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:16:34.0166 5736 NisDrv - ok
20:16:34.0226 5736 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:16:34.0242 5736 NisSrv - ok
20:16:34.0293 5736 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:16:34.0343 5736 NlaSvc - ok
20:16:34.0457 5736 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
20:16:34.0467 5736 nosGetPlusHelper - ok
20:16:34.0496 5736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:16:34.0512 5736 Npfs - ok
20:16:34.0559 5736 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:16:34.0606 5736 nsi - ok
20:16:34.0637 5736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:16:34.0675 5736 nsiproxy - ok
20:16:34.0749 5736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:16:34.0781 5736 Ntfs - ok
20:16:34.0828 5736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:16:34.0882 5736 ntrigdigi - ok
20:16:34.0916 5736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:16:34.0961 5736 Null - ok
20:16:34.0986 5736 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:16:35.0009 5736 nvraid - ok
20:16:35.0024 5736 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:16:35.0035 5736 nvstor - ok
20:16:35.0046 5736 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:16:35.0057 5736 nv_agp - ok
20:16:35.0060 5736 NwlnkFlt - ok
20:16:35.0066 5736 NwlnkFwd - ok
20:16:35.0187 5736 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:16:35.0215 5736 odserv - ok
20:16:35.0276 5736 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:16:35.0312 5736 ohci1394 - ok
20:16:35.0350 5736 OKAV Agent Service (b366bfee54de3e7842a06bc6779c1175) C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
20:16:35.0360 5736 OKAV Agent Service - ok
20:16:35.0390 5736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:16:35.0402 5736 ose - ok
20:16:35.0463 5736 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:16:35.0556 5736 p2pimsvc - ok
20:16:35.0564 5736 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:16:35.0586 5736 p2psvc - ok
20:16:35.0677 5736 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
20:16:35.0722 5736 Parport - ok
20:16:35.0770 5736 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:16:35.0782 5736 partmgr - ok
20:16:35.0795 5736 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
20:16:35.0816 5736 Parvdm - ok
20:16:35.0858 5736 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:16:35.0925 5736 PcaSvc - ok
20:16:35.0977 5736 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:16:35.0991 5736 pci - ok
20:16:36.0020 5736 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:16:36.0031 5736 pciide - ok
20:16:36.0047 5736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:16:36.0059 5736 pcmcia - ok
20:16:36.0252 5736 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
20:16:36.0264 5736 PDFProFiltSrvPP - ok
20:16:36.0415 5736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:16:36.0504 5736 PEAUTH - ok
20:16:36.0613 5736 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:16:36.0663 5736 pla - ok
20:16:36.0760 5736 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:16:36.0781 5736 PlugPlay - ok
20:16:36.0838 5736 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:16:36.0859 5736 PNRPAutoReg - ok
20:16:36.0867 5736 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:16:36.0909 5736 PNRPsvc - ok
20:16:36.0961 5736 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:16:37.0052 5736 PolicyAgent - ok
20:16:37.0163 5736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:16:37.0208 5736 PptpMiniport - ok
20:16:37.0240 5736 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:16:37.0298 5736 Processor - ok
20:16:37.0340 5736 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:16:37.0361 5736 ProfSvc - ok
20:16:37.0413 5736 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:16:37.0424 5736 ProtectedStorage - ok
20:16:37.0454 5736 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:16:37.0495 5736 PSched - ok
20:16:37.0596 5736 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:16:37.0627 5736 ql2300 - ok
20:16:37.0665 5736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:16:37.0676 5736 ql40xx - ok
20:16:37.0727 5736 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:16:37.0774 5736 QWAVE - ok
20:16:37.0810 5736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:16:37.0841 5736 QWAVEdrv - ok
20:16:37.0944 5736 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:16:38.0063 5736 R300 - ok
20:16:38.0218 5736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:16:38.0256 5736 RasAcd - ok
20:16:38.0288 5736 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:16:38.0332 5736 RasAuto - ok
20:16:38.0372 5736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:38.0393 5736 Rasl2tp - ok
20:16:38.0435 5736 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:16:38.0476 5736 RasMan - ok
20:16:38.0516 5736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:38.0578 5736 RasPppoe - ok
20:16:38.0608 5736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:16:38.0637 5736 RasSstp - ok
20:16:38.0686 5736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:16:38.0726 5736 rdbss - ok
20:16:38.0758 5736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:38.0799 5736 RDPCDD - ok
20:16:38.0840 5736 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:16:38.0902 5736 rdpdr - ok
20:16:38.0907 5736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:16:38.0937 5736 RDPENCDD - ok
20:16:38.0986 5736 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:16:39.0041 5736 RDPWD - ok
20:16:39.0066 5736 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:16:39.0074 5736 regi - ok
20:16:39.0129 5736 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:16:39.0175 5736 RemoteAccess - ok
20:16:39.0210 5736 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:16:39.0230 5736 RemoteRegistry - ok
20:16:39.0296 5736 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:16:39.0310 5736 RichVideo - ok
20:16:39.0328 5736 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:16:39.0346 5736 RpcLocator - ok
20:16:39.0393 5736 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
20:16:39.0418 5736 RpcSs - ok
20:16:39.0479 5736 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
20:16:39.0494 5736 RsFx0150 - ok
20:16:39.0522 5736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:16:39.0572 5736 rspndr - ok
20:16:39.0623 5736 RTSTOR (52532a4ca8b251775decc87c4813abfb) C:\Windows\system32\drivers\RTSTOR.SYS
20:16:39.0677 5736 RTSTOR - ok
20:16:39.0786 5736 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:16:39.0797 5736 SamSs - ok
20:16:40.0122 5736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:16:40.0161 5736 sbp2port - ok
20:16:40.0197 5736 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:16:40.0242 5736 SCardSvr - ok
20:16:40.0379 5736 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:16:40.0447 5736 Schedule - ok
20:16:40.0459 5736 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:16:40.0476 5736 SCPolicySvc - ok
20:16:40.0524 5736 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:16:40.0585 5736 SDRSVC - ok
20:16:40.0871 5736 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:16:40.0912 5736 SeaPort - ok
20:16:40.0981 5736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:16:41.0034 5736 secdrv - ok
20:16:41.0091 5736 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:16:41.0171 5736 seclogon - ok
20:16:41.0328 5736 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:16:41.0354 5736 SENS - ok
20:16:41.0404 5736 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:16:41.0458 5736 Serenum - ok
20:16:41.0499 5736 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:16:41.0523 5736 Serial - ok
20:16:41.0566 5736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:16:41.0586 5736 sermouse - ok
20:16:41.0638 5736 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:16:41.0681 5736 SessionEnv - ok
20:16:41.0710 5736 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:16:41.0758 5736 sffdisk - ok
20:16:41.0763 5736 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:16:41.0825 5736 sffp_mmc - ok
20:16:41.0856 5736 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:16:41.0893 5736 sffp_sd - ok
20:16:41.0994 5736 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:16:42.0052 5736 sfloppy - ok
20:16:42.0194 5736 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:16:42.0220 5736 SharedAccess - ok
20:16:42.0283 5736 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:16:42.0323 5736 ShellHWDetection - ok
20:16:42.0345 5736 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:16:42.0355 5736 sisagp - ok
20:16:42.0368 5736 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:16:42.0378 5736 SiSRaid2 - ok
20:16:42.0393 5736 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:16:42.0404 5736 SiSRaid4 - ok
20:16:42.0583 5736 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:16:42.0728 5736 slsvc - ok
20:16:42.0856 5736 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:16:42.0899 5736 SLUINotify - ok
20:16:42.0964 5736 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:16:43.0004 5736 Smb - ok
20:16:43.0034 5736 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:16:43.0047 5736 SNMPTRAP - ok
20:16:43.0096 5736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:16:43.0106 5736 spldr - ok
20:16:43.0178 5736 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:16:43.0258 5736 Spooler - ok
20:16:43.0384 5736 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
20:16:43.0384 5736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
20:16:43.0386 5736 sptd ( LockedFile.Multi.Generic ) - warning
20:16:43.0386 5736 sptd - detected LockedFile.Multi.Generic (1)
20:16:43.0531 5736 SQLAgent$SQLEXPRESS (37761f6be2ebaed72cc0d43bd4c8c2a6) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:16:43.0592 5736 SQLAgent$SQLEXPRESS - ok
20:16:43.0777 5736 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:16:43.0791 5736 SQLBrowser - ok
20:16:43.0943 5736 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:16:43.0966 5736 srv - ok
20:16:44.0018 5736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:16:44.0076 5736 srv2 - ok
20:16:44.0090 5736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:16:44.0121 5736 srvnet - ok
20:16:44.0161 5736 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:16:44.0196 5736 SSDPSRV - ok
20:16:44.0267 5736 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:16:44.0282 5736 SstpSvc - ok
20:16:44.0339 5736 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:16:44.0361 5736 stisvc - ok
20:16:44.0403 5736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:16:44.0413 5736 swenum - ok
20:16:44.0456 5736 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:16:44.0498 5736 swprv - ok
20:16:44.0530 5736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:16:44.0540 5736 Symc8xx - ok
20:16:44.0608 5736 symsnap (5c66e6aa29dad1875cc74662dd13c87e) C:\Windows\system32\DRIVERS\symsnap.sys
20:16:44.0620 5736 symsnap - ok
