Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Possible virus and very slow performance

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Mon Mar 12, 2012 8:09 am    Post subject: Possible virus and very slow performance Reply with quote

My wife might have downloaded something ugly to our laptop, the system is running unusually slow. I have seen some odd phishing sites come up as our internet home page also. Have run malware bytes and some other scans, but not sure I've gotten everything. My machine should contain no illegal or pirated software whatsoever.


DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Rob and Jenn Laptop at 12:04:00 on 2012-03-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2075 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\msiexec.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D167C8E5-9FE8-4DA9-9E0F-EC2DBDAD54EB} : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{FE058ECD-76D9-4F98-91AA-A0FBD02E255F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE058ECD-76D9-4F98-91AA-A0FBD02E255F}\16474777966696 : DhcpNameServer = 10.131.106.129 64.134.255.2 64.134.255.10
TCP: Interfaces\{FE058ECD-76D9-4F98-91AA-A0FBD02E255F}\D4561646F677 : DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob and Jenn Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\o2u7h9qg.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://dell.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_1\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120309.002\IDSviA64.sys [2012-3-9 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601010.008\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-9-25 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccsvchst.exe [2012-3-9 138232]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-5 1692480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 0169141302695984mcinstcleanup;McAfee Application Installer Cleanup (0169141302695984);C:\Windows\TEMP\016914~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\016914~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-12 15:45:59 59904 ----a-w- C:\Windows\SysWow64\zlib1.dll
2012-03-11 13:51:51 127232 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBDA2.tmp
2012-03-11 13:11:46 -------- d-----w- C:\Windows\en
2012-03-11 13:06:36 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-11 13:02:41 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3dd9ba9f1ccff8719\MeshBetaRemover.exe
2012-03-09 11:22:11 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\symnets.sys
2012-03-09 11:22:11 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\symefa64.sys
2012-03-09 11:22:10 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\srtsp64.sys
2012-03-09 11:22:10 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\symds64.sys
2012-03-09 11:22:10 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\srtspx64.sys
2012-03-09 11:22:10 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\ironx64.sys
2012-03-09 11:22:10 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601010.008\ccsetx64.sys
2012-03-09 11:21:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601010.008
2012-02-18 22:26:20 -------- d-----w- C:\Users\Rob and Jenn Laptop\AppData\Local\{C4EB696E-E089-42B0-A683-39307FD5E979}
2012-02-18 22:25:47 -------- d-----w- C:\Users\Rob and Jenn Laptop\AppData\Local\{62086673-78DE-4A8E-B2A3-288A8E0A0085}
2012-02-18 20:22:10 -------- d-----w- C:\Users\Rob and Jenn Laptop\AppData\Local\Turbine
2012-02-18 20:19:27 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-02-18 20:19:26 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-02-18 20:19:24 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-02-18 20:18:18 -------- d-----w- C:\Users\Rob and Jenn Laptop\AppData\Local\ApplicationHistory
2012-02-18 20:16:20 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-02-18 19:50:00 -------- d-----w- C:\Program Files (x86)\Turbine
2012-02-18 13:13:55 -------- d-----w- C:\Users\Rob and Jenn Laptop\AppData\Local\PMB Files
2012-02-18 13:13:51 -------- d-----w- C:\ProgramData\PMB Files
2012-02-18 13:13:41 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-02-16 00:41:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 00:41:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 00:41:13 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 00:41:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 00:41:11 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 00:41:10 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 00:41:01 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 00:41:01 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-09 11:22:18 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-27 11:33:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-16 11:22:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:04:56.48 ===============


Attach Log


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2010 5:15:43 PM
System Uptime: 3/11/2012 9:16:55 AM (27 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 349.958 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP143: 2/16/2012 3:01:35 AM - Windows Update
RP144: 2/18/2012 3:18:23 PM - Installed DirectX
RP145: 2/27/2012 6:31:02 AM - Installed Java(TM) 6 Update 31
RP146: 3/11/2012 8:51:31 AM - Removed Microsoft Office Home and Business 2010
RP147: 3/11/2012 9:00:40 AM - CheckIfInstallerIsBusy
RP148: 3/11/2012 9:02:40 AM - Windows Live Essentials
RP149: 3/11/2012 9:03:34 AM - Installed DirectX
RP150: 3/11/2012 9:04:27 AM - Installed DirectX
RP151: 3/11/2012 9:06:19 AM - WLSetup
RP152: 3/11/2012 9:44:02 AM - Installed Microsoft Office Home and Business 2010 Trial
RP153: 3/12/2012 11:47:56 AM - DLL-Files.com Fixer Mon, Mar 12, 12 11:47
RP154: 3/12/2012 11:54:44 AM - Removed OpenOffice.org 3.3
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
AbiWord 2.8.6
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
Consumer In-Home Service Agreement
Cozi
Curse Client
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Wireless 1515 Driver Installation
EverQuest II
EverQuest II Extended
FlipShare
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
IDT Audio
IHA_MessageCenter
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
LeapFrog MyOwnLeaptop Plugin
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.23)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB973685)
MyTomTom 3.0.2.286
Norton 360
Pando Media Booster
QuickBooks
QuickBooks Premier: Accountant Edition 2011
Raptr
Realtek USB 2.0 Card Reader
Redist
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
Verizon Media Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 9.0 Runtime
Vz In Home Agent
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
World of Warcraft
WriteWay
.
==== Event Viewer Messages From Past Week ========
.
3/7/2012 10:13:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JENIFER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FE058ECD-76D9-4F98-91AA-A0FBD02E255F}. The master browser is stopping or an election is being forced.
3/10/2012 8:51:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Tue Mar 13, 2012 3:21 am    Post subject: Reply with quote

Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Windows 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe And select Run as administrator to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • TDSSKiller log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Tue Mar 13, 2012 3:41 pm    Post subject: Reply with quote

Thank you for taking your time to help Cypher. It is appreciated.