20:16:44.0630 5736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:16:44.0640 5736 Sym_hi - ok
20:16:44.0651 5736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:16:44.0660 5736 Sym_u3 - ok
20:16:44.0710 5736 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:16:44.0775 5736 SysMain - ok
20:16:44.0809 5736 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:16:44.0823 5736 TabletInputService - ok
20:16:44.0854 5736 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:16:44.0875 5736 TapiSrv - ok
20:16:44.0924 5736 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:16:44.0948 5736 TBS - ok
20:16:45.0036 5736 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
20:16:45.0081 5736 Tcpip - ok
20:16:45.0093 5736 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
20:16:45.0120 5736 Tcpip6 - ok
20:16:45.0125 5736 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
20:16:45.0174 5736 tcpipreg - ok
20:16:45.0227 5736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:16:45.0270 5736 TDPIPE - ok
20:16:45.0306 5736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:16:45.0327 5736 TDTCP - ok
20:16:45.0351 5736 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:16:45.0410 5736 tdx - ok
20:16:45.0463 5736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:16:45.0474 5736 TermDD - ok
20:16:45.0519 5736 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:16:45.0545 5736 TermService - ok
20:16:45.0624 5736 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:16:45.0638 5736 Themes - ok
20:16:45.0687 5736 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:16:45.0709 5736 THREADORDER - ok
20:16:45.0768 5736 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:16:45.0791 5736 TrkWks - ok
20:16:45.0821 5736 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:16:45.0858 5736 TrustedInstaller - ok
20:16:45.0900 5736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:45.0944 5736 tssecsrv - ok
20:16:46.0009 5736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:16:46.0021 5736 tunmp - ok
20:16:46.0076 5736 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:16:46.0108 5736 tunnel - ok
20:16:46.0136 5736 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:16:46.0147 5736 uagp35 - ok
20:16:46.0166 5736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:16:46.0186 5736 udfs - ok
20:16:46.0332 5736 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:16:46.0354 5736 UI0Detect - ok
20:16:46.0373 5736 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:16:46.0383 5736 uliagpkx - ok
20:16:46.0400 5736 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:16:46.0414 5736 uliahci - ok
20:16:46.0425 5736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:16:46.0436 5736 UlSata - ok
20:16:46.0443 5736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:16:46.0454 5736 ulsata2 - ok
20:16:46.0508 5736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:16:46.0551 5736 umbus - ok
20:16:46.0607 5736 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:16:46.0633 5736 upnphost - ok
20:16:46.0665 5736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:46.0705 5736 usbccgp - ok
20:16:46.0738 5736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:16:46.0801 5736 usbcir - ok
20:16:46.0838 5736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:16:46.0855 5736 usbehci - ok
20:16:46.0908 5736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:16:46.0927 5736 usbhub - ok
20:16:46.0939 5736 usbohci (4f8dd5c9b756efce251784d6ac63e4ab) C:\Windows\system32\DRIVERS\usbohci.sys
20:16:46.0952 5736 usbohci - ok
20:16:47.0012 5736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:16:47.0052 5736 usbprint - ok
20:16:47.0118 5736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:16:47.0155 5736 usbscan - ok
20:16:47.0180 5736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:16:47.0217 5736 USBSTOR - ok
20:16:47.0228 5736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:16:47.0254 5736 usbuhci - ok
20:16:47.0289 5736 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:16:47.0331 5736 UxSms - ok
20:16:47.0379 5736 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:16:47.0405 5736 vds - ok
20:16:47.0420 5736 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:47.0480 5736 vga - ok
20:16:47.0517 5736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:16:47.0538 5736 VgaSave - ok
20:16:47.0578 5736 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:16:47.0588 5736 viaagp - ok
20:16:47.0601 5736 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:16:47.0655 5736 ViaC7 - ok
20:16:47.0685 5736 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:16:47.0693 5736 viaide - ok
20:16:47.0736 5736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:16:47.0747 5736 volmgr - ok
20:16:47.0790 5736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:16:47.0805 5736 volmgrx - ok
20:16:47.0868 5736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:16:47.0882 5736 volsnap - ok
20:16:47.0902 5736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:16:47.0913 5736 vsmraid - ok
20:16:47.0983 5736 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:16:48.0023 5736 VSS - ok
20:16:48.0058 5736 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:16:48.0105 5736 VSTHWBS2 - ok
20:16:48.0163 5736 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:16:48.0273 5736 VST_DPV - ok
20:16:48.0325 5736 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:16:48.0347 5736 W32Time - ok
20:16:48.0453 5736 W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
20:16:48.0514 5736 W3SVC - ok
20:16:48.0598 5736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:16:48.0656 5736 WacomPen - ok
20:16:48.0686 5736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:16:48.0728 5736 Wanarp - ok
20:16:48.0731 5736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:16:48.0748 5736 Wanarpv6 - ok
20:16:48.0755 5736 WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
20:16:48.0770 5736 WAS - ok
20:16:48.0839 5736 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:16:48.0892 5736 wcncsvc - ok
20:16:48.0928 5736 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:16:48.0970 5736 WcsPlugInService - ok
20:16:48.0998 5736 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:16:49.0008 5736 Wd - ok
20:16:49.0075 5736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:16:49.0097 5736 Wdf01000 - ok
20:16:49.0156 5736 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:16:49.0210 5736 WdiServiceHost - ok
20:16:49.0213 5736 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:16:49.0236 5736 WdiSystemHost - ok
20:16:49.0284 5736 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:16:49.0301 5736 WebClient - ok
20:16:49.0363 5736 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:16:49.0436 5736 Wecsvc - ok
20:16:49.0483 5736 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:16:49.0502 5736 wercplsupport - ok
20:16:49.0566 5736 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:16:49.0585 5736 WerSvc - ok
20:16:49.0629 5736 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:16:49.0691 5736 winachsf - ok
20:16:49.0791 5736 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:16:49.0807 5736 WinDefend - ok
20:16:49.0813 5736 WinHttpAutoProxySvc - ok
20:16:49.0843 5736 WinI2C-DDC (808797b2b9094574b042b66569b5a7b0) C:\Windows\system32\drivers\DDCDrv.sys
20:16:49.0853 5736 WinI2C-DDC - ok
20:16:49.0905 5736 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:16:49.0923 5736 Winmgmt - ok
20:16:50.0013 5736 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:16:50.0100 5736 WinRM - ok
20:16:50.0179 5736 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:16:50.0259 5736 Wlansvc - ok
20:16:50.0461 5736 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:16:50.0513 5736 wlidsvc - ok
20:16:50.0675 5736 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:16:50.0734 5736 WmiAcpi - ok
20:16:50.0807 5736 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:16:50.0845 5736 wmiApSrv - ok
20:16:50.0981 5736 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:16:51.0053 5736 WMPNetworkSvc - ok
20:16:51.0091 5736 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:16:51.0154 5736 WPCSvc - ok
20:16:51.0185 5736 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:16:51.0213 5736 WPDBusEnum - ok
20:16:51.0282 5736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:16:51.0315 5736 WpdUsb - ok
20:16:51.0541 5736 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:16:51.0641 5736 WPFFontCache_v0400 - ok
20:16:51.0716 5736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:16:51.0756 5736 ws2ifsl - ok
20:16:51.0804 5736 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:16:51.0818 5736 wscsvc - ok
20:16:51.0822 5736 WSearch - ok
20:16:51.0940 5736 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:16:52.0119 5736 wuauserv - ok
20:16:52.0572 5736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:52.0594 5736 WUDFRd - ok
20:16:52.0652 5736 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:16:52.0675 5736 wudfsvc - ok
20:16:52.0834 5736 Zoho Assist (eaf5ac8f185326d99ad002d839b18a29) C:\Users\Bobby\Documents\ZohoMeeting\ZohoMeeting.exe
20:16:52.0847 5736 Zoho Assist - ok
20:16:52.0861 5736 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:16:53.0102 5736 \Device\Harddisk0\DR0 - ok
20:16:53.0104 5736 Boot (0x1200) (4590b160d910ed1c7b04c0eafbad765c) \Device\Harddisk0\DR0\Partition0
20:16:53.0105 5736 \Device\Harddisk0\DR0\Partition0 - ok
20:16:53.0106 5736 ============================================================
20:16:53.0106 5736 Scan finished
20:16:53.0106 5736 ============================================================
20:16:53.0116 3456 Detected object count: 9
20:16:53.0116 3456 Actual detected object count: 9
20:18:22.0422 3456 Agent ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0422 3456 Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0423 3456 astcc ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0423 3456 astcc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0425 3456 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0426 3456 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0427 3456 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0427 3456 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0428 3456 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0428 3456 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0430 3456 LBeepKE ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0430 3456 LBeepKE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0431 3456 LHidKe ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0431 3456 LHidKe ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0432 3456 LMouKE ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0432 3456 LMouKE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0434 3456 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:18:22.0434 3456 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:19:09.0483 5828 Deinitialize success
  • 0

#12
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bobby :: BOBBY-PC [administrator]

Protection: Enabled

7/9/2012 8:46:18 PM
mbam-log-2012-07-09 (20-46-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254202
Time elapsed: 17 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\209K1I9HN8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Bobby\Downloads\SoftonicDownloader_for_microsoft-security-essentials.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Avast doesn't like C:\Users\Bobby\Desktop\Downloaded Programs\Xara3D v6+Serial+Patch-HeartBug\Serial+Patch\xara3d.6.00-patch.exe I think if you hit Fix it will Quarantine it for you. You can submit it to http://virustotal.com and see if other anti-virus companies agree.

I would also submit

C:\Windows\agent.exe

to virustotal as I do not know what it is.
  • 0

#14
Metalwork

Metalwork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 7/10/2012 8:27:12 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.91% Memory free
6.21 Gb Paging File | 4.22 Gb Available in Paging File | 67.93% Paging File free
Paging file location(s): C:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 280.69 Gb Free Space | 62.70% Space Free | Partition Type: NTFS
Drive F: | 219.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 07:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
PRC - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/04 16:17:00 | 004,527,504 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2010/11/19 09:17:20 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:12:56 | 000,027,136 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\FTmsgsvc.exe
PRC - [2009/08/18 17:12:32 | 000,114,688 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\FTclctrl.exe
PRC - [2009/08/18 14:50:24 | 000,009,216 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk\Fapiexe.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/01 14:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/17 01:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/27 14:26:00 | 000,053,248 | ---- | M] ( Advanced Software Technologies) -- C:\Windows\System32\AstSrv.exe
PRC - [2006/08/14 10:10:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 15:49:26 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/10/26 18:12:20 | 000,978,944 | ---- | M] () -- C:\Program Files\ControlCenter4\BrImgProc.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/20 07:46:06 | 000,282,730 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\SimpleExt.dll
MOD - [2008/04/20 07:46:06 | 000,241,752 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll
MOD - [2006/08/14 10:10:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe
MOD - [2006/08/08 13:40:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SKHooks.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/07/09 19:55:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/19 15:49:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/12 20:14:51 | 000,289,928 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Bobby\Documents\ZohoMeeting\ZohoMeeting.exe -- (Zoho Assist)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/22 14:06:58 | 001,007,472 | ---- | M] () [Auto | Stopped] -- C:\Users\Bobby\Downloads\M4-Service.exe -- (M4-Service)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/04 04:51:38 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\agent.exe -- (Agent)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/10 14:05:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 17:12:56 | 000,027,136 | ---- | M] (Thought Communications, Inc.) [Auto | Running] -- C:\Program Files\FaxTalk\FTmsgsvc.exe -- (FaxTalk FaxCenter Pro 7.5)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/02/01 14:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/27 14:26:00 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bobby\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bobby\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/11/03 04:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/11/03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/09/13 18:07:36 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/14 11:01:24 | 000,013,680 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/28 20:29:12 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap)
DRV - [2006/11/08 03:54:04 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 03:53:00 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DPV)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/30 00:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMOUKE.sys -- (LMouKE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seoic.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = http://search.nation...qcat=web&qkw=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = %20
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,&amp; = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,: = %3A
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,= = %3D
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...&loc=PMAH10IESB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://seoic.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/30 14:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/19 15:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/16 14:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/18 07:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/04/16 07:50:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bobby\AppData\Roaming\Move Networks [2010/11/06 08:43:02 | 000,000,000 | ---D | M]