TDSSKiller Report


19:25:47.0071 3512 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:25:47.0601 3512 ============================================================
19:25:47.0601 3512 Current date / time: 2012/03/13 19:25:47.0601
19:25:47.0601 3512 SystemInfo:
19:25:47.0601 3512
19:25:47.0601 3512 OS Version: 6.1.7601 ServicePack: 1.0
19:25:47.0601 3512 Product type: Workstation
19:25:47.0601 3512 ComputerName: ROBANDJENNLAPTO
19:25:47.0601 3512 UserName: Rob and Jenn Laptop
19:25:47.0601 3512 Windows directory: C:\Windows
19:25:47.0601 3512 System windows directory: C:\Windows
19:25:47.0601 3512 Running under WOW64
19:25:47.0601 3512 Processor architecture: Intel x64
19:25:47.0601 3512 Number of processors: 2
19:25:47.0601 3512 Page size: 0x1000
19:25:47.0601 3512 Boot type: Normal boot
19:25:47.0601 3512 ============================================================
19:25:48.0334 3512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:25:48.0350 3512 \Device\Harddisk0\DR0:
19:25:48.0350 3512 MBR used
19:25:48.0350 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:25:48.0350 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
19:25:48.0428 3512 Initialize success
19:25:48.0428 3512 ============================================================
19:25:52.0099 5292 ============================================================
19:25:52.0099 5292 Scan started
19:25:52.0099 5292 Mode: Manual;
19:25:52.0099 5292 ============================================================
19:25:53.0126 5292 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:25:53.0150 5292 1394ohci - ok
19:25:53.0291 5292 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:25:53.0307 5292 ACPI - ok
19:25:53.0445 5292 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:25:53.0464 5292 AcpiPmi - ok
19:25:53.0640 5292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:25:53.0657 5292 adp94xx - ok
19:25:53.0805 5292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:25:53.0823 5292 adpahci - ok
19:25:53.0958 5292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:25:53.0961 5292 adpu320 - ok
19:25:54.0115 5292 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:25:54.0124 5292 AFD - ok
19:25:54.0264 5292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:25:54.0281 5292 agp440 - ok
19:25:54.0830 5292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:25:54.0833 5292 aliide - ok
19:25:54.0998 5292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:25:55.0010 5292 amdide - ok
19:25:55.0167 5292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:25:55.0170 5292 AmdK8 - ok
19:25:55.0200 5292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:25:55.0203 5292 AmdPPM - ok
19:25:55.0333 5292 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:25:55.0336 5292 amdsata - ok
19:25:55.0381 5292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:25:55.0386 5292 amdsbs - ok
19:25:55.0512 5292 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:25:55.0514 5292 amdxata - ok
19:25:55.0635 5292 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:25:55.0651 5292 ApfiltrService - ok
19:25:55.0791 5292 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:25:55.0807 5292 AppID - ok
19:25:55.0885 5292 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:25:55.0900 5292 arc - ok
19:25:55.0931 5292 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:25:55.0947 5292 arcsas - ok
19:25:56.0119 5292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:25:56.0119 5292 AsyncMac - ok
19:25:56.0212 5292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:25:56.0228 5292 atapi - ok
19:25:56.0290 5292 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
19:25:56.0337 5292 athr - ok
19:25:56.0509 5292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:25:56.0524 5292 b06bdrv - ok
19:25:56.0633 5292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:25:56.0649 5292 b57nd60a - ok
19:25:56.0727 5292 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:25:56.0727 5292 Beep - ok
19:25:56.0992 5292 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
19:25:57.0039 5292 BHDrvx64 - ok
19:25:57.0195 5292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:25:57.0195 5292 blbdrive - ok
19:25:57.0273 5292 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:25:57.0289 5292 bowser - ok
19:25:57.0413 5292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:25:57.0429 5292 BrFiltLo - ok
19:25:57.0476 5292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:25:57.0476 5292 BrFiltUp - ok
19:25:57.0554 5292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:25:57.0569 5292 Brserid - ok
19:25:57.0663 5292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:25:57.0663 5292 BrSerWdm - ok
19:25:57.0694 5292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:25:57.0694 5292 BrUsbMdm - ok
19:25:57.0710 5292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:25:57.0710 5292 BrUsbSer - ok
19:25:57.0850 5292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:25:57.0850 5292 BTHMODEM - ok
19:25:58.0037 5292 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys
19:25:58.0037 5292 ccSet_N360 - ok
19:25:58.0162 5292 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:25:58.0178 5292 cdfs - ok
19:25:58.0303 5292 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:25:58.0303 5292 cdrom - ok
19:25:58.0459 5292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:25:58.0459 5292 circlass - ok
19:25:58.0568 5292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:25:58.0568 5292 CLFS - ok
19:25:58.0724 5292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:25:58.0724 5292 CmBatt - ok
19:25:58.0849 5292 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:25:58.0849 5292 cmdide - ok
19:25:58.0958 5292 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:25:58.0973 5292 CNG - ok
19:25:59.0114 5292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:25:59.0114 5292 Compbatt - ok
19:25:59.0254 5292 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:25:59.0254 5292 CompositeBus - ok
19:25:59.0332 5292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:25:59.0332 5292 crcdisk - ok
19:25:59.0488 5292 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
19:25:59.0488 5292 dc3d - ok
19:25:59.0582 5292 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:25:59.0582 5292 DfsC - ok
19:25:59.0629 5292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:25:59.0629 5292 discache - ok
19:25:59.0769 5292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:25:59.0785 5292 Disk - ok
19:25:59.0941 5292 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:25:59.0956 5292 drmkaud - ok
19:26:00.0098 5292 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:00.0127 5292 DXGKrnl - ok
19:26:00.0319 5292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:26:00.0416 5292 ebdrv - ok
19:26:00.0535 5292 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:26:00.0543 5292 eeCtrl - ok
19:26:00.0707 5292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:26:00.0718 5292 elxstor - ok
19:26:00.0832 5292 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:26:00.0839 5292 EraserUtilRebootDrv - ok
19:26:00.0950 5292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:26:00.0953 5292 ErrDev - ok
19:26:01.0106 5292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:26:01.0110 5292 exfat - ok
19:26:01.0158 5292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:26:01.0161 5292 fastfat - ok
19:26:01.0331 5292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:26:01.0333 5292 fdc - ok
19:26:01.0397 5292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:26:01.0399 5292 FileInfo - ok
19:26:01.0464 5292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:26:01.0465 5292 Filetrace - ok
19:26:01.0626 5292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:26:01.0632 5292 flpydisk - ok
19:26:01.0716 5292 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:26:01.0731 5292 FltMgr - ok
19:26:01.0876 5292 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:26:01.0878 5292 FsDepends - ok
19:26:02.0016 5292 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:26:02.0019 5292 fssfltr - ok
19:26:02.0148 5292 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:26:02.0150 5292 Fs_Rec - ok
19:26:02.0231 5292 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:26:02.0235 5292 fvevol - ok
19:26:02.0297 5292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:26:02.0311 5292 gagp30kx - ok
19:26:02.0518 5292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:26:02.0520 5292 hcw85cir - ok
19:26:02.0594 5292 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:26:02.0598 5292 HDAudBus - ok
19:26:02.0650 5292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:26:02.0652 5292 HidBatt - ok
19:26:02.0675 5292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:26:02.0678 5292 HidBth - ok
19:26:02.0697 5292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:26:02.0711 5292 HidIr - ok
19:26:02.0850 5292 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:26:02.0864 5292 HidUsb - ok
19:26:02.0952 5292 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:26:02.0955 5292 HpSAMD - ok
19:26:03.0037 5292 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:26:03.0053 5292 HTTP - ok
19:26:03.0101 5292 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:26:03.0102 5292 hwpolicy - ok
19:26:03.0148 5292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:03.0151 5292 i8042prt - ok
19:26:03.0212 5292 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:26:03.0217 5292 iaStor - ok
19:26:03.0354 5292 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:26:03.0362 5292 iaStorV - ok