[2011/08/08 16:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Extensions
[2009/07/17 10:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/17 10:32:04 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/07/05 13:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions
[2012/02/10 11:38:58 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/07/05 13:31:18 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\rs4h3wbp.default\extensions\[email protected]
[2012/06/16 14:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 14:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/11/06 08:43:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOVE NETWORKS
[2012/04/16 21:08:42 | 000,015,997 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/02/10 11:38:57 | 000,107,019 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/05/21 08:21:20 | 001,771,909 | ---- | M] () (No name found) -- C:\USERS\BOBBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RS4H3WBP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/19 15:49:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/19 13:54:56 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/06/19 15:49:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/19 15:49:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Bobby\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Bobby\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Bouncy Mouse = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: http://football.fant...yahoo.com/f1/16 = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlafocckfanhknpficnkaacmpbokhah\2011.10.28.56276_0\
CHR - Extension: StumbleUpon = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.5.7.1_0\

O1 HOSTS File: ([2012/07/10 17:08:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 7.5] C:\Program Files\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SkDaemond] C:\Program Files\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zoho Assist.lnk = C:\Users\Bobby\Documents\ZohoMeeting\ZohoTray.exe (Zoho Meeting)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ideamarketers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: seoic.com ([www] https in Trusted sites)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://sites.clarkus.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F39EAF1-36C1-4950-AA32-4613267F1C86}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/10 16:10:33 | 000,000,000 | ---D | M] - C:\Auto Save -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/01/30 09:16:30 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Bobby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClipMagic.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Bobby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Ditto - hkey= - key= - C:\Program Files\Ditto\Ditto.exe ()
MsConfig - StartUpReg: EKIJ5000StatusMonitor - hkey= - key= - File not found
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Healthcare - hkey= - key= - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDFHook - hkey= - key= - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: ReminderApp - hkey= - key= - C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: Zoho Assist - C:\Users\Bobby\Documents\ZohoMeeting\ZohoMeeting.exe ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64748F6D-683A-7962-0E17-8307E9894950} - Microsoft Windows Media Player 11.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73214669-3539-B3DF-E60F-7E28B76AFBDF} - Browser Customizations
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 20:14:54 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\tdsskiller.exe
[2012/07/10 17:12:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/10 17:12:15 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\temp
[2012/07/10 16:54:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/10 16:54:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/10 16:54:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/10 16:53:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 16:50:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/10 16:49:50 | 004,575,265 | R--- | C] (Swearware) -- C:\Users\Bobby\Desktop\ComboFix.exe
[2012/07/10 15:42:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Bobby\Desktop\aswMBR.exe
[2012/07/10 07:23:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2012/07/09 20:45:40 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
[2012/07/09 20:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 06:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/30 06:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/06/30 06:38:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/28 08:56:29 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\dotPDN LLC
[2012/06/23 01:19:32 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/23 01:19:31 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/23 01:19:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/23 01:19:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/23 01:19:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/23 01:18:38 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/23 01:18:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/16 14:26:38 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/16 14:26:38 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/16 14:26:38 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/16 14:26:38 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/13 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Macromedia
[2012/06/13 08:56:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 08:56:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 08:56:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 08:56:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 08:56:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 08:56:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 08:56:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 06:07:30 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 14:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

========== Files - Modified Within 30 Days ==========

[2012/07/10 20:14:55 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\tdsskiller.exe
[2012/07/10 20:13:05 | 000,000,512 | ---- | M] () -- C:\Users\Bobby\Desktop\MBR.dat
[2012/07/10 20:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 20:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 19:59:57 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004Core.job
[2012/07/10 19:59:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3979474346-4061523993-856938039-1004UA.job
[2012/07/10 18:56:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 18:56:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 17:14:18 | 008,175,762 | ---- | M] () -- C:\Users\Bobby\Desktop\Ocean 14 Louver.zip
[2012/07/10 17:08:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/10 16:49:54 | 004,575,265 | R--- | M] (Swearware) -- C:\Users\Bobby\Desktop\ComboFix.exe
[2012/07/10 15:43:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Bobby\Desktop\aswMBR.exe
[2012/07/10 12:10:57 | 006,546,829 | ---- | M] () -- C:\Users\Bobby\Desktop\vu360setup.exe
[2012/07/10 09:59:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 07:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2012/07/10 06:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/10 01:45:31 | 000,005,172 | ---- | M] () -- C:\Windows\mozy.flt
[2012/07/10 01:45:31 | 000,003,486 | ---- | M] () -- C:\Windows\mozy.blk
[2012/07/09 19:55:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/09 19:55:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/06 17:11:57 | 009,572,753 | ---- | M] () -- C:\Users\Bobby\Desktop\plans.pdf
[2012/07/06 10:57:57 | 003,844,573 | R--- | M] () -- C:\Users\Bobby\Desktop\0WCH Markups.pdf
[2012/07/02 18:49:30 | 000,207,435 | ---- | M] () -- C:\Users\Bobby\Desktop\eleccib.pdf
[2012/06/29 08:09:59 | 000,834,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/29 08:09:59 | 000,188,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/18 17:17:22 | 000,018,629 | ---- | M] () -- C:\Users\Bobby\Desktop\Contacts.csv
[2012/06/16 14:25:56 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/16 14:25:56 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/16 14:25:56 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/16 14:25:55 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/16 14:25:55 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/15 01:28:13 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2012/06/13 09:34:40 | 002,523,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 14:52:59 | 000,000,955 | ---- | M] () -- C:\Users\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