19:26:03.0599 5292 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120313.001\IDSvia64.sys
19:26:03.0602 5292 IDSVia64 - ok
19:26:03.0851 5292 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:26:04.0001 5292 igfx - ok
19:26:04.0150 5292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:26:04.0152 5292 iirsp - ok
19:26:04.0220 5292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:26:04.0223 5292 intelide - ok
19:26:04.0335 5292 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:26:04.0338 5292 intelppm - ok
19:26:04.0400 5292 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:04.0404 5292 IpFilterDriver - ok
19:26:04.0455 5292 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:26:04.0458 5292 IPMIDRV - ok
19:26:04.0509 5292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:26:04.0512 5292 IPNAT - ok
19:26:04.0651 5292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:26:04.0653 5292 IRENUM - ok
19:26:04.0695 5292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:26:04.0698 5292 isapnp - ok
19:26:04.0747 5292 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:26:04.0753 5292 iScsiPrt - ok
19:26:04.0873 5292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:04.0876 5292 kbdclass - ok
19:26:04.0936 5292 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:26:04.0939 5292 kbdhid - ok
19:26:05.0002 5292 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:26:05.0019 5292 KSecDD - ok
19:26:05.0092 5292 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:26:05.0106 5292 KSecPkg - ok
19:26:05.0150 5292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:26:05.0165 5292 ksthunk - ok
19:26:05.0257 5292 Lavasoft Kernexplorer - ok
19:26:05.0399 5292 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
19:26:05.0417 5292 Lbd - ok
19:26:05.0553 5292 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
19:26:05.0568 5292 Leapfrog-USBLAN - ok
19:26:05.0683 5292 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:26:05.0685 5292 lltdio - ok
19:26:05.0824 5292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:26:05.0828 5292 LSI_FC - ok
19:26:05.0920 5292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:26:05.0923 5292 LSI_SAS - ok
19:26:05.0948 5292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:26:05.0950 5292 LSI_SAS2 - ok
19:26:06.0033 5292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:26:06.0036 5292 LSI_SCSI - ok
19:26:06.0178 5292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:26:06.0181 5292 luafv - ok
19:26:06.0234 5292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:26:06.0249 5292 megasas - ok
19:26:06.0364 5292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:26:06.0370 5292 MegaSR - ok
19:26:06.0501 5292 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:26:06.0503 5292 Modem - ok
19:26:06.0634 5292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:26:06.0635 5292 monitor - ok
19:26:06.0779 5292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:26:06.0781 5292 mouclass - ok
19:26:06.0935 5292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:26:06.0938 5292 mouhid - ok
19:26:07.0078 5292 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:26:07.0080 5292 mountmgr - ok
19:26:07.0207 5292 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:26:07.0211 5292 mpio - ok
19:26:07.0328 5292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:26:07.0331 5292 mpsdrv - ok
19:26:07.0635 5292 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:26:07.0641 5292 MRxDAV - ok
19:26:07.0774 5292 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:07.0788 5292 mrxsmb - ok
19:26:07.0922 5292 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:07.0929 5292 mrxsmb10 - ok
19:26:08.0195 5292 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:08.0209 5292 mrxsmb20 - ok
19:26:08.0335 5292 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:26:08.0338 5292 msahci - ok
19:26:08.0455 5292 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:26:08.0460 5292 msdsm - ok
19:26:08.0612 5292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:26:08.0630 5292 Msfs - ok
19:26:08.0754 5292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:26:08.0757 5292 mshidkmdf - ok
19:26:08.0890 5292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:26:08.0902 5292 msisadrv - ok
19:26:09.0055 5292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:26:09.0056 5292 MSKSSRV - ok
19:26:09.0195 5292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:09.0197 5292 MSPCLOCK - ok
19:26:09.0338 5292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:26:09.0340 5292 MSPQM - ok
19:26:09.0461 5292 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:26:09.0468 5292 MsRPC - ok
19:26:09.0596 5292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:26:09.0599 5292 mssmbios - ok
19:26:09.0751 5292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:26:09.0753 5292 MSTEE - ok
19:26:09.0868 5292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:26:09.0870 5292 MTConfig - ok
19:26:09.0990 5292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:26:09.0992 5292 Mup - ok
19:26:10.0162 5292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:26:10.0180 5292 NativeWifiP - ok
19:26:10.0535 5292 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120313.002\ENG64.SYS
19:26:10.0537 5292 NAVENG - ok
19:26:10.0797 5292 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120313.002\EX64.SYS
19:26:10.0816 5292 NAVEX15 - ok
19:26:10.0979 5292 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:26:11.0010 5292 NDIS - ok
19:26:11.0173 5292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:11.0178 5292 NdisCap - ok
19:26:11.0213 5292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:11.0216 5292 NdisTapi - ok
19:26:11.0274 5292 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:11.0278 5292 Ndisuio - ok
19:26:11.0344 5292 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:11.0348 5292 NdisWan - ok
19:26:11.0445 5292 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:26:11.0448 5292 NDProxy - ok
19:26:11.0514 5292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:26:11.0516 5292 NetBIOS - ok
19:26:11.0561 5292 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:26:11.0565 5292 NetBT - ok
19:26:11.0776 5292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:26:11.0778 5292 nfrd960 - ok
19:26:11.0806 5292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:26:11.0808 5292 Npfs - ok
19:26:11.0822 5292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:26:11.0823 5292 nsiproxy - ok
19:26:11.0892 5292 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:26:11.0919 5292 Ntfs - ok
19:26:11.0954 5292 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:26:11.0956 5292 Null - ok
19:26:12.0017 5292 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:26:12.0021 5292 nvraid - ok
19:26:12.0069 5292 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:26:12.0075 5292 nvstor - ok
19:26:12.0098 5292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:26:12.0102 5292 nv_agp - ok
19:26:12.0140 5292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:26:12.0142 5292 ohci1394 - ok
19:26:12.0192 5292 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:26:12.0195 5292 Parport - ok
19:26:12.0235 5292 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:26:12.0237 5292 partmgr - ok
19:26:12.0292 5292 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:26:12.0296 5292 pci - ok
19:26:12.0322 5292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:26:12.0325 5292 pciide - ok
19:26:12.0377 5292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:12.0382 5292 pcmcia - ok
19:26:12.0465 5292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:26:12.0468 5292 pcw - ok
19:26:12.0515 5292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:26:12.0526 5292 PEAUTH - ok
19:26:12.0681 5292 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
19:26:12.0704 5292 Point64 - ok
19:26:12.0775 5292 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:26:12.0788 5292 PptpMiniport - ok
19:26:12.0842 5292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:26:12.0845 5292 Processor - ok
19:26:12.0983 5292 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:26:12.0986 5292 Psched - ok
19:26:13.0048 5292 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:26:13.0060 5292 PxHlpa64 - ok
19:26:13.0153 5292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:26:13.0195 5292 ql2300 - ok
19:26:13.0228 5292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:26:13.0231 5292 ql40xx - ok
19:26:13.0252 5292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:26:13.0253 5292 QWAVEdrv - ok
19:26:13.0275 5292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:26:13.0277 5292 RasAcd - ok
19:26:13.0321 5292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:26:13.0324 5292 RasAgileVpn - ok
19:26:13.0375 5292 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:13.0379 5292 Rasl2tp - ok
19:26:13.0429 5292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:13.0433 5292 RasPppoe - ok
19:26:13.0476 5292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:26:13.0479 5292 RasSstp - ok
19:26:13.0519 5292 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:26:13.0526 5292 rdbss - ok
19:26:13.0638 5292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:13.0640 5292 rdpbus - ok
19:26:13.0673 5292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:13.0674 5292 RDPCDD - ok
19:26:13.0746 5292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:26:13.0747 5292 RDPENCDD - ok
19:26:13.0766 5292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:26:13.0767 5292 RDPREFMP - ok