========== Files Created - No Company Name ==========

[2012/07/10 20:13:05 | 000,000,512 | ---- | C] () -- C:\Users\Bobby\Desktop\MBR.dat
[2012/07/10 16:54:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/10 16:54:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/10 16:54:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/10 16:54:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/10 16:54:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/10 12:10:36 | 006,546,829 | ---- | C] () -- C:\Users\Bobby\Desktop\vu360setup.exe
[2012/07/09 19:55:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 17:11:55 | 009,572,753 | ---- | C] () -- C:\Users\Bobby\Desktop\plans.pdf
[2012/07/06 10:57:55 | 003,844,573 | R--- | C] () -- C:\Users\Bobby\Desktop\0WCH Markups.pdf
[2012/07/02 19:07:55 | 000,207,435 | ---- | C] () -- C:\Users\Bobby\Desktop\eleccib.pdf
[2012/06/18 17:17:19 | 000,018,629 | ---- | C] () -- C:\Users\Bobby\Desktop\Contacts.csv
[2012/06/12 14:52:59 | 000,000,955 | ---- | C] () -- C:\Users\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/12/06 14:10:41 | 000,000,306 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/12/06 14:10:41 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/12/06 14:03:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/12/06 14:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/11/30 00:04:41 | 000,004,003 | ---- | C] () -- C:\Users\Bobby\.recently-used.xbel
[2011/08/12 22:51:04 | 000,000,284 | ---- | C] () -- C:\Users\Bobby\.AtD-OpenOffice.org
[2011/04/26 21:32:55 | 000,000,025 | ---- | C] () -- C:\Windows\WebEasy.INI
[2011/02/08 09:52:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/27 10:31:32 | 000,115,712 | ---- | C] () -- C:\Windows\Notespad Uninstaller.exe
[2010/08/24 15:01:49 | 000,000,132 | ---- | C] () -- C:\Windows\picture-shark.INI
[2010/08/20 15:15:01 | 000,069,632 | ---- | C] () -- C:\Windows\agent.exe
[2010/08/20 15:14:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\pmppm.dll
[2010/06/24 13:00:32 | 000,000,137 | ---- | C] () -- C:\Users\Bobby\.jalbum-recent-projects.properties
[2010/06/24 12:55:35 | 000,000,442 | ---- | C] () -- C:\Users\Bobby\.jalbum-ftp-accounts.xml
[2010/06/24 12:55:34 | 000,000,923 | ---- | C] () -- C:\Users\Bobby\.jalbum-defaults.jap
[2010/03/26 09:36:36 | 000,000,760 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\setup_ldm.iss
[2010/02/26 12:53:14 | 000,000,085 | ---- | C] () -- C:\Users\Bobby\appletfile.props
[2009/11/16 11:14:22 | 000,000,680 | ---- | C] () -- C:\Users\Bobby\AppData\Local\d3d9caps.dat
[2009/09/04 18:26:03 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2009/07/17 15:14:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 16:34:40 | 000,000,093 | ---- | C] () -- C:\Users\Bobby\AppData\Local\fusioncache.dat
[2008/09/02 03:32:28 | 000,004,864 | ---- | C] () -- C:\ProgramData\powjnvfp.pmy
[2008/09/01 09:52:51 | 000,064,512 | ---- | C] () -- C:\Users\Bobby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/12/12 13:50:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Adobe
[2011/05/24 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Audacity
[2011/11/18 17:28:00 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Autodesk
[2009/10/06 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Avanquest
[2010/03/26 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\BackToTheBeach
[2011/12/06 18:44:42 | 000,000,000 | R--D | M] -- C:\Users\Bobby\AppData\Roaming\Brother
[2009/11/06 09:34:28 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CheckPoint
[2009/12/09 10:47:55 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ClipMagic
[2012/05/21 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CoffeeCup Software
[2011/12/06 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ControlCenter4
[2008/08/29 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CyberLink
[2009/09/24 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DigitalPhotosExport
[2011/11/21 10:20:12 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Ditto
[2008/09/03 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DivX
[2008/09/22 09:46:38 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Download Manager
[2012/07/10 06:58:19 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Dropbox
[2010/02/02 23:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DVD Flick
[2011/11/18 17:59:19 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FabCAD
[2008/08/29 21:53:48 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FabCADinc
[2011/12/06 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FLEXnet
[2009/07/17 10:32:00 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Foxit
[2012/06/12 15:07:24 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Foxit Software
[2010/01/08 08:36:22 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\GoodSync
[2008/08/29 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Google
[2011/11/29 23:51:40 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\gtk-2.0
[2011/01/17 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Hamachi
[2008/08/29 11:59:15 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Identities
[2010/03/26 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\iHostStudio
[2009/01/02 17:28:34 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\InstallShield
[2008/08/29 12:18:10 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\InterVideo
[2012/07/10 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Jarte
[2011/10/12 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Leadertech
[2011/07/01 10:09:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\LiveSoftware
[2008/08/29 13:15:41 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Logitech
[2008/08/29 12:14:18 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Macromedia
[2010/01/25 17:11:08 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\MAGIX
[2012/07/09 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Media Center Programs
[2012/06/13 18:41:12 | 000,000,000 | --SD | M] -- C:\Users\Bobby\AppData\Roaming\Microsoft
[2010/11/06 08:43:02 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Move Networks
[2012/06/27 05:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Mozilla
[2010/08/27 11:52:10 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\MyNesting
[2011/12/06 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Nuance
[2010/01/28 09:36:37 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\OpenOffice.org
[2012/04/04 12:02:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\PC-FAX TX
[2009/08/10 15:32:38 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Playrix Entertainment
[2012/04/03 15:00:29 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Skype
[2010/03/31 09:32:15 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\skypePM
[2010/06/11 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Snappy Fax
[2008/08/31 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Snappy Fax Archives
[2010/10/19 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\svBuilder
[2010/06/18 11:14:29 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Symantec
[2010/11/04 10:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Temp
[2011/08/08 16:51:21 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Thunderbird
[2010/03/09 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Turbine
[2010/08/20 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Two Pilots
[2009/10/27 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Unity
[2010/04/04 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\uTorrent
[2012/07/10 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Vu360
[2010/08/24 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\webex
[2010/02/24 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Winamp
[2010/10/25 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Windows Live Writer
[2011/08/12 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Zoundry

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/29 22:06:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/08/29 22:06:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/08/29 22:06:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/04/20 07:09:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/04/20 07:09:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/19 15:49:23 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/19 15:49:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Bobby\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/26 20:58:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/09/13 18:07:36 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 510 bytes -> C:\Users\Bobby\Documents\Builders.eml:OECustomProperty

< End of report >


Extras

OTL Extras logfile created on: 7/10/2012 8:27:12 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bobby\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.91% Memory free
6.21 Gb Paging File | 4.22 Gb Available in Paging File | 67.93% Paging File free
Paging file location(s): C:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 280.69 Gb Free Space | 62.70% Space Free | Partition Type: NTFS
Drive F: | 219.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = FabCADScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06244662-C795-4D31-BAA4-AB092FD4B066}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{275CC055-F0C5-41F7-A72D-60BD594C505A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{285D19C9-1019-4BED-AD75-12792C704DD3}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{38B93BEC-9E96-4ED6-83D8-CC0C5DEDB7F7}" = lport=47917 | protocol=17 | dir=in | name=ut |
"{43983F86-E711-40B2-B5E1-2E3FBE48DC84}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{4FC2D385-0F73-4C20-8B0F-D258A1A9B863}" = lport=10243 | protocol=6 | dir=in | app=system |
"{513C341B-F195-47B9-9C07-268C88F45128}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53468DCF-4811-4137-A89B-20C1B099EE34}" = lport=47917 | protocol=6 | dir=in | name=utorrent |
"{69480888-037A-49A3-A8F1-108E9DD9855F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{869C23C6-FF40-4146-B082-D56FD29FA06F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A47207E8-90CB-4377-B247-C06CFF7E98B2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{BCD2BFC5-DCA6-47AD-A8A6-524F6D5F5386}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD26C054-F299-4876-AA17-0806FB594AE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDEAF94C-85D5-43FD-AE45-AAA1558DC5E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAF068F7-EF32-48C8-B50C-5CAA25B625A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D474EE9B-2EDE-4F4A-ABCA-CE7F9DF0B3AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7D79558-CCF0-4AC0-8FA2-318636A28D5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAD40A27-FA27-486E-BD30-764C33BCA511}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A4FF0A-07FA-4A7E-8296-21322BE5EE6C}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{01464AE5-0E13-4163-A848-E0100007C642}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0186AC0E-EAFA-430D-9AF5-581576F5B2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{01A24D1F-E309-4A9D-96F7-417FB6DE0229}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{020ACD3C-D6AE-4421-ACC9-66D581AC47B1}" = protocol=6 | dir=out | app=system |
"{03D82F9B-4A48-4251-9182-BA912DCDD522}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0425E799-F399-49F2-A6D5-5D38FDD2E2FC}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{075AF1BE-0FC7-4E71-8C85-CCF43140D8AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{082E45E5-97A2-4B6A-BAC0-468C8ED64A33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B6668FE-199E-492D-B026-D5D820D64F1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C5C21B8-17B4-43C3-88FE-CDFC0A2F8692}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CADF18F-30CC-44E0-843D-F768D8C3E352}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{12F0E047-F744-427D-AB67-D9FF9CC1A4F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13037D39-0266-46CD-BBE4-96448E1C1C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1519646A-92F4-474B-BB7E-5E221004812E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17E8A5D1-A2B0-4DEF-9F27-9DFFBA1F7705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{187876DB-8B31-45AB-A231-CB8F7E8943B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18FDF615-7D64-4612-8F9D-4D1807E8FFFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D1AFBFD-5065-4133-9C0D-2CDA03A0103A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E25F1F4-F0BA-4CA3-81AB-480E62931B4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E85DECB-9CCA-4B5B-BF40-5935BC2F95E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A5AD1F-98E1-4440-9984-18C07482E222}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{215BF307-AC5F-48E7-8E35-8F0E9C515EDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{225C217B-3501-454A-B4CC-1EC2F051BE9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22B0D424-5FAC-4EF4-8123-0D93B9BCCF14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2516AF7C-B3C2-418F-A4F0-8ED45E07FC8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25905682-75BB-408D-A91C-BFF010EBE97E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{260530FB-AD8B-482A-9FEF-5A34D21D6F9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2712D0E5-EE24-4E42-BD62-C870A5FECA8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29378638-35E3-436F-97CA-BD614DE8295B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{297F7F35-D746-4C4D-A30B-CBA86D03F4AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B035309-69E4-4092-877E-C5EB5277B6FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D753251-072A-41D8-A1D4-FF7BFA110E10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D76682F-9975-4464-B6C1-8C02702277EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F74D314-75E7-4C49-A985-0014214839C4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FDE89A3-AFB8-4B32-9FB9-F81F9F8FE4A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31E1F571-E50F-4324-B6DE-6011D055FB40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328752C6-FF99-4F81-9F4F-3A09DF2812CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32F781B6-5D38-40BD-A610-1E48380888E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33CAE0DE-F390-4151-933A-73F40A868283}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35EE5687-9C91-4059-9FC9-1A0D51841B5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A35C4BE-E304-45FB-98F5-E9BE5B1923D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E72B36B-6983-4E00-8A9D-62ADF26F7CB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{413C8DD5-EEDE-40AA-8BDF-4C8D086033A3}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{42165869-1C54-4765-A2A4-4A23BC8B9F63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42A50ED2-A8DD-4423-8068-1D65B9A250CA}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{44DE3D7C-1FD8-4D63-BB0B-4B838A5BBA56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47F452D4-41B3-4854-920C-47204305EE48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BA07B2C-DE5A-4D30-B6D0-51CD308A081B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E9E4879-61DA-449D-BE8C-F54A9D5B9202}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{542B05CA-D9D4-43D2-9A5E-231F2BA45259}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56F609E6-D591-40D4-A921-74B696A9EEB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5764A460-F7C6-4B3A-923A-9731F310BBF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58059BF5-81BE-4C80-8E97-E2841FEDE076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58833134-09AE-4606-9742-78AFF106FBCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5993569A-F64D-4FD1-8360-0AB611B945F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C5CD35B-71E3-470F-BDB0-B11113D0550A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DD894FE-4CDC-4E61-B072-152D3814411E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{636D7AD3-B50C-468E-8473-9E16A96483D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6735FD70-128C-4B51-A250-E1C90AFC984B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6DC54F15-700C-45FC-9DE7-3D2241A3AE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E1AB781-2654-402F-A1ED-6D1202D28E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F79F5A2-BCEF-47E3-96F8-6C2E5387BC20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F84ED0B-D8D7-4B1D-9869-FE1628949B47}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{707BDA81-F0B8-4958-9016-9E3F5FA5E0CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{711B164D-331D-4D5E-8C1C-B3F55F40300C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{71AE059F-4565-4EAD-B015-2F4E6DCBA87A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73B7C4E1-183F-411F-82BD-12CB3DF095EA}" = protocol=17 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"{758394EB-805F-4FAC-A982-AA2E8AC4AB83}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{7692BBA2-74C9-4B94-8B41-6D2AA3D936C7}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{76D28532-80E6-4BC5-96CE-58E2974000A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78A97533-CE58-4763-A3DF-52C10CB81BAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79FD3B6D-08DD-4917-ADBA-7B0869A82E4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8043ABD5-C563-4D61-A1BF-F9A07FFCD48C}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{8284183C-8E76-45DB-AEF6-D018B3C52EA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86F4B656-06B4-440A-9A2A-750D4EB2BB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88ED5EC2-D1E8-4133-A8BD-315B86C61699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89190588-E994-439C-95E8-4C92737A0F12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B383760-BEAC-412F-993E-1189B5C7D23C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E98921A-D508-484E-B13F-EB93B6362E4E}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imlc.exe |
"{8FFD1890-B8EB-4EA2-B186-DA81F28BBF12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{900C3931-0DDE-4545-939A-54322777A621}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9087A690-748B-449B-9535-17885222FA17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90E97613-36F2-4E77-AEE8-44E91D36C95F}" = protocol=6 | dir=in | app=c:\users\bobby\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{95A687AA-1E38-492F-99AF-2F2919530817}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E063F86-DA37-465E-879C-8C40322FA588}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{9F77BFEB-5D69-46CE-AEDD-892FDB0EC167}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0EB84E4-80A2-43F6-A4B6-2763E6D18D03}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{ACE64CC2-BC6C-4D5E-A63D-B23642A8FC42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD6B1C56-FB2F-4EB4-B89D-CD75492E987E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFC2CA9C-B3AF-42A7-A141-C1AD1A3AC210}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B00FF3EA-503C-4C1C-9604-272853611490}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0B97D5C-EBE2-4730-A6F4-3C2961149263}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B34118A5-5501-431E-9D33-9836261E77AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B51F157F-BE75-4F78-AB28-8C73021B6450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70B6CAC-3F45-4BBC-824F-5605AB69626B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8409F18-CD4E-4590-AA7A-AC22384F2A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAA6F57E-BA4F-4AB0-AF99-D7237C8E3931}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imlc.exe |