19:26:13.0814 5292 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:26:13.0817 5292 RDPWD - ok
19:26:13.0860 5292 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:26:13.0881 5292 rdyboost - ok
19:26:14.0033 5292 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:26:14.0036 5292 RimUsb - ok
19:26:14.0185 5292 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:26:14.0199 5292 RimVSerPort - ok
19:26:14.0402 5292 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:26:14.0404 5292 ROOTMODEM - ok
19:26:14.0498 5292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:26:14.0502 5292 rspndr - ok
19:26:14.0642 5292 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
19:26:14.0648 5292 RSUSBSTOR - ok
19:26:14.0766 5292 RtsUIR - ok
19:26:14.0834 5292 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:26:14.0837 5292 sbp2port - ok
19:26:14.0879 5292 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:26:14.0881 5292 scfilter - ok
19:26:14.0994 5292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:26:14.0996 5292 secdrv - ok
19:26:15.0143 5292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:26:15.0162 5292 Serenum - ok
19:26:15.0227 5292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:26:15.0230 5292 Serial - ok
19:26:15.0297 5292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:26:15.0300 5292 sermouse - ok
19:26:15.0371 5292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:26:15.0372 5292 sffdisk - ok
19:26:15.0396 5292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:26:15.0397 5292 sffp_mmc - ok
19:26:15.0421 5292 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:26:15.0423 5292 sffp_sd - ok
19:26:15.0472 5292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:15.0475 5292 sfloppy - ok
19:26:15.0519 5292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:15.0521 5292 SiSRaid2 - ok
19:26:15.0545 5292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:15.0549 5292 SiSRaid4 - ok
19:26:15.0651 5292 SIUSBXP (50aad2a07bd8b90a8cfb4f6d7a4d165a) C:\Windows\system32\drivers\SiUSBXp.sys
19:26:15.0669 5292 SIUSBXP - ok
19:26:15.0718 5292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:26:15.0721 5292 Smb - ok
19:26:15.0907 5292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:26:15.0910 5292 spldr - ok
19:26:16.0117 5292 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601010.008\SRTSP64.SYS
19:26:16.0133 5292 SRTSP - ok
19:26:16.0295 5292 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601010.008\SRTSPX64.SYS
19:26:16.0298 5292 SRTSPX - ok
19:26:16.0429 5292 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:26:16.0446 5292 srv - ok
19:26:16.0606 5292 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:26:16.0622 5292 srv2 - ok
19:26:16.0763 5292 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:26:16.0766 5292 srvnet - ok
19:26:16.0944 5292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:26:16.0947 5292 stexstor - ok
19:26:17.0107 5292 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
19:26:17.0114 5292 STHDA - ok
19:26:17.0272 5292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:26:17.0275 5292 swenum - ok
19:26:17.0519 5292 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS
19:26:17.0526 5292 SymDS - ok
19:26:17.0696 5292 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS
19:26:17.0741 5292 SymEFA - ok
19:26:17.0890 5292 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:26:17.0895 5292 SymEvent - ok
19:26:18.0002 5292 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS
19:26:18.0022 5292 SymIRON - ok
19:26:18.0163 5292 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601010.008\SYMNETS.SYS
19:26:18.0173 5292 SymNetS - ok
19:26:18.0287 5292 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:26:18.0362 5292 Tcpip - ok
19:26:18.0565 5292 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:26:18.0584 5292 TCPIP6 - ok
19:26:18.0685 5292 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:26:18.0704 5292 tcpipreg - ok
19:26:18.0741 5292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:26:18.0743 5292 TDPIPE - ok
19:26:18.0769 5292 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:26:18.0770 5292 TDTCP - ok
19:26:18.0829 5292 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:26:18.0833 5292 tdx - ok
19:26:18.0878 5292 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:26:18.0882 5292 TermDD - ok
19:26:19.0068 5292 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:19.0082 5292 tssecsrv - ok
19:26:19.0159 5292 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:26:19.0162 5292 TsUsbFlt - ok
19:26:19.0318 5292 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:26:19.0321 5292 tunnel - ok
19:26:19.0479 5292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:26:19.0492 5292 uagp35 - ok
19:26:19.0633 5292 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:26:19.0637 5292 udfs - ok
19:26:19.0745 5292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:26:19.0747 5292 uliagpkx - ok
19:26:19.0778 5292 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:26:19.0781 5292 umbus - ok
19:26:19.0824 5292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:26:19.0826 5292 UmPass - ok
19:26:19.0980 5292 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:26:19.0984 5292 usbaudio - ok
19:26:20.0057 5292 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:20.0061 5292 usbccgp - ok
19:26:20.0187 5292 USBCCID - ok
19:26:20.0276 5292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:26:20.0279 5292 usbcir - ok
19:26:20.0419 5292 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:26:20.0422 5292 usbehci - ok
19:26:20.0583 5292 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:26:20.0590 5292 usbhub - ok
19:26:20.0745 5292 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:26:20.0756 5292 usbohci - ok
19:26:20.0905 5292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:26:20.0925 5292 usbprint - ok
19:26:21.0070 5292 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:21.0074 5292 USBSTOR - ok
19:26:21.0202 5292 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:21.0206 5292 usbuhci - ok
19:26:21.0442 5292 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:26:21.0445 5292 usb_rndisx - ok
19:26:21.0539 5292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:26:21.0543 5292 vdrvroot - ok
19:26:21.0700 5292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:21.0703 5292 vga - ok
19:26:21.0763 5292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:26:21.0765 5292 VgaSave - ok
19:26:21.0831 5292 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:26:21.0835 5292 vhdmp - ok
19:26:21.0883 5292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:26:21.0885 5292 viaide - ok
19:26:21.0929 5292 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:26:21.0931 5292 volmgr - ok
19:26:21.0975 5292 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:26:21.0979 5292 volmgrx - ok
19:26:22.0059 5292 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:26:22.0063 5292 volsnap - ok
19:26:22.0115 5292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:26:22.0132 5292 vsmraid - ok
19:26:22.0277 5292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:26:22.0278 5292 vwifibus - ok
19:26:22.0449 5292 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:26:22.0452 5292 vwififlt - ok
19:26:22.0621 5292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:26:22.0624 5292 WacomPen - ok
19:26:22.0769 5292 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:22.0773 5292 WANARP - ok
19:26:22.0781 5292 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:22.0784 5292 Wanarpv6 - ok
19:26:22.0981 5292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:26:22.0983 5292 Wd - ok
19:26:23.0044 5292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:26:23.0055 5292 Wdf01000 - ok
19:26:23.0252 5292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:23.0264 5292 WfpLwf - ok
19:26:23.0439 5292 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:26:23.0443 5292 WimFltr - ok
19:26:23.0522 5292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:26:23.0524 5292 WIMMount - ok
19:26:23.0758 5292 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:26:23.0780 5292 WinUsb - ok
19:26:23.0978 5292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:26:23.0981 5292 WmiAcpi - ok
19:26:24.0175 5292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:26:24.0175 5292 ws2ifsl - ok
19:26:24.0347 5292 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:26:24.0347 5292 WudfPf - ok
19:26:24.0519 5292 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:24.0519 5292 WUDFRd - ok
19:26:24.0721 5292 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
19:26:24.0737 5292 xusb21 - ok
19:26:24.0924 5292 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
19:26:24.0940 5292 yukonw7 - ok
19:26:25.0018 5292 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:26:25.0096 5292 \Device\Harddisk0\DR0 - ok
19:26:25.0096 5292 Boot (0x1200) (4ee997aa9b723700cd95d4552246b985) \Device\Harddisk0\DR0\Partition0
19:26:25.0096 5292 \Device\Harddisk0\DR0\Partition0 - ok
19:26:25.0111 5292 Boot (0x1200) (341a60996715548bdf789d1fdb3ecc64) \Device\Harddisk0\DR0\Partition1
19:26:25.0127 5292 \Device\Harddisk0\DR0\Partition1 - ok
19:26:25.0127 5292 ============================================================
19:26:25.0127 5292 Scan finished
19:26:25.0127 5292 ============================================================
19:26:25.0143 5128 Detected object count: 0
19:26:25.0143 5128 Actual detected object count: 0
Back to top
View user's profile Send private message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Tue Mar 13, 2012 3:48 pm    Post subject: Reply with quote

OTL txt

OTL logfile created on: 3/13/2012 7:29:19 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Rob and Jenn Laptop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.01% Memory free
7.92 Gb Paging File | 5.78 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 351.15 Gb Free Space | 77.85% Space Free | Partition Type: NTFS

Computer Name: ROBANDJENNLAPTO | User Name: Rob and Jenn Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/13 19:24:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Jenn Laptop\Desktop\OTL.exe
PRC - [2012/03/07 02:43:16 | 000,066,480 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2012/03/07 02:43:16 | 000,043,952 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccsvchst.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/09/30 17:51:58 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/30 17:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2010/09/30 11:52:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 05:21:42 | 000,429,040 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 05:21:41 | 003,772,912 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 05:20:17 | 000,122,880 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 05:20:16 | 000,220,672 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 05:20:15 | 001,747,456 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/10 01:56:11 | 008,593,056 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2012/02/29 04:05:56 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Raptr\easyhook32.dll
MOD - [2012/02/17 13:53:28 | 000,494,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012/02/17 13:53:24 | 001,661,952 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2012/02/17 13:53:20 | 000,313,856 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012/02/17 13:53:06 | 005,809,664 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2012/02/17 13:52:26 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2012/02/16 04:53:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/16 04:43:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 04:43:10 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/16 04:42:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 04:42:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 04:42:42 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/16 04:42:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 04:42:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:42:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 04:42:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/20 22:20:46 | 001,949,696 | ---- | M] () -- C:\Program Files (x86)\Raptr\libtorrent.pyd
MOD - [2011/10/24 14:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2011/10/13 03:45:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/09/08 19:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2011/09/08 19:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2011/09/08 19:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2011/09/08 19:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2011/09/08 19:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2011/09/08 19:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2011/09/08 19:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2011/09/08 19:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2011/09/08 19:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2011/09/08 19:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2011/09/08 19:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2011/09/08 19:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/02/15 14:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 14:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/22 19:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 18:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 18:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 18:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 18:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 18:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 18:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 18:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll
MOD - [2010/11/22 18:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 18:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 18:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 18:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 18:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 18:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 18:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 18:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 18:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 18:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2010/09/30 17:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2010/09/30 17:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2010/09/30 17:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2010/09/30 17:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2010/09/30 17:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2010/09/30 17:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/26 03:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe -- (N360)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/11/05 12:14:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/30 11:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/09 07:22:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/11/23 22:23:47 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 21:50:27 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 21:50:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 23:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 23:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 19:59:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/08/16 02:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/15 14:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/26 03:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2009/11/07 00:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/23 20:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 17:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2007/04/03 14:59:42 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/13 18:55:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120313.002\ex64.sys -- (NAVEX15)
DRV - [2012/03/13 18:55:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120313.002\eng64.sys -- (NAVENG)
DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120313.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 14:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/04 08:47:33 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 08:47:33 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6BA4461-1BB5-415E-8097-380EFD998974}
IE:64bit: - HKLM\..\SearchScopes\{D6BA4461-1BB5-415E-8097-380EFD998974}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D1FCA463-6B6F-49D5-919F-E3C3FF6EABE6}
IE - HKLM\..\SearchScopes\{D1FCA463-6B6F-49D5-919F-E3C3FF6EABE6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes,DefaultScope = {FDD41D0F-C000-498D-B6C9-DCCF9F75E193}
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QK&apn_dtid=YYYYYYSBUS&apn_uid=26978B33-A544-4EF9-B92F-916D3D26F820&apn_sauid=71376FC1-7316-4ABB-B706-88C3A01D65FC
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{3BB8F21C-C6D6-4509-926E-6D78C63CD2A2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{FDD41D0F-C000-498D-B6C9-DCCF9F75E193}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS405
IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://dell.msn.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/27 04:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/02/16 04:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/03/11 09:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/22 07:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 08:47:46 | 000,000,000 | ---D | M]