"{BAE3585C-1180-4493-8436-65BA400D6D72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF4DC1C0-C2BF-49E5-8F69-03E222D5DACA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFB53132-FB06-48E4-AC72-71114B37A8E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFF11C7D-5FA2-48DE-8B87-4C51D1290EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C03834C1-B0EA-47AE-832D-DFDE0E477645}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D6EF90-EBE2-4467-B23C-0EF58206D473}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C39334F1-0932-4834-B0B3-ED766ACBABDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3CC8A77-5455-4D5C-A8A1-986EE1103FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C932379B-B660-4EDF-B409-4FCC3BA979F2}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impackr.exe |
"{CC30CFE1-81CD-49E1-B613-962BE70A11BB}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{CE42C0C3-3B15-40FE-A8DD-CE527A8C7496}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF0031AF-000B-4B75-B7C7-A3E7D952BAB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0C78C87-3669-4FA6-B8DB-CEDDC542982D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0CC9B40-85F4-4EA5-A17B-8A866D2B930C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3DE0A90-529F-4498-84A6-B21343DF8E18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D789674B-F64F-477D-A10D-0442439F3623}" = dir=in | app=c:\program files\lenovo\lenovo media studio\pdr.exe |
"{D99508EA-3904-4690-BA7B-C811C8E09D5E}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{DA964C19-1C49-4BC2-8EAD-987CFF12DB4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBAB4B92-5A73-492A-AABC-BA9E9F74DEC3}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{DD72DF66-3BDD-4293-9B36-14FD32304B36}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{E0260DA2-809B-4ABF-97F9-2243D9C0FE63}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{E149CA84-1B93-4E57-9458-A45626EADD11}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E1E1FBDE-BC5A-4495-B805-074F420613E3}" = protocol=6 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"{E435CEBF-9764-426F-BEF9-C6102413973A}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{E604D464-525B-423F-AA18-91023F101256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BB691A-C769-4E84-98E6-C720C16AE3F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9F1F227-FE8E-4CB0-83F8-EC07DC693D41}" = protocol=17 | dir=in | app=c:\users\bobby\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EB63A012-6552-4C3B-B7AB-3338919A8096}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB66CC9E-1060-4EDA-BEAB-A9E6323EC714}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impackr.exe |
"{EB7F326C-C0BF-42E6-B601-A72E3F0025E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE216F14-E101-4B37-AE47-3576124700CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F11E6AC1-6AAF-4FCE-8A71-20A576E56A47}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F16CA5AA-ED6E-40FB-A21C-89C571F83CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F190B9EC-1B9A-4B59-A5F2-FB61130B01CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2604EFA-BAC1-42F0-8BF1-011D1C802E48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2F8FE73-8C8C-4A93-A12F-38E9D13D68D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4072371-565E-49D3-938A-046468194DC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5225974-8AC1-4D66-94BD-EEF3EDA663C7}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{F5257933-6BB4-4679-B88C-E9BE5B9A4F61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7C07BFE-12DC-4542-924A-3E2120FCDC30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA71106-FBFC-41A9-8E5F-A9EC9FBDD443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{109C342F-53D5-4C18-B1D5-53C4FEAD0A86}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{1E9C2E34-36C3-4CEC-8587-3C9779E6034C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{27E8377E-2411-48EA-8682-759E8E97387E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{572A624D-EEE4-4489-8B70-E5DF1FB19591}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{614B6629-E246-432A-B3EB-C7696D29F4D3}C:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{727ED5F4-3623-46DF-81A3-51F7D5C4971B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{7BDB2D11-E0AB-4B36-B3FF-66DF03E4B627}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D955212F-7080-4CA5-A10E-5724AE574899}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"TCP Query User{DB8E7EDB-3E60-4FEA-A5EB-50AD83CE669F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F53A70A6-DFB3-42A5-9865-1E2E30F6AF66}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{548E36CE-AA6C-41AF-92CE-E0877A7C9038}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |
"UDP Query User{911D9764-28AF-4432-BF60-B36615DBC120}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{9189A2D5-CFB0-4832-8291-468D8BAEF7CA}C:\program files\ea games\command & conquer generals zero hour\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\patchget.dat |
"UDP Query User{94FB7540-83EE-4CB2-B507-94B6665B4BAB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AD5E3A7A-69A8-46AD-B9DB-28869FC1C90D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CAF48247-7355-4FD2-9DE1-72568A29DD29}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{D18DFE78-05AD-4E63-9071-2AB2CAC8E57E}C:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bobby\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D6891F59-864F-482E-93C6-E32D0CC321C0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DCE82AC6-F57E-412C-8BDE-B33FFE9AEE04}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EA98BEC8-7E73-40D5-A156-F921D5D56C5B}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"%ProgramName%" = picture-shark 1.0
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF52D77-1DF7-4391-85B3-AE45CEE8BD86}" = Xara Xtreme Pro 5
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EC3F249-91D1-460B-BD2A-4779F9D5E793}" = FabCAD 2009 Disk2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35DC9F1E-5E88-4E69-A49A-9F4C2B33DDF3}" = Web Easy Professional
"{364AD023-F22D-4380-88D0-F9C6A778E194}" = Driver & Application Installation
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A097992-41D6-F477-4982-9617C0BFB9CA}" = svBuilder
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41DC9B1E-BB88-43F0-B886-99CF70AE6626}" = Greeting Card Factory Deluxe
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{47365D32-E881-4473-9565-6254ED0809E2}" = FaxTalk FaxCenter Pro 7.5
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56D8B4D1-0DCE-4DF6-B3FC-459157C9AC75}_is1" = PDF Maker Pilot Trial 2.2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FBDF1E0-E616-11D3-AFFB-AA0004003D04}" = Linear AccessBase v 1.52
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1D86F3-3FF4-400B-9B2F-27B269C594EE}" = Multiple Image Resizer .NET
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FC59A07-B17F-44A2-A5B0-3D78E78B4E13}" = ScreenShot V1.0.0.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{929648CA-A97F-4EB3-9CD8-563ADDF468DF}" = Zoho Assist
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A1D5854-F960-4198-B8B5-4E42F7CD97DD}" = Tec Basic for Windows Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3A6A319-F194-4065-A255-26C03D33A0F8}" = Email Verifier
"{A3D79488-45B9-4BCE-9CE7-AB24C0F1E645}" = Library Release 16
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB9C8D1-70A6-B2C2-D668-EA1BCFCCFC8D}" = MozyHome
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2520F31-1EC6-4299-95F4-9DF1592D4FAE}" = FabCAD 2012 Disk2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4287F1F-FD5C-4A8B-8BBB-7DBA436F269F}" = DiggThis for Windows Live Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBBFDD7B-71FC-443D-95C2-D014FED556CB}" = LVT
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E1077A0C-0DF2-4A9E-AD83-D6ACDFA40890}" = Twitter Plugin for Windows Live Writer
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E8481C18-EE4A-42FB-9762-D2EDAE58538E}" = FabCAD 2012
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2795DC8-50AE-4611-B7C9-AAE0DF93778D}" = FabCad 2009
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F484477C-6E96-4887-A0C1-00E20F525392}" = Lenovo Standard Keyboard Driver
"{F67382D1-971A-4086-818F-D16D060A71E5}" = MyNesting Client
"{F7E2EBD0-95F9-152E-A50A-59B46EF15E79}" = Library15
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"AI RoboForm" = AI RoboForm (All Users)
"Ask Toolbar_is1" = Foxit Toolbar
"Batch Watermark Creator_is1" = Batch Watermark Creator 7.0.3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"CoffeeCup Web Form Builder" = CoffeeCup Web Form Builder
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"CoffeeCup Website Access Manager" = CoffeeCup Website Access Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Concord Telephony Translation" = Concord Telephony Translation
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CTIAPI32" = CTIAPI32 (remove only)
"CtiLogC" = CtiLogC (remove only)
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Digital Photo Export_is1" = DigitalPhotoExport 0.4.0.7 (Beta)
"Ditto_is1" = Ditto
"DMGenie_is1" = DM Genie Version 2.25.345
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Email Verifier" = Email Verifier
"FabCad 2009" = FabCad 2009
"FabCAD 2012" = FabCAD 2012
"FabCAD 2012 SP1" = FabCAD 2012 SP1
"Foxit Reader_is1" = Foxit Reader
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel® Graphics Media Accelerator Driver
"iEasySite" = iEasySite (remove only)
"Img2CAD_is1" = Img2CAD 7.1
"IncrediMail" = IncrediMail 2.0
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Jarte_is1" = Jarte 4.1
"Java Web Start" = Java Web Start
"Live Writer Picasa Plugin" = Live Writer Picasa Plugin 1.3.0
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multiple Image Resizer .NET" = Multiple Image Resizer .NET
"Notespad" =
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"PlayerGenie_is1" = Player Genie Version 2.24.333
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel® PRO Network Connections 12.1.12.0
"Quick Search Box" = Google Quick Search Box
"svBuilder" = svBuilder
"SystemRequirementsLab" = System Requirements Lab
"uberOptions" = uberOptions 4.80.5
"UnityWebPlayer" = Unity Web Player
"VeriFace" = VeriFace
"WebCEO70_is1" = Web CEO 8.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zoundry Raven" = Zoundry Raven