[2011/06/23 21:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Jenn Laptop\AppData\Roaming\Mozilla\Extensions
[2011/06/23 21:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob and Jenn Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\o2u7h9qg.default\extensions
[2011/05/22 10:43:20 | 000,002,469 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\o2u7h9qg.default\searchplugins\safesearch.xml
[2012/02/27 07:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/17 22:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/27 07:33:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_5_1
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/02/27 07:33:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/24 18:55:10 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\npcoplgn.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Cloud Reader = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: Entangled = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmlpbnnclhgkhndeejjjbacfdndlcdf\1.3.1_0\
CHR - Extension: VUDU Movies = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib\2.0.0.2_0\
CHR - Extension: TweetDeck = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.1.3_0\
CHR - Extension: Creatures & Castles = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: Minimal = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: World of Solitaire = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Lord of Ultima = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.11_0\
CHR - Extension: Little Alchemy = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Google Mail Checker = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\
CHR - Extension: nakshArt = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nokjljgckfgpljgkcfpafigncddfhooj\0.5_0\
CHR - Extension: WordPress.com Extension = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbfhcegldppmibabepjfjloachnmjb\1.0.0.5_0\
CHR - Extension: Canvas Rider = C:\Users\Rob and Jenn Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D167C8E5-9FE8-4DA9-9E0F-EC2DBDAD54EB}: DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE058ECD-76D9-4F98-91AA-A0FBD02E255F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 19:24:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Rob and Jenn Laptop\Desktop\OTL.exe
[2012/03/13 19:24:09 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob and Jenn Laptop\Desktop\tdsskiller.exe
[2012/03/12 12:03:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob and Jenn Laptop\Desktop\dds.scr
[2012/03/12 11:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\Desktop\PSX
[2012/03/11 20:00:46 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\Desktop\Tax Class
[2012/03/11 09:11:46 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/03/07 22:02:45 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\Desktop\MLB
[2012/02/27 07:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/27 07:33:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/27 07:33:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/27 07:33:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/27 07:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/18 18:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\{C4EB696E-E089-42B0-A683-39307FD5E979}
[2012/02/18 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\{62086673-78DE-4A8E-B2A3-288A8E0A0085}
[2012/02/18 16:26:43 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\Documents\Dungeons and Dragons Online
[2012/02/18 16:22:10 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\Turbine
[2012/02/18 16:19:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/02/18 16:19:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/02/18 16:19:24 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/02/18 16:18:18 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\ApplicationHistory
[2012/02/18 16:16:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/02/18 15:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012/02/18 09:13:55 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\PMB Files
[2012/02/18 09:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/02/18 09:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/02/15 20:41:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 20:41:13 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 20:41:13 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 20:41:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 20:40:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 20:40:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 20:40:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 20:40:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 20:40:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 20:40:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 20:40:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rob and Jenn Laptop\Desktop\*.tmp files -> C:\Users\Rob and Jenn Laptop\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/13 19:35:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 19:34:03 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1097779511-2243244643-2129601238-1001UA.job
[2012/03/13 19:24:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rob and Jenn Laptop\Desktop\OTL.exe
[2012/03/13 19:24:13 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob and Jenn Laptop\Desktop\tdsskiller.exe
[2012/03/13 19:23:11 | 000,001,070 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\World of Warcraft.lnk
[2012/03/13 19:07:05 | 002,067,969 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\Cat.DB
[2012/03/13 19:05:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1097779511-2243244643-2129601238-1001Core.job
[2012/03/13 18:55:54 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 18:55:12 | 000,008,727 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\VT20120301.009
[2012/03/13 18:54:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/13 18:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 13:46:44 | 000,002,192 | ---- | M] () -- C:\{BF0BD245-DBF1-47C2-A120-0572851ED0ED}
[2012/03/12 12:03:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob and Jenn Laptop\Desktop\dds.scr
[2012/03/12 11:45:59 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\zlib1.dll
[2012/03/11 20:00:14 | 000,008,438 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\unit 1.abw
[2012/03/11 10:21:21 | 000,740,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/11 10:21:21 | 000,633,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/11 10:21:21 | 000,110,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/11 09:26:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 09:26:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 09:18:31 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/11 09:18:02 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/11 09:17:53 | 000,380,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/11 09:17:17 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 07:22:18 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/09 07:22:18 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/09 07:22:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/09 00:00:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2012/03/06 15:17:31 | 000,002,224 | ---- | M] () -- C:\{ED930B2C-9F2B-4A9B-84D9-003DB07A1379}
[2012/03/06 10:22:27 | 000,002,192 | ---- | M] () -- C:\{94162F76-A991-4314-BDBC-B1A033731069}
[2012/03/06 09:02:06 | 000,002,450 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\EverQuest II.lnk
[2012/03/05 09:09:15 | 034,591,897 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\1111221677_287016.zip
[2012/03/04 18:07:45 | 001,737,286 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\Mass Comm tests.pdf
[2012/03/04 08:50:40 | 000,011,569 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\Desktop\unit 6.abw
[2012/03/04 04:00:20 | 000,002,192 | ---- | M] () -- C:\{6FA9B38E-CAC1-4DFE-8004-CE5C01EA0E9A}
[2012/03/03 12:55:18 | 000,002,192 | ---- | M] () -- C:\{DB78A121-09D8-4EF4-9449-3FD91251413A}
[2012/02/28 22:31:17 | 000,002,192 | ---- | M] () -- C:\{954F34CE-C3CA-4259-9173-146DDEFCE9BA}
[2012/02/28 05:18:26 | 000,002,192 | ---- | M] () -- C:\{F6853D4D-A17D-4EA2-ABD0-CFA9BA25C3E7}
[2012/02/27 23:43:56 | 000,002,192 | ---- | M] () -- C:\{727EBA63-6122-447A-9841-837EEFD713E5}
[2012/02/27 22:33:45 | 000,002,192 | ---- | M] () -- C:\{E2086015-2159-4205-8730-6A0EE26B658E}
[2012/02/27 07:33:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/27 07:33:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/27 07:33:22 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/27 07:33:22 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/26 23:05:30 | 000,002,192 | ---- | M] () -- C:\{2F217F41-42A7-4D73-8AB3-3B88A0D7A755}
[2012/02/25 04:44:58 | 000,002,192 | ---- | M] () -- C:\{49DEC692-D4AE-4F49-9F86-8ADA9513D175}
[2012/02/25 02:27:11 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\isolate.ini
[2012/02/24 14:42:35 | 000,002,192 | ---- | M] () -- C:\{EDD0F27C-6C57-482F-A11A-CA7BBCFE535F}
[2012/02/24 10:34:10 | 000,002,192 | ---- | M] () -- C:\{1BF1B140-8A8B-46C2-BE0A-F21647711758}
[2012/02/23 21:18:43 | 000,002,192 | ---- | M] () -- C:\{47589F61-CC06-4930-B05E-D3DB78B01BF4}
[2012/02/23 20:21:22 | 000,002,112 | ---- | M] () -- C:\{9982F860-3F91-46FD-A749-5B38AC0FA363}
[2012/02/22 23:38:34 | 000,002,120 | ---- | M] () -- C:\{B12481B0-9A1F-4E32-B11B-AF4122AD3445}
[2012/02/22 23:35:00 | 000,002,112 | ---- | M] () -- C:\{05F29A8E-BB7B-4AD1-8B10-98E71560DE94}
[2012/02/22 21:53:12 | 000,002,192 | ---- | M] () -- C:\{A3B14CD8-8A6A-4DAE-BFCA-FFEBDE1BC64E}
[2012/02/20 22:01:12 | 000,002,384 | ---- | M] () -- C:\{5F64B25A-0A52-48D5-A007-C168CA297EA8}
[2012/02/20 16:59:27 | 000,002,384 | ---- | M] () -- C:\{5620BFAB-A429-4D73-90D2-C4C681C01782}
[2012/02/20 08:44:14 | 000,002,384 | ---- | M] () -- C:\{6BF8E1CA-D7C0-4CDF-ACD6-95ABC6EACB90}
[2012/02/19 11:59:03 | 000,002,368 | ---- | M] () -- C:\{DE092606-6335-45C0-81C9-D423FFFB2CD1}
[2012/02/19 11:57:26 | 000,002,384 | ---- | M] () -- C:\{96FB1F73-E52C-4E4D-8066-E5D1F8846BEE}
[2012/02/18 16:22:13 | 000,000,107 | ---- | M] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\fusioncache.dat
[2012/02/18 16:18:05 | 000,756,526 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/18 13:15:12 | 000,003,248 | ---- | M] () -- C:\{92486466-CECC-4687-8117-9B8DE8AB8029}
[2012/02/16 07:22:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rob and Jenn Laptop\Desktop\*.tmp files -> C:\Users\Rob and Jenn Laptop\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 13:46:43 | 000,002,192 | ---- | C] () -- C:\{BF0BD245-DBF1-47C2-A120-0572851ED0ED}
[2012/03/12 11:45:59 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/03/11 20:00:14 | 000,008,438 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\Desktop\unit 1.abw
[2012/03/11 09:18:31 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/06 15:17:30 | 000,002,224 | ---- | C] () -- C:\{ED930B2C-9F2B-4A9B-84D9-003DB07A1379}
[2012/03/06 10:22:27 | 000,002,192 | ---- | C] () -- C:\{94162F76-A991-4314-BDBC-B1A033731069}
[2012/03/06 09:02:06 | 000,002,480 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest II.lnk
[2012/03/06 09:02:06 | 000,002,450 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\Desktop\EverQuest II.lnk
[2012/03/05 09:08:59 | 034,591,897 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\Desktop\1111221677_287016.zip
[2012/03/04 18:07:44 | 001,737,286 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\Desktop\Mass Comm tests.pdf
[2012/03/04 08:50:40 | 000,011,569 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\Desktop\unit 6.abw
[2012/03/04 04:00:19 | 000,002,192 | ---- | C] () -- C:\{6FA9B38E-CAC1-4DFE-8004-CE5C01EA0E9A}
[2012/03/03 12:55:18 | 000,002,192 | ---- | C] () -- C:\{DB78A121-09D8-4EF4-9449-3FD91251413A}
[2012/02/28 22:31:17 | 000,002,192 | ---- | C] () -- C:\{954F34CE-C3CA-4259-9173-146DDEFCE9BA}
[2012/02/28 05:18:26 | 000,002,192 | ---- | C] () -- C:\{F6853D4D-A17D-4EA2-ABD0-CFA9BA25C3E7}
[2012/02/27 23:43:56 | 000,002,192 | ---- | C] () -- C:\{727EBA63-6122-447A-9841-837EEFD713E5}
[2012/02/27 22:33:45 | 000,002,192 | ---- | C] () -- C:\{E2086015-2159-4205-8730-6A0EE26B658E}
[2012/02/26 23:05:30 | 000,002,192 | ---- | C] () -- C:\{2F217F41-42A7-4D73-8AB3-3B88A0D7A755}
[2012/02/25 04:44:57 | 000,002,192 | ---- | C] () -- C:\{49DEC692-D4AE-4F49-9F86-8ADA9513D175}
[2012/02/24 14:42:35 | 000,002,192 | ---- | C] () -- C:\{EDD0F27C-6C57-482F-A11A-CA7BBCFE535F}
[2012/02/24 10:34:09 | 000,002,192 | ---- | C] () -- C:\{1BF1B140-8A8B-46C2-BE0A-F21647711758}
[2012/02/23 21:18:42 | 000,002,192 | ---- | C] () -- C:\{47589F61-CC06-4930-B05E-D3DB78B01BF4}
[2012/02/23 20:21:21 | 000,002,112 | ---- | C] () -- C:\{9982F860-3F91-46FD-A749-5B38AC0FA363}
[2012/02/22 23:38:33 | 000,002,120 | ---- | C] () -- C:\{B12481B0-9A1F-4E32-B11B-AF4122AD3445}
[2012/02/22 23:34:59 | 000,002,112 | ---- | C] () -- C:\{05F29A8E-BB7B-4AD1-8B10-98E71560DE94}
[2012/02/22 21:53:11 | 000,002,192 | ---- | C] () -- C:\{A3B14CD8-8A6A-4DAE-BFCA-FFEBDE1BC64E}
[2012/02/20 22:01:11 | 000,002,384 | ---- | C] () -- C:\{5F64B25A-0A52-48D5-A007-C168CA297EA8}
[2012/02/20 16:59:26 | 000,002,384 | ---- | C] () -- C:\{5620BFAB-A429-4D73-90D2-C4C681C01782}
[2012/02/20 08:44:14 | 000,002,384 | ---- | C] () -- C:\{6BF8E1CA-D7C0-4CDF-ACD6-95ABC6EACB90}
[2012/02/19 11:59:02 | 000,002,368 | ---- | C] () -- C:\{DE092606-6335-45C0-81C9-D423FFFB2CD1}
[2012/02/19 11:57:25 | 000,002,384 | ---- | C] () -- C:\{96FB1F73-E52C-4E4D-8066-E5D1F8846BEE}
[2012/02/18 16:22:13 | 000,000,107 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\fusioncache.dat
[2012/02/18 13:15:08 | 000,003,248 | ---- | C] () -- C:\{92486466-CECC-4687-8117-9B8DE8AB8029}
[2012/01/30 22:33:10 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.I
Back to top
View user's profile Send private message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Tue Mar 13, 2012 3:48 pm    Post subject: Reply with quote

C:\Windows\VaultMediaClient.INI
[2012/01/30 22:33:07 | 000,213,187 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\AppData\Roaming\MMUpgrade.jpg
[2011/07/09 07:05:17 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/05/08 11:52:22 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/08 11:52:22 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/04 09:55:39 | 000,007,601 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\Resmon.ResmonCfg
[2010/12/06 22:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/27 19:42:22 | 000,756,526 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/21 19:10:37 | 000,092,672 | ---- | C] () -- C:\Users\Rob and Jenn Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 11:06:05 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx151ic.ini
[2010/09/25 18:54:40 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/09/25 18:54:40 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/09/25 18:54:40 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/09/25 18:54:39 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

< End of report >





Extras

OTL Extras logfile created on: 3/13/2012 7:29:19 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Rob and Jenn Laptop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.01% Memory free
7.92 Gb Paging File | 5.78 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 351.15 Gb Free Space | 77.85% Space Free | Partition Type: NTFS

Computer Name: ROBANDJENNLAPTO | User Name: Rob and Jenn Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Dell Support Center" = Dell Support Center
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless 1515 Driver Installation
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{D2BDE71B-4622-418D-8B39-118D987B5D80}" = LeapFrog MyOwnLeaptop Plugin
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Dell Dock" = Dell Dock
"GoToAssist" = GoToAssist 8.0.0.514
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MyTomTom" = MyTomTom 3.0.2.286
"N360" = Norton 360
"Raptr" = Raptr
"UPCShell" = LeapFrog Connect
"Verizon Media Manager" = Verizon Media Manager
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
"WriteWay1.9.2" = WriteWay

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"SOE-EverQuest II" = EverQuest II
"SOE-EverQuest II Extended" = EverQuest II Extended
"SOE-EverQuest II Streaming" = EverQuest II

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/29/2012 8:40:17 PM | Computer Name = RobandJennLapto | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/29/2012 8:40:17 PM | Computer Name = RobandJennLapto | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/3/2012 8:09:00 AM | Computer Name = RobandJennLapto | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1454 Start
Time: 01ccf933543a8d6c Termination Time: 0 Application Path: C:\Users\Rob and Jenn
Laptop\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: 9558057a-6529-11e1-8c33-f04da2a69138


Error - 3/3/2012 10:55:41 PM | Computer Name = RobandJennLapto | Source = Application Error | ID = 1000
Description = Faulting application name: soffice.bin, version: 3.3.9556.500, time
stamp: 0x4d061efd Faulting module name: svlmi.dll, version: 3.3.9556.500, time stamp:
0x4d73a62a Exception code: 0xc0000005 Fault offset: 0x00025dbe Faulting process id:
0x1288 Faulting application start time: 0x01ccf9b243281e95 Faulting application path:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Faulting module path:
C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll Report Id: 872aac2e-65a5-11e1-8c33-f04da2a69138

Error - 3/9/2012 7:39:54 AM | Computer Name = RobandJennLapto | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.78 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1780 Start
Time: 01ccfde739a074e7 Termination Time: 0 Application Path: C:\Users\Rob and Jenn
Laptop\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: 80e386e6-69dc-11e1-8c33-f04da2a69138


Error - 3/11/2012 8:51:31 AM | Computer Name = RobandJennLapto | Source = VSS | ID = 8193
Description =

Error - 3/11/2012 9:03:17 AM | Computer Name = RobandJennLapto | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 3/11/2012 9:20:56 AM | Computer Name = RobandJennLapto | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/11/2012 9:20:56 AM | Computer Name = RobandJennLapto | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/11/2012 9:20:56 AM | Computer Name = RobandJennLapto | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ Dell Events ]
Error - 11/10/2010 8:36:07 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/13/2010 8:10:34 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/13/2010 8:10:34 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/21/2010 7:09:21 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/21/2010 7:09:21 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/10/2010 7:35:28 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/10/2010 7:35:28 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2011 6:57:44 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/9/2011 6:57:44 PM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/13/2011 6:22:16 AM | Computer Name = RobandJennLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 12/31/2010 7:34:33 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 6:34:32 AM - Error connecting to the internet. 6:34:32 AM - Unable
to contact server..

Error - 1/11/2011 4:28:58 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 3:28:57 AM - Error connecting to the internet. 3:28:58 AM - Unable
to contact server..

Error - 1/11/2011 4:29:42 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 3:29:27 AM - Error connecting to the internet. 3:29:27 AM - Unable
to contact server..

Error - 1/11/2011 5:30:14 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 4:30:14 AM - Error connecting to the internet. 4:30:14 AM - Unable
to contact server..

Error - 1/11/2011 5:30:44 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 4:30:43 AM - Error connecting to the internet. 4:30:43 AM - Unable
to contact server..

Error - 1/11/2011 6:31:16 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 5:31:16 AM - Error connecting to the internet. 5:31:16 AM - Unable
to contact server..

Error - 1/11/2011 6:31:46 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 5:31:45 AM - Error connecting to the internet. 5:31:45 AM - Unable
to contact server..

Error - 1/11/2011 7:32:18 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 6:32:18 AM - Error connecting to the internet. 6:32:18 AM - Unable
to contact server..

Error - 1/11/2011 7:32:48 AM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 6:32:47 AM - Error connecting to the internet. 6:32:47 AM - Unable
to contact server..

Error - 2/16/2011 4:03:40 PM | Computer Name = RobandJennLapto | Source = MCUpdate | ID = 0
Description = 3:02:34 PM - Error connecting to the internet. 3:02:34 PM - Unable
to contact server..

[ System Events ]
Error - 7/22/2011 5:55:36 PM | Computer Name = RobandJennLapto | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Peer Networking Identity Manager
service, but this action failed with the following error: %%1056

Error - 7/23/2011 10:50:04 AM | Computer Name = RobandJennLapto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:48:09 AM on ?7/?23/?2011 was unexpected.

Error - 7/23/2011 11:38:07 AM | Computer Name = RobandJennLapto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:15:06 AM on ?7/?23/?2011 was unexpected.

Error - 7/29/2011 12:20:47 AM | Computer Name = RobandJennLapto | Source = DCOM | ID = 10010
Description =

Error - 8/3/2011 5:50:45 PM | Computer Name = RobandJennLapto | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:41 PM on ?8/?3/?2011 was unexpected.

Error - 8/5/2011 6:16:51 PM | Computer Name = RobandJennLapto | Source = BROWSER | ID = 8032
Description =

Error - 8/7/2011 12:24:50 PM | Computer Name = RobandJennLapto | Source = BROWSER | ID = 8032
Description =

Error - 8/8/2011 7:15:17 PM | Computer Name = RobandJennLapto | Source = BROWSER | ID = 8032
Description =

Error - 8/11/2011 3:38:42 AM | Computer Name = RobandJennLapto | Source = Service Control Manager | ID = 7022
Description = The Windows Font Cache Service service hung on starting.

Error - 8/15/2011 5:54:46 PM | Computer Name = RobandJennLapto | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IHA_MessageCenter service.


< End of report >
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Wed Mar 14, 2012 3:00 am    Post subject: Reply with quote

Hi,
Quote:
Thank you for taking your time to help Cypher. It is appreciated.

No problem you're welcome, please continue with the instructions below.

Create new System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&
    IE - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1097779511-2243244643-2129601238-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    [2012/02/18 18:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\{C4EB696E-E089-42B0-A683-39307FD5E979}
    [2012/02/18 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Rob and Jenn Laptop\AppData\Local\{62086673-78DE-4A8E-B2A3-288A8E0A0085}
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Rob and Jenn Laptop\Desktop\*.tmp files -> C:\Users\Rob and Jenn Laptop\Desktop\*.tmp -> ]
    [2012/03/09 00:00:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Regwork.job
    [2012/03/04 04:00:20 | 000,002,192 | ---- | M] () -- C:\{6FA9B38E-CAC1-4DFE-8004-CE5C01EA0E9A}
    [2012/03/03 12:55:18 | 000,002,192 | ---- | M] () -- C:\{DB78A121-09D8-4EF4-9449-3FD91251413A}
    [2012/02/28 22:31:17 | 000,002,192 | ---- | M] () -- C:\{954F34CE-C3CA-4259-9173-146DDEFCE9BA}
    [2012/02/28 05:18:26 | 000,002,192 | ---- | M] () -- C:\{F6853D4D-A17D-4EA2-ABD0-CFA9BA25C3E7}
    [2012/02/27 23:43:56 | 000,002,192 | ---- | M] () -- C:\{727EBA63-6122-447A-9841-837EEFD713E5}
    [2012/02/27 22:33:45 | 000,002,192 | ---- | M] () -- C:\{E2086015-2159-4205-8730-6A0EE26B658E}
    [2012/02/26 23:05:30 | 000,002,192 | ---- | M] () -- C:\{2F217F41-42A7-4D73-8AB3-3B88A0D7A755}
    [2012/02/25 04:44:58 | 000,002,192 | ---- | M] () -- C:\{49DEC692-D4AE-4F49-9F86-8ADA9513D175}
    [2012/02/24 14:42:35 | 000,002,192 | ---- | M] () -- C:\{EDD0F27C-6C57-482F-A11A-CA7BBCFE535F}
    [2012/02/24 10:34:10 | 000,002,192 | ---- | M] () -- C:\{1BF1B140-8A8B-46C2-BE0A-F21647711758}
    [2012/02/23 21:18:43 | 000,002,192 | ---- | M] () -- C:\{47589F61-CC06-4930-B05E-D3DB78B01BF4}
    [2012/02/23 20:21:22 | 000,002,112 | ---- | M] () -- C:\{9982F860-3F91-46FD-A749-5B38AC0FA363}
    [2012/02/22 23:38:34 | 000,002,120 | ---- | M] () -- C:\{B12481B0-9A1F-4E32-B11B-AF4122AD3445}
    [2012/02/22 23:35:00 | 000,002,112 | ---- | M] () -- C:\{05F29A8E-BB7B-4AD1-8B10-98E71560DE94}
    [2012/02/22 21:53:12 | 000,002,192 | ---- | M] () -- C:\{A3B14CD8-8A6A-4DAE-BFCA-FFEBDE1BC64E}
    [2012/02/20 22:01:12 | 000,002,384 | ---- | M] () -- C:\{5F64B25A-0A52-48D5-A007-C168CA297EA8}
    [2012/02/20 16:59:27 | 000,002,384 | ---- | M] () -- C:\{5620BFAB-A429-4D73-90D2-C4C681C01782}
    [2012/02/20 08:44:14 | 000,002,384 | ---- | M] () -- C:\{6BF8E1CA-D7C0-4CDF-ACD6-95ABC6EACB90}
    [2012/02/19 11:59:03 | 000,002,368 | ---- | M] () -- C:\{DE092606-6335-45C0-81C9-D423FFFB2CD1}
    [2012/02/19 11:57:26 | 000,002,384 | ---- | M] () -- C:\{96FB1F73-E52C-4E4D-8066-E5D1F8846BEE}

    :files
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • OTL fix log.
  • ESET log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Wed Mar 14, 2012 3:38 pm    Post subject: Reply with quote

OTL Log after reboot


All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1097779511-2243244643-2129601238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Rob and Jenn Laptop\AppData\Local\{C4EB696E-E089-42B0-A683-39307FD5E979} folder moved successfully.
C:\Users\Rob and Jenn Laptop\AppData\Local\{62086673-78DE-4A8E-B2A3-288A8E0A0085} folder moved successfully.
C:\Windows\SysNative\ctapo64.tmp deleted successfully.
C:\Windows\SysNative\stapo64.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Rob and Jenn Laptop\Desktop\~WRL0003.tmp deleted successfully.
C:\Windows\Tasks\Regwork.job moved successfully.
C:\{6FA9B38E-CAC1-4DFE-8004-CE5C01EA0E9A} moved successfully.
C:\{DB78A121-09D8-4EF4-9449-3FD91251413A} moved successfully.
C:\{954F34CE-C3CA-4259-9173-146DDEFCE9BA} moved successfully.
C:\{F6853D4D-A17D-4EA2-ABD0-CFA9BA25C3E7} moved successfully.
C:\{727EBA63-6122-447A-9841-837EEFD713E5} moved successfully.
C:\{E2086015-2159-4205-8730-6A0EE26B658E} moved successfully.
C:\{2F217F41-42A7-4D73-8AB3-3B88A0D7A755} moved successfully.
C:\{49DEC692-D4AE-4F49-9F86-8ADA9513D175} moved successfully.
C:\{EDD0F27C-6C57-482F-A11A-CA7BBCFE535F} moved successfully.
C:\{1BF1B140-8A8B-46C2-BE0A-F21647711758} moved successfully.
C:\{47589F61-CC06-4930-B05E-D3DB78B01BF4} moved successfully.
C:\{9982F860-3F91-46FD-A749-5B38AC0FA363} moved successfully.
C:\{B12481B0-9A1F-4E32-B11B-AF4122AD3445} moved successfully.
C:\{05F29A8E-BB7B-4AD1-8B10-98E71560DE94} moved successfully.
C:\{A3B14CD8-8A6A-4DAE-BFCA-FFEBDE1BC64E} moved successfully.
C:\{5F64B25A-0A52-48D5-A007-C168CA297EA8} moved successfully.
C:\{5620BFAB-A429-4D73-90D2-C4C681C01782} moved successfully.
C:\{6BF8E1CA-D7C0-4CDF-ACD6-95ABC6EACB90} moved successfully.
C:\{DE092606-6335-45C0-81C9-D423FFFB2CD1} moved successfully.
C:\{96FB1F73-E52C-4E4D-8066-E5D1F8846BEE} moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rob and Jenn Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Rob and Jenn Laptop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rob and Jenn Laptop
->Flash cache emptied: 284312 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rob and Jenn Laptop
->Temp folder emptied: 4606338 bytes
->Temporary Internet Files folder emptied: 180428621 bytes
->Java cache emptied: 12856545 bytes
->FireFox cache emptied: 51649810 bytes
->Google Chrome cache emptied: 417575669 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2584550 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 6438462553 bytes

Total Files Cleaned = 6,779.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Rob and Jenn Laptop
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.36.3 log created on 03142012_191109

Files\Folders moved on Reboot...
C:\Users\Rob and Jenn Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Headbanger78
Newbie


Joined: 29 Oct 2011
Last Visit: 14 Mar 2012
Posts: 9

PostPosted: Wed Mar 14, 2012 4:55 pm    Post subject: Reply with quote

Will post ESET scan asap.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Thu Mar 15, 2012 3:01 am    Post subject: Reply with quote

Headbanger78 wrote:
Will post ESET scan asap.

No problem, post the results of the ESET scan when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Sun Mar 18, 2012 3:39 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group