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Move Media Player" = Move Media Player
"ShockWave" = ShockWave
"ShockWave 1.1" = ShockWave 1.1
"ShockWave Map Pack" = ShockWave Map Pack
"ShockWave V0.95" = ShockWave V0.95

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2012 11:14:59 AM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x04948e73, process id 0x1f14, application start time
0x01cd2163d2eed9c0.

Error - 4/23/2012 9:04:46 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x046a2978, process id
0xe10, application start time 0x01cd21943925d6f0.

Error - 4/23/2012 9:27:00 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x06302978, process id
0x1d70, application start time 0x01cd21b9535afa30.

Error - 4/23/2012 9:27:02 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x06068e73, process id
0x1d70, application start time 0x01cd21b9535afa30.

Error - 4/24/2012 10:57:01 AM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application agent.exe, version 2.0.0.26, time stamp 0x4f27b83b,
faulting module agent.exe, version 2.0.0.26, time stamp 0x4f27b83b, exception code
0xc000000d, fault offset 0x00127ff1, process id 0x19a0, application start time 0x01cd222722633b90.

Error - 4/24/2012 12:01:36 PM | Computer Name = Bobby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/24/2012 12:28:14 PM | Computer Name = Bobby-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/24/2012 12:48:07 PM | Computer Name = Bobby-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 4/24/2012 12:49:37 PM | Computer Name = Bobby-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 4/24/2012 5:38:32 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x05a82978, process id
0x12b0, application start time 0x01cd223e1b12ebe0.

Error - 4/24/2012 5:38:35 PM | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Faulting application FOXIT READER.EXE, version 5.1.4.104, time stamp
0x4f03f742, faulting module facebook_plugin.fpi_unloaded, version 0.0.0.0, time
stamp 0x4ed5d143, exception code 0xc0000005, fault offset 0x057e8e73, process id
0x12b0, application start time 0x01cd223e1b12ebe0.

[ Media Center Events ]
Error - 11/8/2009 11:03:41 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/8/2009 11:03:55 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/27/2010 7:51:32 PM | Computer Name = Bobby-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/15/2009 6:37:34 PM | Computer Name = Bobby-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/9/2012 9:08:36 PM | Computer Name = Bobby-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-4350 with shared
resource name Brother MFC-4350. Error 2114. The printer cannot be used by others
on the network.

Error - 7/9/2012 9:09:33 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2012 6:53:13 AM | Computer Name = Bobby-PC | Source = DCOM | ID = 10010
Description =

Error - 7/10/2012 6:56:09 AM | Computer Name = Bobby-PC | Source = Print | ID = 23
Description = Printer PDF4U Adobe PDF Creator failed to initialize because a suitable
PDF4U Adobe PDF Creator driver could not be found. The new printer settings that
you specified have not taken effect. Install or reinstall the printer driver. You
might need to contact the vendor for an updated driver.

Error - 7/10/2012 6:57:02 AM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2012 4:53:20 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/10/2012 4:53:20 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/10/2012 4:57:06 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/10/2012 5:03:57 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/10/2012 5:08:57 PM | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java Web Start
Java™ 6 Update 16
Java™ 6 Update 25
Java™ 6 Update 33

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.



Uninstall
Adobe Reader 9.5.1 (get the latest at adobe.com if you use it)
Foxit Toolbar (You do not need this in order for Foxit to work)

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = http://search.nation...qcat=web&qkw=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = %20
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,&amp; = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,: = %3A
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,= = %3D
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
[2009/07/17 10:32:04 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/06/16 14:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
[2009/09/04 18:26:03 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2008/09/02 03:32:28 | 000,004,864 | ---- | C] () -- C:\ProgramData\powjnvfp.pmy

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP