TechSpot

0i763f66bz.exe

Solved
By multcomedic
Jun 25, 2012
  1. I have found the about file on my computer and have been unable to remove it. I have began to have problems such as error pop ups regarding windows 7 not being genuine and the check disc utility running on start up but always failing and cycling back unless I skip it. Does anyone have a fix? I have not been able to find a whole lot on this file using google or help from Mcafee other than a few listing in spanish.
  2. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    I've also ran through the 5 steps and was unable to get GMER to run and dds to download. Here is the Malware log.
    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.25.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Shanahan Family :: SHANAHANFAMILY [administrator]

    Protection: Disabled

    6/25/2012 1:49:58 AM
    mbam-log-2012-06-25 (01-49-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233151
    Time elapsed: 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    I managed to GMER running and obtained the following log. Still unable to get DDS to download.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-25 02:20:50
    Windows 6.1.7601 Service Pack 1
    Running: ffoxi9z6.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\aa4c16f84acedb9.sys (*** hidden *** ) [BOOT] aa4c16f84acedb9 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
  4. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    Got DDS to work.
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
    Run by Shanahan Family at 2:46:48 on 2012-06-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.3423 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
    C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
    C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    C:\Users\Shanahan Family\0i763f66bz.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
    C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
    C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
    C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
    C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
    C:\Windows\Explorer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [0i763f66bz] C:\Users\Shanahan Family\0i763f66bz.exe
    uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex
    mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
    mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
    mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{A9617A1D-E405-4F40-AE53-680196DD5D5C} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{FA0F4E18-98EA-46C9-A4C3-E8D426408D8A} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    BHO-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    BHO-X64: SmileBox EN - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
    mRun-x64: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
    mRun-x64: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    IE-X64: {DFA963BD-D1F9-4E94-855E-65CD528E7A03} - http://qwest.live.com
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-21 98208]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2012-2-21 135168]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-3-31 77984]
    R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2012-2-21 98304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2012-2-21 176128]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-21 1692480]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-21 2656280]
    R3 DCDhcpService;DCDhcpService;C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [2012-2-21 100352]
    S2 0198421340566558mcinstcleanup;McAfee Application Installer Cleanup (0198421340566558);C:\Windows\TEMP\019842~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\019842~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-25 654408]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S2 McShield;McAfee McShield;"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [?]
    S2 mfefire;McAfee Firewall Core Service;"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
    S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-21 224704]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-25 08:38:24--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
    2012-06-25 08:38:1724904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-06-25 08:38:17--------d-----w-C:\ProgramData\Malwarebytes
    2012-06-25 08:38:17--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 03:11:05--------d-----w-C:\UBCD4Win
    2012-06-25 03:05:37--------d-sh--w-C:\$RECYCLE.BIN
    2012-06-25 03:00:41--------d-----w-C:\Program Files (x86)\Windows Resource Kits
    2012-06-24 17:40:1798816----a-w-C:\Windows\sed.exe
    2012-06-24 17:40:17518144----a-w-C:\Windows\SWREG.exe
    2012-06-24 17:40:17256000----a-w-C:\Windows\PEV.exe
    2012-06-24 17:40:17208896----a-w-C:\Windows\MBR.exe
    2012-06-23 18:48:20--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\McAfee
    2012-06-22 00:12:232622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-22 00:12:1499840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-22 00:12:0536864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-22 00:12:05186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-13 18:36:009216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 18:36:0077312----a-w-C:\Windows\System32\rdpwsx.dll
    2012-06-13 18:36:00149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 18:35:36209920----a-w-C:\Windows\System32\profsvc.dll
    2012-06-13 18:35:343968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 18:35:343913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 18:35:293216384----a-w-C:\Windows\System32\msi.dll
    2012-06-13 18:35:292342400----a-w-C:\Windows\SysWow64\msi.dll
    2012-06-13 18:35:22184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-06-13 18:35:221462272----a-w-C:\Windows\System32\crypt32.dll
    2012-06-13 18:35:22140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-06-13 18:35:221158656----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-06-13 18:35:21140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 18:35:21103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-05-31 14:37:12--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
    2012-05-31 14:37:10--------d-----w-C:\Windows\Hewlett-Packard
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 2:47:09.39 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/21/2012 10:42:43 PM
    System Uptime: 6/25/2012 1:58:42 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0VFV2M
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 909 GiB total, 824.992 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: McAfee Inc. mfewfpk
    Device ID: ROOT\LEGACY_MFEWFPK\0000
    Manufacturer:
    Name: McAfee Inc. mfewfpk
    PNP Device ID: ROOT\LEGACY_MFEWFPK\0000
    Service: mfewfpk
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: McAfee Inc. mfehidk
    Device ID: ROOT\LEGACY_MFEHIDK\0000
    Manufacturer:
    Name: McAfee Inc. mfehidk
    PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
    Service: mfehidk
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Accidental Damage Services Agreement
    Adobe AIR
    Adobe Community Help
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X (10.1.3) MUI
    Advanced Audio FX Engine
    AIO_Scan
    Apple Application Support
    Apple Software Update
    Atheros Direct Connect
    Blio
    BufferChm
    C4200
    c4200_Help
    CIR Registry
    Cisco WebEx Meetings
    Consumer In-Home Service Agreement
    Copy
    Cozi
    CyberLink YouPaint
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Bluetooth Installation
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell KM632 Wireless Keyboard Caps Lock Indicator
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell Touch Software Suite Games
    Dell VideoStage
    Dell Webcam Central
    DELLOSD
    Destinations
    DeviceDiscovery
    DirectX 9 Runtime
    DocProc
    Elements 9 Organizer
    Elements STI Installer
    First Thousand Words
    Google Calendar Sync
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.0.0
    High-Definition Video Playback
    HP Product Detection
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 7 Update 3
    JavaFX 2.0.3
    Junk Mail filter update
    Kidzui
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    McAfee SecurityCenter
    McAfee Virtual Technician
    Mesh Runtime
    Microsoft Money 2000 Standard Edition
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Touch Pack for Windows 7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 3.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    PhotoShowExpress
    PlayReady PC Runtime x86
    ProMash
    PS_AIO_Software_min
    QuickTime
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype™ 5.5
    SmartSound Quicktracks for Premiere Elements 9.0
    SmartWebPrinting
    Smilebox
    SmileBox EN Toolbar
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Stamps.com
    Stamps.com Application Support for Microsoft Word 2000-2010
    Stamps.com support for Microsoft Word 2000-2010
    Status
    StickyNotes
    SyncUP
    Toolbox
    TrayApp
    TrustedID
    UBCD4Win 3.60
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Resource Kit Tools - SubInAcl.exe
    Yahoo! Toolbar
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: The system cannot find the file specified.
    6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2012 2:31:07 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: The system cannot find the file specified.
    6/25/2012 2:29:07 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2012 2:29:06 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2012 2:25:30 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D4583E73-8C3A-4850-A60F-71363527B0FB}. The error: "740" Happened while starting this command: "C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe" -Embedding
    6/25/2012 2:24:46 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2012 2:24:46 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: A device attached to the system is not functioning.
    6/25/2012 2:19:02 AM, Error: Ntfs [55] -
    6/25/2012 2:01:15 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2012 2:01:11 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2012 2:01:11 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
    6/25/2012 2:00:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    6/25/2012 12:07:49 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
    6/25/2012 12:05:56 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: Access is denied.
    6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
    6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
    6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
    6/25/2012 12:05:40 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147023611
    6/25/2012 12:05:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147023611
    6/25/2012 1:59:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk mfewfpk
    6/25/2012 1:59:07 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/24/2012 2:52:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/24/2012 2:52:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/24/2012 12:35:51 PM, Error: Service Control Manager [7023] - The McAfee Validation Trust Protection Service service terminated with the following error: The system cannot find the file specified.
    6/24/2012 11:13:36 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
    6/24/2012 10:41:02 AM, Error: Service Control Manager [7034] - The Dell WMI Service service terminated unexpectedly. It has done this 1 time(s).
    6/24/2012 10:40:06 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    6/24/2012 10:40:06 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    6/24/2012 10:26:16 AM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: MfeFire. This service might not be installed.
    6/24/2012 10:24:08 AM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
    6/24/2012 10:24:08 AM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed.
    6/24/2012 10:23:22 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    6/23/2012 6:48:39 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: Access is denied.
    6/23/2012 10:35:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {31371420-098D-4C0E-A11E-EBEC2305DD01}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ytbb.exe" -Embedding
    6/23/2012 10:35:36 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
    6/23/2012 10:30:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {6737D319-D20F-4DAF-B321-ECC5E52F692A}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe" -Embedding
    6/23/2012 10:30:27 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
    6/23/2012 10:30:22 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {694978FF-AB41-4E51-9A2F-862A9312FCB1}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  6. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    All set. My wife informed me that she had Mcafee techs working on this today via remote access while I was at work today. I'm not sure what if anything they may have done other than Mcafee still doesn't work.

    Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 26-06-2012 01:56:19
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-06-22] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-06-22] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-06-22] (Intel Corporation)
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
    HKLM\...\Run: [DCHostUI] "C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe" -nogui [366592 2011-03-31] (Atheros Communication)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [617120 2011-03-31] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-31] (Atheros Commnucations)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj" [6433439 2011-03-18] ()
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2011-12-31] ()
    HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [53248 2011-01-12] ()
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
    HKU\Kids\...\Policies\system: [LogonHoursAction] 2
    HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Shanahan Family\...\Policies\system: [LogonHoursAction] 2
    HKU\Shanahan Family\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Services (Whitelisted) ======

    2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros)
    2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [77984 2011-03-31] (Atheros Commnucations)
    3 DCDhcpService; "C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe" [100352 2011-03-31] (Atheros Communication Inc.)
    2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162224 2012-05-25] (McAfee, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
    2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
    3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
    2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    0 aa4c16f84acedb9; C:\Windows\System32\Drivers\aa4c16f84acedb9.sys [74184 2012-06-23] ()
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-31] (Atheros)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-31] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-31] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-31] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-31] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-31] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [281248 2011-03-31] (Atheros)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
    3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [311400 2011-03-15] (Realtek Semiconductor Corp.)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    1 cdaxeesa; \??\C:\Windows\system32\drivers\cdaxeesa.sys [x]
    1 jvaolvfd; \??\C:\Windows\system32\drivers\jvaolvfd.sys [x]
    1 oecehykg; \??\C:\Windows\system32\drivers\oecehykg.sys [x]
    1 uxlgtwoh; \??\C:\Windows\system32\drivers\uxlgtwoh.sys [x]
    1 zzdmfitz; \??\C:\Windows\system32\drivers\zzdmfitz.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-26 02:46 - 2005-08-31 12:38 - 00000956 ____A C:\Windows\SysWOW64\iconcfg.ini
    2012-06-26 02:46 - 2003-12-16 12:04 - 00049152 ____A (General) C:\Windows\SysWOW64\usbmonit.exe
    2012-06-26 02:46 - 2003-05-21 11:27 - 00139264 ____A (Genesys) C:\Windows\SysWOW64\geneicon.dll
    2012-06-26 02:46 - 2003-03-07 13:52 - 00036864 ____A C:\Windows\SysWOW64\deluidrv.exe
    2012-06-26 02:46 - 2002-03-05 12:10 - 00032768 ____A C:\Windows\SysWOW64\delentry.exe
    2012-06-26 02:45 - 2012-06-26 02:45 - 00120933 ____A C:\Users\Shanahan Family\Downloads\sddr-103-107-driver.zip
    2012-06-26 02:45 - 2003-12-16 12:15 - 00024848 ____A (General) C:\Windows\SysWOW64\Drivers\geneuide.sys
    2012-06-26 02:42 - 2012-06-26 02:42 - 01425797 ____A C:\Users\Shanahan Family\Downloads\FRST64.exe
    2012-06-26 01:56 - 2012-06-26 01:56 - 00000000 ____D C:\FRST
    2012-06-25 23:19 - 2012-06-25 15:47 - 00000000 ____D C:\users\mcafee test
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Program Files (x86)\Citrix
    2012-06-25 15:50 - 2012-06-25 15:50 - 01807128 ____A (Dell Inc) C:\Users\Shanahan Family\Downloads\aulauncher.exe
    2012-06-25 15:20 - 2012-06-25 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\mseinstall.exe
    2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-25 15:10 - 2012-06-25 15:10 - 04285248 ____A (McAfee, Inc.) C:\Users\Shanahan Family\Downloads\McAfeeSetup.exe
    2012-06-25 15:10 - 2012-05-25 19:13 - 00162224 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    2012-06-25 14:55 - 2012-06-25 14:55 - 00809328 ____A (AirInstaller Inc.) C:\Users\Shanahan Family\Downloads\setup (1).exe
    2012-06-25 14:51 - 2012-06-25 14:51 - 00000087 ___RH C:\Users\Shanahan Family\Downloads\GetSusp.opt
    2012-06-25 14:49 - 2012-06-25 14:49 - 05018217 ____N C:\Users\Shanahan Family\Downloads\gsusp_0E2C0FE93D33_062512_124918.zip
    2012-06-25 14:46 - 2012-06-25 14:49 - 00004513 ____A C:\Users\Shanahan Family\Downloads\GetSusp.xml
    2012-06-25 14:46 - 2012-06-25 14:46 - 01501248 ____A (McAfee Inc.) C:\Users\Shanahan Family\Downloads\getsusp.exe
    2012-06-25 14:11 - 2012-06-25 15:17 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee.com
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
    2012-06-25 14:00 - 2012-06-25 15:20 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-25 13:46 - 2012-06-25 23:15 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-06-25 13:46 - 2012-06-25 23:15 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
    2012-06-25 13:46 - 2012-06-25 13:59 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-25 13:46 - 2012-06-25 13:46 - 00000000 ____D C:\Program Files\AVAST Software
    2012-06-25 13:46 - 2012-03-06 18:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-06-25 13:45 - 2012-06-25 13:46 - 74761776 ____A C:\Users\Shanahan Family\Downloads\setup_av_free.exe
    2012-06-25 13:37 - 2012-06-25 15:12 - 00000000 ____D C:\Users\All Users\McAfee
    2012-06-25 13:37 - 2012-06-25 15:12 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
    2012-06-25 13:30 - 2012-06-25 14:15 - 00000000 ____D C:\Windows\pss
    2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-25 13:25 - 2012-06-25 13:25 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-25 13:25 - 2012-05-04 21:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-25 13:22 - 2012-06-25 13:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00000000 ____D C:\Program Files\Java
    2012-06-25 11:22 - 2012-06-25 11:22 - 00000000 ____D C:\mfe
    2012-06-25 05:19 - 2012-06-25 05:19 - 00159144 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\WindowsActivationUpdate.exe
    2012-06-25 05:01 - 2012-06-25 16:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-25 05:01 - 2012-06-25 05:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-25 04:20 - 2012-06-25 04:20 - 00000330 ____A C:\Users\Shanahan Family\Desktop\gmer.log
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-24 22:11 - 2012-06-25 14:44 - 00000000 ____D C:\UBCD4Win
    2012-06-24 22:01 - 2012-06-24 22:01 - 00000942 ____A C:\Users\Shanahan Family\Downloads\dellregfix.zip
    2012-06-24 22:00 - 2012-06-24 22:00 - 00379392 ____A C:\Users\Shanahan Family\Downloads\subinacl.msi
    2012-06-24 22:00 - 2012-06-24 22:00 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-06-24 16:54 - 2012-06-24 16:54 - 00023006 ____A C:\ComboFix.txt
    2012-06-24 12:40 - 2012-06-24 16:54 - 00000000 ____D C:\Qoobox
    2012-06-24 12:40 - 2012-06-24 12:45 - 00000000 ____D C:\Windows\erdnt
    2012-06-24 12:40 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-24 12:40 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-24 12:40 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-24 12:40 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-24 12:40 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-24 12:40 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-24 12:40 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-24 12:40 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-23 14:01 - 2012-06-23 14:01 - 00071358 ____A C:\Users\Shanahan Family\Downloads\OTL.Txt
    2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\McAfee
    2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\McAfee
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\KidZui
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\Adobe
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\KidZui
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Adobe
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\GDIPFONTCACHEV1.DAT
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\BMExplorer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\BMExplorer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Roxio
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Creative
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Apple Computer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Roxio
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Creative
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Apple Computer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\BMExplorer
    2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\Application Data\Atheros Communication
    2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Atheros Communication
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Atheros
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Atheros
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\AppData\Local\Atheros
    2012-06-23 12:21 - 2012-06-23 12:37 - 00118252 _RASH C:\Users\Kids\ntuser.pol
    2012-06-23 12:21 - 2012-06-23 12:37 - 00000000 ____D C:\users\Kids
    2012-06-23 12:21 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Dell
    2012-06-23 12:21 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000020 ___SH C:\Users\Kids\ntuser.ini
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Adobe
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Adobe
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell Touch Zone
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell Touch Zone
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
    2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\Local Settings\SoftThinks
    2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\SoftThinks
    2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\AppData\Local\SoftThinks
    2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\Local Settings\Microsoft Help
    2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Microsoft Help
    2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\AppData\Local\Microsoft Help
    2012-06-23 12:21 - 2012-02-21 19:16 - 00000000 ____D C:\Users\Kids\Application Data\Macromedia
    2012-06-23 12:21 - 2012-02-21 19:16 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Macromedia
    2012-06-23 12:21 - 2012-02-21 19:11 - 00000000 ___RD C:\Users\Kids\Desktop\Play Games
    2012-06-23 12:14 - 2012-06-23 13:40 - 00000632 _RASH C:\Users\Shanahan Family\ntuser.pol
    2012-06-23 12:06 - 2012-06-23 12:06 - 00074184 ____A C:\Windows\System32\Drivers\aa4c16f84acedb9.sys
    2012-06-21 19:12 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 19:12 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 19:12 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 19:12 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 19:12 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 19:12 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 19:12 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 19:12 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 19:12 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 16:06 - 2012-06-18 16:06 - 00026112 ____A C:\Users\Shanahan Family\Downloads\TS001018259.dot
    2012-06-13 22:23 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 22:23 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 22:23 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 22:23 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 22:23 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 22:23 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 22:23 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 22:23 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 22:23 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 22:23 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 22:23 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 22:23 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 22:23 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 22:23 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 22:23 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 22:23 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 22:23 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 22:23 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 22:23 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 22:23 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 22:23 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 22:23 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 22:23 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 22:23 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 22:23 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 22:23 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 22:23 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 22:23 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 13:45 - 2012-06-13 13:45 - 00051356 ____A C:\Users\Shanahan Family\Downloads\WHAT TO PACK IN YOUR CHILD.mht
    2012-06-13 13:36 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 13:36 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 13:36 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 13:35 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 13:35 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 13:35 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 13:35 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 13:35 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 13:35 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 13:35 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 13:35 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 13:35 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 13:35 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 13:35 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 13:35 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 13:35 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 13:35 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-05-31 09:39 - 2012-05-31 09:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-05-31 09:37 - 2012-06-07 09:22 - 00000000 ____D C:\Users\Shanahan Family\Application Data\HpUpdate
    2012-05-31 09:37 - 2012-06-07 09:22 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
    2012-05-31 09:37 - 2012-05-31 09:37 - 00000000 ____D C:\Windows\Hewlett-Packard
  7. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    ============ 3 Months Modified Files and Folders =============
    2012-06-26 02:48 - 2009-07-14 00:13 - 00786422 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-26 02:45 - 2012-06-26 02:45 - 00120933 ____A C:\Users\Shanahan Family\Downloads\sddr-103-107-driver.zip
    2012-06-26 02:42 - 2012-06-26 02:42 - 01425797 ____A C:\Users\Shanahan Family\Downloads\FRST64.exe
    2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Nero
    2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Nero
    2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Nero
    2012-06-26 02:20 - 2012-03-21 18:10 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
    2012-06-26 02:17 - 2012-03-22 11:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-26 02:16 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 02:16 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 02:10 - 2012-03-22 11:07 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-06-26 02:10 - 2012-02-21 18:58 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-06-26 02:08 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 02:07 - 2009-07-13 23:51 - 00050543 ____A C:\Windows\setupact.log
    2012-06-26 01:56 - 2012-06-26 01:56 - 00000000 ____D C:\FRST
    2012-06-25 23:20 - 2012-03-21 18:10 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
    2012-06-25 23:20 - 2012-02-21 18:54 - 00000000 ____D C:\Users\All Users\Atheros
    2012-06-25 23:20 - 2012-02-21 18:54 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
    2012-06-25 23:19 - 2012-04-18 11:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2012-06-25 23:15 - 2012-06-25 13:46 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-06-25 23:15 - 2012-06-25 13:46 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Citrix
    2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Program Files (x86)\Citrix
    2012-06-25 16:52 - 2012-06-25 05:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\CrashDumps
    2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\CrashDumps
    2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\CrashDumps
    2012-06-25 15:52 - 2012-03-22 15:00 - 00000000 ____D C:\Users\All Users\PCDr
    2012-06-25 15:52 - 2012-03-22 15:00 - 00000000 ____D C:\Users\All Users\Application Data\PCDr
    2012-06-25 15:50 - 2012-06-25 15:50 - 01807128 ____A (Dell Inc) C:\Users\Shanahan Family\Downloads\aulauncher.exe
    2012-06-25 15:47 - 2012-06-25 23:19 - 00000000 ____D C:\users\mcafee test
    2012-06-25 15:39 - 2010-11-20 22:47 - 00081268 ____A C:\Windows\PFRO.log
    2012-06-25 15:20 - 2012-06-25 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\mseinstall.exe
    2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-25 15:20 - 2012-06-25 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-25 15:20 - 2012-02-21 18:32 - 01553943 ____A C:\Windows\WindowsUpdate.log
    2012-06-25 15:20 - 2011-02-10 11:10 - 00800080 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-25 15:17 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2012-06-25 15:12 - 2012-06-25 13:37 - 00000000 ____D C:\Users\All Users\McAfee
    2012-06-25 15:12 - 2012-06-25 13:37 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
    2012-06-25 15:10 - 2012-06-25 15:10 - 04285248 ____A (McAfee, Inc.) C:\Users\Shanahan Family\Downloads\McAfeeSetup.exe
    2012-06-25 15:06 - 2012-04-11 22:06 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Outlook Files
    2012-06-25 15:06 - 2012-04-11 22:06 - 00000000 ____D C:\Users\Shanahan Family\Documents\Outlook Files
    2012-06-25 15:05 - 2012-03-22 00:42 - 00000000 ____D C:\users\Shanahan Family
    2012-06-25 14:55 - 2012-06-25 14:55 - 00809328 ____A (AirInstaller Inc.) C:\Users\Shanahan Family\Downloads\setup (1).exe
    2012-06-25 14:51 - 2012-06-25 14:51 - 00000087 ___RH C:\Users\Shanahan Family\Downloads\GetSusp.opt
    2012-06-25 14:49 - 2012-06-25 14:49 - 05018217 ____N C:\Users\Shanahan Family\Downloads\gsusp_0E2C0FE93D33_062512_124918.zip
    2012-06-25 14:49 - 2012-06-25 14:46 - 00004513 ____A C:\Users\Shanahan Family\Downloads\GetSusp.xml
    2012-06-25 14:46 - 2012-06-25 14:46 - 01501248 ____A (McAfee Inc.) C:\Users\Shanahan Family\Downloads\getsusp.exe
    2012-06-25 14:44 - 2012-06-24 22:11 - 00000000 ____D C:\UBCD4Win
    2012-06-25 14:15 - 2012-06-25 13:30 - 00000000 ____D C:\Windows\pss
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee.com
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee
    2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
    2012-06-25 13:59 - 2012-06-25 13:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-06-25 13:46 - 2012-06-25 13:46 - 00000000 ____D C:\Program Files\AVAST Software
    2012-06-25 13:46 - 2012-06-25 13:45 - 74761776 ____A C:\Users\Shanahan Family\Downloads\setup_av_free.exe
    2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-25 13:25 - 2012-06-25 13:25 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-25 13:22 - 2012-06-25 13:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-25 13:22 - 2012-06-25 13:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-25 13:22 - 2012-06-25 13:22 - 00000000 ____D C:\Program Files\Java
    2012-06-25 13:22 - 2012-02-21 18:51 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-25 13:17 - 2009-07-13 23:54 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
    2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\Users\Public\desktop.ini
    2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\users\desktop.ini
    2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\Program Files (x86)\desktop.ini
    2012-06-25 13:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-06-25 11:23 - 2012-03-21 18:23 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-06-25 11:23 - 2012-03-21 18:23 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
    2012-06-25 11:22 - 2012-06-25 11:22 - 00000000 ____D C:\mfe
    2012-06-25 05:19 - 2012-06-25 05:19 - 00159144 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\WindowsActivationUpdate.exe
    2012-06-25 05:01 - 2012-06-25 05:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-25 05:01 - 2012-02-21 18:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-25 04:20 - 2012-06-25 04:20 - 00000330 ____A C:\Users\Shanahan Family\Desktop\gmer.log
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-24 22:01 - 2012-06-24 22:01 - 00000942 ____A C:\Users\Shanahan Family\Downloads\dellregfix.zip
    2012-06-24 22:00 - 2012-06-24 22:00 - 00379392 ____A C:\Users\Shanahan Family\Downloads\subinacl.msi
    2012-06-24 22:00 - 2012-06-24 22:00 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-06-24 16:54 - 2012-06-24 16:54 - 00023006 ____A C:\ComboFix.txt
    2012-06-24 16:54 - 2012-06-24 12:40 - 00000000 ____D C:\Qoobox
    2012-06-24 16:52 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
    2012-06-24 12:46 - 2009-07-13 22:20 - 00000000 ____D C:\users\Default
    2012-06-24 12:45 - 2012-06-24 12:40 - 00000000 ____D C:\Windows\erdnt
    2012-06-23 20:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2012-06-23 14:01 - 2012-06-23 14:01 - 00071358 ____A C:\Users\Shanahan Family\Downloads\OTL.Txt
    2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\McAfee
    2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\McAfee
    2012-06-23 13:40 - 2012-06-23 12:14 - 00000632 _RASH C:\Users\Shanahan Family\ntuser.pol
    2012-06-23 12:37 - 2012-06-23 12:21 - 00118252 _RASH C:\Users\Kids\ntuser.pol
    2012-06-23 12:37 - 2012-06-23 12:21 - 00000000 ____D C:\users\Kids
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\KidZui
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\Adobe
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\KidZui
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Adobe
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\GDIPFONTCACHEV1.DAT
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\BMExplorer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\BMExplorer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Roxio
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Creative
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Apple Computer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Roxio
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Creative
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Apple Computer
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\Google
    2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\BMExplorer
    2012-06-23 12:27 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell
    2012-06-23 12:27 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell
    2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\Application Data\Atheros Communication
    2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Atheros Communication
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Atheros
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Atheros
    2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\AppData\Local\Atheros
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000020 ___SH C:\Users\Kids\ntuser.ini
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Adobe
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Adobe
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell Touch Zone
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell Touch Zone
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\VirtualStore
    2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
    2012-06-23 12:14 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\SoftThinks
    2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\SoftThinks
    2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\SoftThinks
    2012-06-23 12:06 - 2012-06-23 12:06 - 00074184 ____A C:\Windows\System32\Drivers\aa4c16f84acedb9.sys
    2012-06-22 14:05 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Bluetooth Folder
    2012-06-22 14:05 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Documents\Bluetooth Folder
    2012-06-20 18:52 - 2007-10-27 01:31 - 00000000 ____D C:\Users\Shanahan Family\My Documents\My Scans
    2012-06-20 18:52 - 2007-10-27 01:31 - 00000000 ____D C:\Users\Shanahan Family\Documents\My Scans
    2012-06-18 17:23 - 2012-02-21 19:13 - 00000000 ____D C:\Users\All Users\Sonic
    2012-06-18 17:23 - 2012-02-21 19:13 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
    2012-06-18 16:15 - 2011-05-21 15:16 - 00000000 ____D C:\Users\Shanahan Family\My Documents\LRAT
    2012-06-18 16:15 - 2011-05-21 15:16 - 00000000 ____D C:\Users\Shanahan Family\Documents\LRAT
    2012-06-18 16:06 - 2012-06-18 16:06 - 00026112 ____A C:\Users\Shanahan Family\Downloads\TS001018259.dot
    2012-06-18 15:48 - 2007-03-13 21:55 - 08462336 ____A C:\Users\Shanahan Family\My Documents\My Money.mny
    2012-06-18 15:48 - 2007-03-13 21:55 - 08462336 ____A C:\Users\Shanahan Family\Documents\My Money.mny
    2012-06-14 08:52 - 2009-07-13 23:45 - 00468216 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 22:31 - 2012-04-10 09:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-13 22:31 - 2012-04-10 09:47 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-06-13 22:28 - 2012-03-21 18:46 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-13 13:45 - 2012-06-13 13:45 - 00051356 ____A C:\Users\Shanahan Family\Downloads\WHAT TO PACK IN YOUR CHILD.mht
    2012-06-07 09:22 - 2012-05-31 09:37 - 00000000 ____D C:\Users\Shanahan Family\Application Data\HpUpdate
    2012-06-07 09:22 - 2012-05-31 09:37 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
    2012-06-06 10:43 - 2012-04-18 11:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2012-06-02 17:19 - 2012-06-21 19:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-21 19:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-21 19:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 17:19 - 2012-06-21 19:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-21 19:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-21 19:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:15 - 2012-06-21 19:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-21 19:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 17:15 - 2012-06-21 19:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 09:39 - 2012-05-31 09:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-05-31 09:37 - 2012-05-31 09:37 - 00000000 ____D C:\Windows\Hewlett-Packard
    2012-05-31 09:37 - 2012-03-21 18:21 - 00000000 ____D C:\Program Files (x86)\HP
    2012-05-25 19:13 - 2012-06-25 15:10 - 00162224 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    2012-05-23 19:33 - 2012-05-23 19:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-23 19:33 - 2012-05-23 19:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-22 23:16 - 2012-05-22 23:16 - 00703564 ____A C:\Users\Shanahan Family\Downloads\Night-Shift.azw
    2012-05-22 12:45 - 2012-03-25 10:44 - 00000000 ____D C:\Users\Shanahan Family\Application Data\KidZui
    2012-05-22 12:45 - 2012-03-25 10:44 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\KidZui
    2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\VirtualStore
    2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\VirtualStore
    2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\VirtualStore
    2012-05-21 18:18 - 2012-05-07 21:49 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Smilebox
    2012-05-21 18:18 - 2012-05-07 21:49 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Smilebox
    2012-05-21 13:20 - 2012-03-22 00:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Mozilla
    2012-05-21 13:20 - 2012-03-22 00:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Mozilla
    2012-05-19 12:06 - 2012-05-19 12:06 - 00000000 __SHD C:\Users\Shanahan Family\UserData
    2012-05-19 00:53 - 2012-05-19 00:53 - 00000050 ____A C:\Users\Shanahan Family\Desktop\www.stjoevan.org.url
    2012-05-17 21:47 - 2012-06-13 22:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 21:16 - 2012-06-13 22:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 21:06 - 2012-06-13 22:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 20:59 - 2012-06-13 22:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 20:59 - 2012-06-13 22:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 20:58 - 2012-06-13 22:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 20:58 - 2012-06-13 22:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 20:56 - 2012-06-13 22:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 20:55 - 2012-06-13 22:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 20:55 - 2012-06-13 22:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 20:54 - 2012-06-13 22:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 20:51 - 2012-06-13 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 20:51 - 2012-06-13 22:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 20:47 - 2012-06-13 22:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 18:11 - 2012-06-13 22:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 17:48 - 2012-06-13 22:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 17:45 - 2012-06-13 22:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 17:36 - 2012-06-13 22:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 17:35 - 2012-06-13 22:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 17:35 - 2012-06-13 22:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 17:33 - 2012-06-13 22:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 17:31 - 2012-06-13 22:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 17:29 - 2012-06-13 22:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 17:29 - 2012-06-13 22:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 17:27 - 2012-06-13 22:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 17:25 - 2012-06-13 22:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 17:24 - 2012-06-13 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 17:20 - 2012-06-13 22:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 14:09 - 2012-05-15 14:09 - 00051712 ____A C:\Users\Shanahan Family\Downloads\2012 Blank LRAT ITAS_Timesheet.xls
    2012-05-14 20:32 - 2012-06-13 13:35 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 09:23 - 2009-07-14 00:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-13 00:16 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-11 00:32 - 2012-05-11 00:32 - 00009996 ____A C:\Users\Shanahan Family\Downloads\Mary Kay Order 051112.htm
    2012-05-11 00:32 - 2012-05-11 00:32 - 00000000 ____D C:\Users\Shanahan Family\Downloads\Mary Kay Order 051112_files
    2012-05-11 00:27 - 2012-05-11 00:27 - 00032344 ____A C:\Users\Shanahan Family\Downloads\SalesReceipt_76afff (1).xls
    2012-05-11 00:25 - 2012-05-11 00:25 - 00032344 ____A C:\Users\Shanahan Family\Downloads\SalesReceipt_76afff.xls
    2012-05-10 11:53 - 2012-05-10 11:53 - 00034511 ____A C:\Users\Shanahan Family\Downloads\6.htm
    2012-05-10 11:53 - 2012-05-10 11:53 - 00000000 ____D C:\Users\Shanahan Family\Downloads\6_files
    2012-05-08 17:53 - 2012-05-08 17:53 - 00024462 ____A C:\Users\Shanahan Family\Downloads\Is your skin ready for Spring.eml
    2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Smilebox
    2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Smilebox
    2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Smilebox
    2012-05-07 23:26 - 2011-07-29 15:48 - 00000000 ____D C:\Users\Shanahan Family\My Documents\My Smilebox Creations
    2012-05-07 23:26 - 2011-07-29 15:48 - 00000000 ____D C:\Users\Shanahan Family\Documents\My Smilebox Creations
    2012-05-07 21:50 - 2012-05-07 21:50 - 00001926 ____A C:\Users\Shanahan Family\Desktop\Smilebox.lnk
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 __SHD C:\Users\Shanahan Family\PrivacIE
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Conduit
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Conduit
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Conduit
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Program Files (x86)\SmileBox_EN
    2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-05-07 21:49 - 2012-05-07 21:48 - 00631752 ____A (Smilebox, Inc.) C:\Users\Shanahan Family\Downloads\SmileboxInstaller.exe
    2012-05-04 21:29 - 2012-06-25 13:25 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 21:29 - 2012-03-21 18:59 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-04 21:29 - 2012-02-21 18:51 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 06:06 - 2012-06-13 13:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 05:03 - 2012-06-13 13:35 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 05:03 - 2012-06-13 13:35 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 13:48 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-05-03 13:45 - 2007-04-16 16:35 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Fax
    2012-05-03 13:45 - 2007-04-16 16:35 - 00000000 ____D C:\Users\Shanahan Family\Documents\Fax
    2012-05-03 13:40 - 2012-05-03 13:39 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Stamps.com Internet Postage
    2012-05-03 13:40 - 2012-05-03 13:39 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Stamps.com Internet Postage
    2012-05-03 13:39 - 2012-05-03 13:39 - 00001008 ____A C:\Users\Public\Desktop\Stamps.com.lnk
    2012-05-03 13:39 - 2012-05-03 13:39 - 00001008 ____A C:\Users\All Users\Desktop\Stamps.com.lnk
    2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-03 13:39 - 2012-05-03 13:38 - 00000036 ___AH C:\Windows\SysWOW64\f9t.dat
    2012-05-03 13:39 - 2012-05-03 13:38 - 00000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
    2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Seven Zip
    2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Seven Zip
    2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Seven Zip
    2012-05-03 13:35 - 2012-05-03 13:34 - 25909592 ____A (Stamps.com, Inc. ) C:\Users\Shanahan Family\Downloads\stamps.exe
    2012-05-01 00:40 - 2012-06-13 13:35 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 22:55 - 2012-06-13 13:35 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 00:41 - 2012-06-13 13:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 00:41 - 2012-06-13 13:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 00:34 - 2012-06-13 13:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 00:37 - 2012-06-13 13:35 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 00:37 - 2012-06-13 13:35 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 00:37 - 2012-06-13 13:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 23:36 - 2012-06-13 13:35 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 23:36 - 2012-06-13 13:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 23:36 - 2012-06-13 13:35 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-22 10:04 - 2012-04-22 10:04 - 00000000 ____D C:\Users\Shanahan Family\My Backup Files
    2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\SoftThinks
    2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\SoftThinks
    2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\SoftThinks
    2012-04-21 09:57 - 2012-03-22 11:07 - 00000000 ____D C:\Program Files (x86)\Google
    2012-04-18 11:03 - 2012-04-05 11:03 - 00000000 ____D C:\Program Files\Dell Support Center
    2012-04-17 10:06 - 2012-04-17 10:06 - 00000000 ___RD C:\Users\Shanahan Family\Desktop\MySyncUPFiles
    2012-04-16 19:10 - 2009-01-12 13:04 - 00000000 ____D C:\Users\Shanahan Family\My Documents\DMAT
    2012-04-16 19:10 - 2009-01-12 13:04 - 00000000 ____D C:\Users\Shanahan Family\Documents\DMAT
    2012-04-16 15:33 - 2012-03-26 09:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-04-16 15:31 - 2012-04-16 15:31 - 00001345 ____A C:\Users\Public\Desktop\First Thousand Words.lnk
    2012-04-16 15:31 - 2012-04-16 15:31 - 00001345 ____A C:\Users\All Users\Desktop\First Thousand Words.lnk
    2012-04-16 15:31 - 2012-04-16 15:31 - 00000000 ____D C:\Users\All Users\QuickTime
    2012-04-16 15:31 - 2012-04-16 15:31 - 00000000 ____D C:\Users\All Users\Application Data\QuickTime
    2012-04-16 15:30 - 2012-04-16 15:30 - 00000000 ____D C:\Program Files (x86)\Scholastic
    2012-04-16 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Google
    2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Google
    2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Google
    2012-04-11 22:34 - 2012-04-11 22:34 - 00037861 ____A C:\Users\Shanahan Family\Application Data\Comma Separated Values (DOS).ADR
    2012-04-11 22:34 - 2012-04-11 22:34 - 00037861 ____A C:\Users\Shanahan Family\AppData\Roaming\Comma Separated Values (DOS).ADR
    2012-04-11 20:42 - 2012-03-24 09:47 - 00000000 ____D C:\Users\Shanahan Family\Application Data\SoftGrid Client
    2012-04-11 20:42 - 2012-03-24 09:47 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\SoftGrid Client
    2012-04-11 20:42 - 2012-02-21 19:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-04-11 12:06 - 2009-07-13 21:34 - 00000545 ____A C:\Windows\win.ini
    2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Microsoft Help
    2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Microsoft Help
    2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
    2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\Local Settings\GDIPFONTCACHEV1.DAT
    2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-10 09:58 - 2012-04-10 09:58 - 00003029 ____A C:\Users\Shanahan Family\Desktop\Microsoft Outlook 2010.lnk
    2012-04-10 09:56 - 2012-04-10 09:56 - 03322136 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\OutlookConnector.exe
    2012-04-10 09:56 - 2012-04-10 09:56 - 00000000 ____D C:\Program Files (x86)\MSECache
    2012-04-10 09:50 - 2012-04-10 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-04-10 09:50 - 2012-04-10 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
    2012-04-10 09:50 - 2012-02-21 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-04-10 09:50 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
    2012-04-10 09:50 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2012-04-10 09:49 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Microsoft Help
    2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Microsoft Help
    2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Microsoft Help
    2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2012-04-10 09:46 - 2012-04-10 09:46 - 00000000 ___RD C:\MSOCache
    2012-04-09 11:28 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-04-07 07:31 - 2012-06-13 13:35 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 06:26 - 2012-06-13 13:35 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-03-31 08:57 - 2012-03-31 08:57 - 00001170 ____A C:\Users\Default\Desktop\Dell Advantage.lnk
    2012-03-31 08:57 - 2012-03-31 08:57 - 00001170 ____A C:\Users\Default User\Desktop\Dell Advantage.lnk
    2012-03-31 08:57 - 2011-02-10 09:01 - 00000000 ____D C:\dell
    2012-03-30 09:01 - 2012-02-21 19:02 - 00000000 ____D C:\Program Files (x86)\Dell Stage
    2012-03-30 06:35 - 2012-05-12 10:37 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    ZeroAccess:
    C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}
    C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\@
    C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\L
    C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\U
    ========================= Known DLLs (Whitelisted) ============
    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 6049.09 MB
    Available physical RAM: 5332.52 MB
    Total Pagefile: 6047.29 MB
    Available Pagefile: 5307.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:909.1 GB) (Free:824.15 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:22.37 GB) (Free:9.52 GB) NTFS
    4 Drive f: (PENDRIVE) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3826 MB 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 22 GB 40 MB
    Partition 3 Primary 909 GB 22 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 22 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 909 GB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3825 MB 22 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F PENDRIVE FAT32 Removable 3825 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-23 20:29
    ======================= End Of Log ==========================
  8. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Since we've been working on this computer please observe forum rules:
    ======================================================

    McAfee has been most likely messed up by the infection so it may be just a matter of reinstalling it BUT do nothing yet.
    We have to make sure your computer is clean first.

    ===================================================

    Why did you post two different looking logs?
    Which one is the correct log?
  9. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    I've asked my wife to hold off on helping for now. :) I split my log into 2 posts as it would not fit into one due to character limits. I see there is another log posted after my last from someone named "cuquito".
  10. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    I see.....grrrrrrrrrrrr....deleted.
    Hold on.....
  11. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally and...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

     
  12. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    Here are the logs. Both Chrome and IE are unusable now as they pop up "Illegal operation attempted on a registry key that has been marked for deletion".

    ComboFix 12-06-28.01 - Shanahan Family 06/28/2012 8:05.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4016 [GMT -7:00]
    Running from: c:\users\Shanahan Family\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 15:10 . 2012-06-28 15:10--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-28 15:02 . 2012-06-28 15:0269000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA8B79-0DF2-475A-A601-1AD30AE9D911}\offreg.dll
    2012-06-26 07:46 . 2003-12-16 17:0449152----a-w-c:\windows\SysWow64\usbmonit.exe
    2012-06-26 07:46 . 2003-05-21 16:27139264----a-w-c:\windows\SysWow64\geneicon.dll
    2012-06-26 07:46 . 2003-03-07 18:5236864----a-w-c:\windows\SysWow64\deluidrv.exe
    2012-06-26 07:46 . 2002-03-05 17:1032768----a-w-c:\windows\SysWow64\delentry.exe
    2012-06-26 07:45 . 2003-12-16 17:1524848----a-w-c:\windows\SysWow64\drivers\geneuide.sys
    2012-06-26 06:56 . 2012-06-26 06:56--------d-----w-C:\FRST
    2012-06-26 04:19 . 2012-06-25 20:47--------d-----w-c:\users\mcafee test
    2012-06-26 04:17 . 2012-06-26 04:174285248----a-w-c:\users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts\McAfeeSetup.exe
    2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\program files (x86)\Citrix
    2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\users\Shanahan Family\AppData\Local\Citrix
    2012-06-25 20:21 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A24A782-8E6D-4047-8E9E-B2FEC9DB8AC7}\gapaengine.dll
    2012-06-25 20:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA8B79-0DF2-475A-A601-1AD30AE9D911}\mpengine.dll
    2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files\Microsoft Security Client
    2012-06-25 20:10 . 2012-05-26 00:13162224----a-w-c:\windows\system32\mfevtps.exe
    2012-06-25 19:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D80087E-C3DA-41CD-A4C1-5EEDCC7A1F6D}\mpengine.dll
    2012-06-25 19:11 . 2012-06-25 20:39--------d-----w-c:\program files (x86)\Common Files\McAfee
    2012-06-25 19:11 . 2012-06-25 20:17--------d-----w-c:\program files\Common Files\McAfee
    2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files\McAfee
    2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files (x86)\McAfee
    2012-06-25 18:46 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
    2012-06-25 18:46 . 2012-06-26 04:15--------d-----w-c:\programdata\AVAST Software
    2012-06-25 18:46 . 2012-06-25 18:46--------d-----w-c:\program files\AVAST Software
    2012-06-25 18:37 . 2012-06-25 20:12--------d-----w-c:\programdata\McAfee
    2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Common Files\Java
    2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Oracle
    2012-06-25 18:22 . 2012-06-25 18:22955840----a-w-c:\windows\system32\npDeployJava1.dll
    2012-06-25 18:22 . 2012-06-25 18:22--------d-----w-c:\program files\Java
    2012-06-25 17:55 . 2012-06-28 16:00--------d-----w-c:\windows\system32\wbem\repository
    2012-06-25 17:28 . 2012-06-25 17:28--------d-s---w-c:\windows\SysWow64\Microsoft
    2012-06-25 16:22 . 2012-06-25 16:22--------d-----w-C:\mfe
    2012-06-25 10:01 . 2012-06-25 10:01426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\users\Shanahan Family\AppData\Roaming\Malwarebytes
    2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\programdata\Malwarebytes
    2012-06-25 03:11 . 2012-06-25 19:44--------d-----w-C:\UBCD4Win
    2012-06-25 03:00 . 2012-06-25 03:00--------d-----w-c:\program files (x86)\Windows Resource Kits
    2012-06-23 18:48 . 2012-06-23 18:48--------d-----w-c:\users\Shanahan Family\AppData\Roaming\McAfee
    2012-06-23 17:21 . 2012-06-23 17:37--------d-----w-c:\users\Kids
    2012-06-23 17:06 . 2012-06-23 17:0674184----a-w-c:\windows\system32\drivers\aa4c16f84acedb9.sys
    2012-06-22 00:12 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-22 00:12 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-22 00:12 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-22 00:12 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-22 00:12 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-22 00:12 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-22 00:12 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-22 00:12 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-22 00:12 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-13 18:36 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 18:36 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 18:36 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-05-31 14:39 . 2012-05-31 14:39--------d-----w-c:\program files (x86)\Hewlett-Packard
    2012-05-31 14:37 . 2012-06-07 14:22--------d-----w-c:\users\Shanahan Family\AppData\Roaming\HpUpdate
    2012-05-31 14:37 . 2012-05-31 14:37--------d-----w-c:\windows\Hewlett-Packard
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-25 18:22 . 2012-02-21 23:51839096----a-w-c:\windows\system32\deployJava1.dll
    2012-06-25 10:01 . 2012-02-21 23:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 02:29 . 2012-03-21 23:59772504----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2012-05-05 02:29 . 2012-02-21 23:51687504----a-w-c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-24_17.44.55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-06-23 18:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-06-25 16:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-23 18:5132768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-25 16:3432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-25 16:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-23 18:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-21 03:09 . 2012-06-26 21:4155722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-28 15:0138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-22 05:44 . 2012-06-28 15:0110006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1000_UserData.bin
    + 2009-07-13 23:38 . 2009-07-13 23:3815360 c:\windows\system32\vga.dll
    + 2009-07-14 00:16 . 2009-07-14 00:1617408 c:\windows\system32\tsddd.dll
    + 2009-07-14 00:16 . 2009-07-14 01:3232256 c:\windows\system32\RDPREFDD.dll
    + 2009-07-13 23:19 . 2009-07-14 01:4557424 c:\windows\system32\PSHED.DLL
    + 2009-07-13 23:19 . 2009-07-14 01:4136864 c:\windows\system32\pcwum.dll
    + 2009-07-13 23:22 . 2009-07-14 01:4832832 c:\windows\system32\mcupdate_AuthenticAMD.dll
    + 2012-02-22 01:23 . 2012-02-22 01:2320352 c:\windows\system32\kdusb.dll
    + 2012-02-22 01:23 . 2012-02-22 01:2317792 c:\windows\system32\kdcom.dll
    + 2012-02-22 01:23 . 2012-02-22 01:2319328 c:\windows\system32\kd1394.dll
    + 2009-07-13 23:37 . 2009-07-14 01:2810240 c:\windows\system32\kbdnecat.dll
    + 2009-07-13 23:37 . 2009-07-14 01:4112288 c:\windows\system32\KBDKOR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:4112800 c:\windows\system32\KBDJPN.DLL
    + 2009-07-13 23:38 . 2009-07-13 23:3814848 c:\windows\system32\framebuf.dll
    + 2009-07-13 23:37 . 2009-07-14 01:2734816 c:\windows\system32\f3ahvoas.dll
    + 2009-07-14 05:30 . 2012-06-25 16:3986016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-06-23 18:4486016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 00:10 . 2009-07-14 00:1021504 c:\windows\system32\drivers\ws2ifsl.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4516464 c:\windows\system32\drivers\wmilib.sys
    + 2009-07-13 23:31 . 2009-07-13 23:3114336 c:\windows\system32\drivers\wmiacpi.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2341984 c:\windows\system32\drivers\winusb.sys
    + 2009-07-13 23:29 . 2009-07-14 01:4522096 c:\windows\system32\drivers\wimmount.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0912800 c:\windows\system32\drivers\wfplwf.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4542064 c:\windows\system32\drivers\WdfLdr.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4521056 c:\windows\system32\drivers\wd.sys
    + 2009-07-13 23:37 . 2009-07-13 23:3742496 c:\windows\system32\drivers\watchdog.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2488576 c:\windows\system32\drivers\wanarp.sys
    + 2009-07-14 00:02 . 2009-07-14 00:0227776 c:\windows\system32\drivers\wacompen.sys
    + 2009-07-14 00:07 . 2009-07-14 00:0717920 c:\windows\system32\drivers\vwifimp.sys
    + 2009-07-14 00:07 . 2009-07-14 00:0759904 c:\windows\system32\drivers\vwififlt.sys
    + 2009-07-14 00:07 . 2009-07-14 00:0724576 c:\windows\system32\drivers\vwifibus.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2371552 c:\windows\system32\drivers\volmgr.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4517488 c:\windows\system32\drivers\viaide.sys
    + 2009-07-13 23:38 . 2009-07-13 23:3829184 c:\windows\system32\drivers\vgapnp.sys
    + 2009-07-13 23:38 . 2009-07-13 23:3829184 c:\windows\system32\drivers\vga.sys
    + 2009-07-14 00:01 . 2009-07-14 01:4536432 c:\windows\system32\drivers\vdrvroot.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2330720 c:\windows\system32\drivers\usbuhci.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2391648 c:\windows\system32\drivers\USBSTOR.SYS
    + 2009-07-14 00:35 . 2009-07-14 00:3541984 c:\windows\system32\drivers\usbscan.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2431744 c:\windows\system32\drivers\usbrpm.sys
    + 2009-07-14 00:38 . 2009-07-14 00:3825088 c:\windows\system32\drivers\usbprint.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2325600 c:\windows\system32\drivers\usbohci.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2352736 c:\windows\system32\drivers\usbehci.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2399328 c:\windows\system32\drivers\usbccgp.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2432896 c:\windows\system32\drivers\USBCAMD2.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0919968 c:\windows\system32\drivers\usb8023.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2348640 c:\windows\system32\drivers\umbus.sys
    + 2009-07-13 23:38 . 2009-07-14 01:4564592 c:\windows\system32\drivers\ULIAGPKX.SYS
    + 2009-07-13 23:38 . 2009-07-14 01:4564080 c:\windows\system32\drivers\UAGP35.SYS
    + 2010-11-21 03:23 . 2010-11-21 03:2331232 c:\windows\system32\drivers\TsUsbGD.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2459392 c:\windows\system32\drivers\TsUsbFlt.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2339424 c:\windows\system32\drivers\tssecsrv.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2363360 c:\windows\system32\drivers\termdd.sys
    + 2012-03-22 10:49 . 2012-02-17 04:5723552 c:\windows\system32\drivers\tdtcp.sys
    + 2009-07-14 00:16 . 2009-07-14 00:1615872 c:\windows\system32\drivers\tdpipe.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2426624 c:\windows\system32\drivers\tdi.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2345056 c:\windows\system32\drivers\tcpipreg.sys
    + 2009-07-14 00:01 . 2009-07-14 00:0129184 c:\windows\system32\drivers\tape.sys
    + 2009-07-14 00:00 . 2009-07-14 01:4512496 c:\windows\system32\drivers\swenum.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0668864 c:\windows\system32\drivers\stream.sys
    + 2009-07-13 21:59 . 2009-07-14 01:4524656 c:\windows\system32\drivers\stexstor.sys
    + 2009-07-13 20:27 . 2009-07-14 01:4519008 c:\windows\system32\drivers\spldr.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0020992 c:\windows\system32\drivers\smclib.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0993184 c:\windows\system32\drivers\smb.sys
    + 2009-07-13 21:59 . 2009-07-14 01:4580464 c:\windows\system32\drivers\sisraid4.sys
    + 2009-06-10 20:37 . 2009-07-14 01:4543584 c:\windows\system32\drivers\sisraid2.sys
    + 2011-10-01 15:30 . 2011-10-01 15:3022376 c:\windows\system32\drivers\Sftvollh.sys
    + 2011-10-01 15:30 . 2011-10-01 15:3025960 c:\windows\system32\drivers\Sftredirlh.sys
    + 2009-07-14 00:01 . 2009-07-14 00:0116896 c:\windows\system32\drivers\sfloppy.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2314336 c:\windows\system32\drivers\sffp_sd.sys
    + 2009-07-14 00:01 . 2009-07-14 00:0113824 c:\windows\system32\drivers\sffp_mmc.sys
    + 2009-07-14 00:01 . 2009-07-14 00:0114336 c:\windows\system32\drivers\sffdisk.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0026624 c:\windows\system32\drivers\sermouse.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0094208 c:\windows\system32\drivers\serial.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0023552 c:\windows\system32\drivers\serenum.sys
    + 2009-07-14 02:36 . 2009-06-10 20:3723040 c:\windows\system32\drivers\secdrv.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2429696 c:\windows\system32\drivers\scfilter.sys
    + 2009-07-14 00:08 . 2009-07-14 00:0876800 c:\windows\system32\drivers\rspndr.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1011264 c:\windows\system32\drivers\rootmdm.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0941472 c:\windows\system32\drivers\RNDISMP.sys
    + 2009-07-14 00:17 . 2009-07-14 00:1724064 c:\windows\system32\drivers\rdpbus.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1083968 c:\windows\system32\drivers\rassstp.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1092672 c:\windows\system32\drivers\raspppoe.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1014848 c:\windows\system32\drivers\rasacd.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0946592 c:\windows\system32\drivers\qwavedrv.sys
    + 2012-02-22 00:13 . 2010-03-19 09:0055856 c:\windows\system32\drivers\PxHlpa64.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1960416 c:\windows\system32\drivers\processr.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4550768 c:\windows\system32\drivers\pcw.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4548720 c:\windows\system32\drivers\pciidex.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4512352 c:\windows\system32\drivers\pciide.sys
    + 2012-05-12 15:38 . 2012-03-17 07:5875120 c:\windows\system32\drivers\partmgr.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0097280 c:\windows\system32\drivers\parport.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0672832 c:\windows\system32\drivers\ohci1394.sys
    + 2009-07-13 23:21 . 2009-07-13 23:2124576 c:\windows\system32\drivers\nsiproxy.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1944032 c:\windows\system32\drivers\npfs.sys
    + 2012-03-21 03:44 . 2012-03-21 03:4498688 c:\windows\system32\drivers\NisDrvWFP.sys
    + 2009-07-13 21:59 . 2009-07-14 01:4851264 c:\windows\system32\drivers\nfrd960.sys
    + 2009-07-14 00:09 . 2009-07-14 00:0944544 c:\windows\system32\drivers\netbios.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2457856 c:\windows\system32\drivers\ndproxy.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2456832 c:\windows\system32\drivers\ndisuio.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1024064 c:\windows\system32\drivers\ndistapi.sys
    + 2009-07-14 00:08 . 2009-07-14 00:0835328 c:\windows\system32\drivers\ndiscap.sys
    + 2009-07-13 23:23 . 2009-07-14 01:4860496 c:\windows\system32\drivers\mup.sys
    + 2009-07-14 00:02 . 2009-07-14 00:0215360 c:\windows\system32\drivers\MTConfig.sys
    + 2009-07-13 23:31 . 2009-07-14 01:4832320 c:\windows\system32\drivers\mssmbios.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0011136 c:\windows\system32\drivers\mskssrv.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4815424 c:\windows\system32\drivers\msisadrv.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1926112 c:\windows\system32\drivers\msfs.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2331104 c:\windows\system32\drivers\msahci.sys
    + 2009-07-14 00:08 . 2009-07-14 00:0877312 c:\windows\system32\drivers\mpsdrv.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2394592 c:\windows\system32\drivers\mountmgr.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0031232 c:\windows\system32\drivers\mouhid.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4849216 c:\windows\system32\drivers\mouclass.sys
    + 2009-07-13 23:38 . 2009-07-13 23:3830208 c:\windows\system32\drivers\monitor.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1040448 c:\windows\system32\drivers\modem.sys
    + 2011-03-13 17:20 . 2012-02-22 20:2975936 c:\windows\system32\drivers\mfenlfk.sys
    + 2012-02-22 00:15 . 2012-02-22 20:2910248 c:\windows\system32\drivers\mfeclnk.sys
    + 2009-06-10 20:37 . 2009-07-14 01:4835392 c:\windows\system32\drivers\megasas.sys
    + 2009-07-14 00:01 . 2009-07-14 00:0122016 c:\windows\system32\drivers\mcd.sys
    + 2009-07-13 21:59 . 2009-07-14 01:4865600 c:\windows\system32\drivers\lsi_sas2.sys
    + 2009-07-14 00:08 . 2009-07-14 00:0860928 c:\windows\system32\drivers\lltdio.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0020992 c:\windows\system32\drivers\ksthunk.sys
    + 2012-03-21 22:52 . 2011-11-17 06:4995600 c:\windows\system32\drivers\ksecdd.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2333280 c:\windows\system32\drivers\kbdhid.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4850768 c:\windows\system32\drivers\kbdclass.sys
    + 2012-02-22 01:09 . 2010-07-14 01:5769736 c:\windows\system32\drivers\itecir.sys
    + 2009-07-13 23:31 . 2009-07-14 01:4820544 c:\windows\system32\drivers\isapnp.sys
    + 2009-07-14 00:08 . 2009-07-14 00:0817920 c:\windows\system32\drivers\irenum.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2378848 c:\windows\system32\drivers\IPMIDrv.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2482944 c:\windows\system32\drivers\ipfltdrv.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1962464 c:\windows\system32\drivers\intelppm.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4816960 c:\windows\system32\drivers\intelide.sys
    + 2009-07-13 21:59 . 2009-07-14 01:4844112 c:\windows\system32\drivers\iirsp.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2414720 c:\windows\system32\drivers\hwpolicy.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2378720 c:\windows\system32\drivers\HpSAMD.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2330208 c:\windows\system32\drivers\hidusb.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0632896 c:\windows\system32\drivers\hidparse.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0646592 c:\windows\system32\drivers\hidir.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2376800 c:\windows\system32\drivers\hidclass.sys
    + 2009-07-13 23:31 . 2009-07-13 23:3126624 c:\windows\system32\drivers\hidbatt.sys
    + 2012-02-22 01:10 . 2010-10-19 19:3456344 c:\windows\system32\drivers\HECIx64.sys
    + 2009-07-13 22:53 . 2009-06-10 20:3131232 c:\windows\system32\drivers\hcw85cir.sys
    + 2009-07-13 23:38 . 2009-07-14 01:4765088 c:\windows\system32\drivers\GAGP30KX.SYS
    + 2009-07-13 23:26 . 2009-07-14 01:4755376 c:\windows\system32\drivers\fsdepends.sys
    + 2012-04-11 17:04 . 2012-03-01 06:4623408 c:\windows\system32\drivers\fs_rec.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0024576 c:\windows\system32\drivers\flpydisk.sys
    + 2009-07-13 23:25 . 2009-07-13 23:2534304 c:\windows\system32\drivers\filetrace.sys
    + 2009-07-13 23:34 . 2009-07-14 01:4770224 c:\windows\system32\drivers\fileinfo.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0029696 c:\windows\system32\drivers\fdc.sys
    + 2009-07-13 23:38 . 2009-07-13 23:3898816 c:\windows\system32\drivers\dxg.sys
    + 2009-07-13 23:38 . 2009-07-13 23:3816896 c:\windows\system32\drivers\dxapi.sys
    + 2009-07-13 23:21 . 2009-07-14 01:4355128 c:\windows\system32\drivers\dumpfve.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4728736 c:\windows\system32\drivers\Dumpata.sys
    + 2009-07-14 00:00 . 2009-07-14 00:0043008 c:\windows\system32\drivers\Dot4usb.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2319968 c:\windows\system32\drivers\Dot4Prt.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2327520 c:\windows\system32\drivers\Diskdump.sys
    + 2009-07-13 23:19 . 2009-07-14 01:4773280 c:\windows\system32\drivers\disk.sys
    + 2009-07-13 23:37 . 2009-07-13 23:3740448 c:\windows\system32\drivers\discache.sys
    + 2009-07-14 00:01 . 2009-07-14 01:4724144 c:\windows\system32\drivers\crcdisk.sys
    + 2009-07-14 00:01 . 2009-07-14 01:4739504 c:\windows\system32\drivers\crashdmp.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2338912 c:\windows\system32\drivers\CompositeBus.sys
    + 2009-07-13 23:31 . 2009-07-14 01:5221584 c:\windows\system32\drivers\compbatt.sys
    + 2009-07-13 23:19 . 2009-07-14 01:5217488 c:\windows\system32\drivers\cmdide.sys
    + 2009-07-13 23:31 . 2009-07-13 23:3117664 c:\windows\system32\drivers\CmBatt.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0645568 c:\windows\system32\drivers\circlass.sys
    + 2011-03-13 17:20 . 2012-02-22 20:2965264 c:\windows\system32\drivers\cfwids.sys
    + 2012-02-22 00:13 . 2009-10-20 09:0010224 c:\windows\system32\drivers\cdralw2k.sys
    + 2012-02-22 00:13 . 2009-10-20 09:0010224 c:\windows\system32\drivers\cdr4_xp.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1992160 c:\windows\system32\drivers\cdfs.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2380384 c:\windows\system32\drivers\BTHUSB.SYS
    + 2009-07-14 00:06 . 2009-07-14 00:0672192 c:\windows\system32\drivers\bthmodem.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0641984 c:\windows\system32\drivers\bthenum.sys
    + 2011-03-31 20:08 . 2011-03-31 20:0855456 c:\windows\system32\drivers\btath_lwflt.sys
    + 2011-03-31 20:08 . 2011-03-31 20:0836000 c:\windows\system32\drivers\btath_flt.sys
    + 2011-03-31 20:08 . 2011-03-31 20:0828832 c:\windows\system32\drivers\btath_bus.sys
    + 2009-07-14 01:20 . 2009-06-10 20:4114720 c:\windows\system32\drivers\BrUsbSer.sys
    + 2009-07-14 01:20 . 2009-06-10 20:4114976 c:\windows\system32\drivers\BrUsbMdm.sys
    + 2009-07-14 01:20 . 2009-06-10 20:4147104 c:\windows\system32\drivers\BrSerWdm.sys
    + 2009-07-14 01:05 . 2009-07-14 01:0195232 c:\windows\system32\drivers\bridge.sys
    + 2009-07-14 01:19 . 2009-06-10 20:4118432 c:\windows\system32\drivers\BrFiltLo.sys
    + 2012-03-21 22:52 . 2011-02-23 04:5590624 c:\windows\system32\drivers\bowser.sys
    + 2009-07-13 23:35 . 2009-07-13 23:3545056 c:\windows\system32\drivers\blbdrive.sys
    + 2009-07-13 23:31 . 2009-07-14 01:5228240 c:\windows\system32\drivers\battc.sys
    + 2009-07-13 23:19 . 2009-07-14 01:5224128 c:\windows\system32\drivers\atapi.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1023040 c:\windows\system32\drivers\asyncmac.sys
    + 2009-07-13 21:59 . 2009-07-14 01:5297856 c:\windows\system32\drivers\arcsas.sys
    + 2009-07-13 21:59 . 2009-07-14 01:5287632 c:\windows\system32\drivers\arc.sys
    + 2010-11-21 03:24 . 2010-11-21 03:2461440 c:\windows\system32\drivers\appid.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2327008 c:\windows\system32\drivers\amdxata.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1960928 c:\windows\system32\drivers\amdppm.sys
    + 2009-07-13 23:19 . 2009-07-13 23:1964512 c:\windows\system32\drivers\amdk8.sys
    + 2009-07-13 23:19 . 2009-07-14 01:5215440 c:\windows\system32\drivers\amdide.sys
    + 2009-07-13 23:19 . 2009-07-14 01:5215440 c:\windows\system32\drivers\aliide.sys
    + 2009-07-13 23:38 . 2009-07-14 01:5261008 c:\windows\system32\drivers\AGP440.sys
    + 2009-07-14 00:10 . 2009-07-14 00:1060416 c:\windows\system32\drivers\agilevpn.sys
    + 2010-11-21 03:23 . 2010-11-21 03:2312800 c:\windows\system32\drivers\acpipmi.sys
    + 2009-07-14 00:06 . 2009-07-14 00:0668096 c:\windows\system32\drivers\1394bus.sys
    + 2012-02-22 01:23 . 2012-02-22 01:2343520 c:\windows\system32\csrsrv.dll
    - 2012-03-22 05:45 . 2012-06-24 17:3049152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-22 05:45 . 2012-06-27 23:3049152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-22 05:45 . 2012-06-24 17:3032768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-22 05:45 . 2012-06-27 23:3032768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-24 17:3016384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-27 23:3016384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-13 23:19 . 2009-07-14 01:5223120 c:\windows\system32\BOOTVID.DLL
    + 2009-07-14 04:46 . 2012-06-28 15:0395344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-06-26 04:21 . 2012-06-25 19:202958 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1004_UserData.bin
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDYCL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYCC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYBA.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYAK.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDWOL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDVNTC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUZB.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDUSX.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSA.DLL
    + 2010-11-21 03:23 . 2010-11-21 03:237168 c:\windows\system32\KBDUS.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDURDU.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUR1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDUR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDUKX.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUK.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDUGHR1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUGHR.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDTURME.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDTUQ.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDTUF.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDTIPRC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH3.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH2.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH0.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTAT.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDTAJIK.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSYR2.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSYR1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSW09.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSW.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSP.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSORST.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSORS1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSOREX.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDSN1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDSMSNO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDSMSFI.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSL1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSL.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDSG.DLL
    + 2010-11-21 03:23 . 2010-11-21 03:237680 c:\windows\system32\KBDSF.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDRU1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDRU.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDROST.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDROPR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDRO.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDPO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDPL1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDPL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDPASH.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDNSO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDNO1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDNO.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDNEPR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\kbdnecnt.dll
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdnec95.dll
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdnec.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDNE.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMONMO.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDMON.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMLT48.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMLT47.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDMAORI.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMACST.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMAC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDLV1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLV.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLT2.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDLT1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDLT.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\kbdlk41a.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLAO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDLA.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDKYR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDKHMR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDKAZ.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDIULAT.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDIT142.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDIT.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDIR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDINUK2.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINTEL.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINTAM.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINPUN.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINORI.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINMAR.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINMAL.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINKAN.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINHIN.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINGUJ.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINEN.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINDEV.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINBEN.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINBE2.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINBE1.DLL
    + 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINASA.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDIC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDIBO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdibm02.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDHU1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHU.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:289728 c:\windows\system32\KBDHEPT.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHELA3.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHELA2.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDHEB.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHE319.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHE220.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDHE.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDHAU.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDGRLND.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDGR1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDGR.DLL
    + 2010-11-21 03:23 . 2010-11-21 03:238192 c:\windows\system32\KBDGKL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbdgeoqw.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbdgeoer.dll
    + 2010-11-21 03:24 . 2010-11-21 03:246656 c:\windows\system32\KBDGEO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDGAE.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFO.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDFI1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFI.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDFC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDFA.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDEST.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDES.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDDV.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDIV2.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDIV1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDA.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCZ2.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDCZ1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCZ.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDCAN.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDCA.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBULG.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBU.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBR.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBLR.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBHC.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBGPH1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBGPH.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDBENE.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBE.DLL
    + 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBASH.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDAZEL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDAZE.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdax2.dll
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDARMW.DLL
  13. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDARME.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDAL.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDA3.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDA2.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDA1.DLL
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd106n.dll
    + 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbd106.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd103.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd101c.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd101b.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd101a.dll
    + 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd101.dll
    + 2012-02-22 01:23 . 2012-02-22 01:237936 c:\windows\system32\drivers\usbd.sys
    + 2009-07-14 00:06 . 2009-07-14 00:069728 c:\windows\system32\drivers\umpass.sys
    + 2009-07-14 00:16 . 2009-07-14 00:168192 c:\windows\system32\drivers\RDPREFMP.sys
    + 2009-07-14 00:16 . 2009-07-14 00:167680 c:\windows\system32\drivers\RDPENCDD.sys
    + 2009-07-14 00:16 . 2009-07-14 00:167680 c:\windows\system32\drivers\RDPCDD.sys
    + 2009-07-13 23:19 . 2009-07-13 23:196144 c:\windows\system32\drivers\null.sys
    + 2009-07-14 00:00 . 2009-07-14 00:008064 c:\windows\system32\drivers\mstee.sys
    + 2009-07-14 00:00 . 2009-07-14 00:006784 c:\windows\system32\drivers\mspqm.sys
    + 2009-07-14 00:00 . 2009-07-14 00:007168 c:\windows\system32\drivers\mspclock.sys
    + 2009-07-14 00:06 . 2009-07-14 00:068192 c:\windows\system32\drivers\mshidkmdf.sys
    + 2009-07-13 23:31 . 2009-07-13 23:319728 c:\windows\system32\drivers\errdev.sys
    + 2009-07-14 00:06 . 2009-07-14 00:065632 c:\windows\system32\drivers\drmkaud.sys
    + 2009-07-14 01:20 . 2009-06-10 20:418704 c:\windows\system32\drivers\BrFiltUp.sys
    + 2009-07-14 00:00 . 2009-07-14 00:006656 c:\windows\system32\drivers\beep.sys
    + 2012-02-22 00:06 . 2012-06-28 14:531972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-02-22 00:06 . 2012-06-24 17:231972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-06-24 17:24 . 2012-06-24 17:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-24 17:24 . 2012-06-24 17:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-25 10:01 . 2012-06-25 10:01686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    + 2012-06-25 10:01 . 2012-06-25 10:01465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
    + 2012-06-25 10:01 . 2012-06-25 10:01257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    + 2012-06-25 18:25 . 2012-05-05 02:29227720 c:\windows\SysWOW64\javaws.exe
    + 2012-06-25 18:25 . 2012-06-25 18:25174064 c:\windows\SysWOW64\javaw.exe
    + 2012-06-25 18:25 . 2012-06-25 18:25174064 c:\windows\SysWOW64\java.exe
    + 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
    + 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
    + 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
    + 2012-02-22 01:23 . 2012-02-22 01:23605552 c:\windows\system32\winload.exe
    + 2010-11-21 03:24 . 2010-11-21 03:24147456 c:\windows\system32\RDPENCDD.dll
    + 2010-11-21 03:24 . 2010-11-21 03:24274944 c:\windows\system32\rdpdd.dll
    + 2009-07-14 02:36 . 2012-06-28 15:05665138 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-28 15:05122906 c:\windows\system32\perfc009.dat
    + 2010-11-21 03:24 . 2010-11-21 03:24299392 c:\windows\system32\mcupdate_GenuineIntel.dll
    + 2012-06-25 10:01 . 2012-06-25 10:01417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
    + 2012-06-25 10:01 . 2012-06-25 10:01512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
    + 2012-06-25 18:22 . 2012-06-25 18:22268720 c:\windows\system32\javaws.exe
    + 2012-06-25 18:22 . 2012-06-25 18:22189360 c:\windows\system32\javaw.exe
    + 2012-06-25 18:22 . 2012-06-25 18:22188840 c:\windows\system32\java.exe
    + 2010-11-21 03:24 . 2010-11-21 03:24263040 c:\windows\system32\hal.dll
    + 2009-07-14 05:30 . 2012-06-25 16:39143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-06-23 18:44143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-06-25 16:39143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-06-23 18:44143360 c:\windows\system32\DriverStore\infstor.dat
    + 2010-11-21 03:23 . 2010-11-21 03:23172544 c:\windows\system32\drivers\WUDFRd.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23112128 c:\windows\system32\drivers\WUDFPf.sys
    + 2012-02-21 23:58 . 2006-11-01 18:51151656 c:\windows\system32\drivers\WimFltr.sys
    + 2009-07-13 23:22 . 2009-07-14 01:45654928 c:\windows\system32\drivers\Wdf01000.sys
    + 2009-06-10 20:37 . 2009-07-14 01:45161872 c:\windows\system32\drivers\vsmraid.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23295808 c:\windows\system32\drivers\volsnap.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24363392 c:\windows\system32\drivers\volmgrx.sys
    + 2009-07-13 23:38 . 2009-07-13 23:38129024 c:\windows\system32\drivers\videoprt.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23215936 c:\windows\system32\drivers\vhdmp.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23184960 c:\windows\system32\drivers\usbvideo.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23325120 c:\windows\system32\drivers\usbport.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23343040 c:\windows\system32\drivers\usbhub.sys
    + 2009-07-14 00:06 . 2009-07-14 00:06100352 c:\windows\system32\drivers\usbcir.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23328192 c:\windows\system32\drivers\udfs.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24125440 c:\windows\system32\drivers\tunnel.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24119296 c:\windows\system32\drivers\tdx.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23189824 c:\windows\system32\drivers\storport.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23168448 c:\windows\system32\drivers\srvnet.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23410112 c:\windows\system32\drivers\srv2.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23467456 c:\windows\system32\drivers\srv.sys
    + 2009-06-10 20:48 . 2009-06-10 20:48426496 c:\windows\system32\drivers\spsys.sys
    + 2011-10-01 15:30 . 2011-10-01 15:30268648 c:\windows\system32\drivers\Sftplaylh.sys
    + 2011-10-01 15:30 . 2011-10-01 15:30764264 c:\windows\system32\drivers\Sftfslh.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24171392 c:\windows\system32\drivers\scsiport.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23103808 c:\windows\system32\drivers\sbp2port.sys
    + 2012-02-22 01:09 . 2011-03-16 02:09311400 c:\windows\system32\drivers\RtsUVStor.sys
    + 2012-02-22 01:09 . 2010-12-29 05:45412776 c:\windows\system32\drivers\Rt64win7.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24146432 c:\windows\system32\drivers\rmcast.sys
    + 2009-07-14 00:06 . 2009-07-14 00:06158720 c:\windows\system32\drivers\rfcomm.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24213888 c:\windows\system32\drivers\rdyboost.sys
    + 2012-06-13 18:35 . 2012-04-28 03:55210944 c:\windows\system32\drivers\rdpwd.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24309248 c:\windows\system32\drivers\rdbss.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24111104 c:\windows\system32\drivers\raspptp.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24129536 c:\windows\system32\drivers\rasl2tp.sys
    + 2009-07-13 21:59 . 2009-07-14 01:45128592 c:\windows\system32\drivers\ql40xx.sys
    + 2009-07-14 00:06 . 2009-07-14 00:06230400 c:\windows\system32\drivers\portcls.sys
    + 2009-07-13 23:51 . 2009-07-14 01:01651264 c:\windows\system32\drivers\PEAuth.sys
    + 2009-07-13 23:31 . 2009-07-14 01:45220752 c:\windows\system32\drivers\pcmcia.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23184704 c:\windows\system32\drivers\pci.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24131584 c:\windows\system32\drivers\pacer.sys
    + 2009-07-14 00:07 . 2009-07-14 00:07318976 c:\windows\system32\drivers\nwifi.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23166272 c:\windows\system32\drivers\nvstor.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23148352 c:\windows\system32\drivers\nvraid.sys
    + 2009-07-13 23:38 . 2009-07-14 01:48122960 c:\windows\system32\drivers\NV_AGP.SYS
    + 2010-11-21 03:24 . 2010-11-21 03:24376192 c:\windows\system32\drivers\netio.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23261632 c:\windows\system32\drivers\netbt.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24164352 c:\windows\system32\drivers\ndiswan.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23951680 c:\windows\system32\drivers\ndis.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24366976 c:\windows\system32\drivers\msrpc.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23273792 c:\windows\system32\drivers\msiscsi.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23140672 c:\windows\system32\drivers\msdsm.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23128000 c:\windows\system32\drivers\mrxsmb20.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23288768 c:\windows\system32\drivers\mrxsmb10.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23158208 c:\windows\system32\drivers\mrxsmb.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24140800 c:\windows\system32\drivers\mrxdav.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23155008 c:\windows\system32\drivers\mpio.sys
    + 2012-03-21 03:44 . 2012-03-21 03:44203888 c:\windows\system32\drivers\MpFilter.sys
    + 2011-03-13 17:20 . 2012-02-22 20:29100912 c:\windows\system32\drivers\mferkdet.sys
    + 2012-02-22 20:29 . 2012-02-22 20:29647208 c:\windows\system32\drivers\mfehidk.sys
    + 2011-03-13 17:20 . 2012-02-22 20:29487296 c:\windows\system32\drivers\mfefirek.sys
    + 2011-03-13 17:20 . 2012-02-22 20:29160792 c:\windows\system32\drivers\mfeapfk.sys
    + 2009-07-13 21:59 . 2009-07-14 01:48284736 c:\windows\system32\drivers\MegaSR.sys
    + 2009-07-13 23:26 . 2009-07-13 23:26113152 c:\windows\system32\drivers\luafv.sys
    + 2009-07-13 21:59 . 2009-07-14 01:48115776 c:\windows\system32\drivers\lsi_scsi.sys
    + 2009-07-13 21:59 . 2009-07-14 01:48106560 c:\windows\system32\drivers\lsi_sas.sys
    + 2009-07-13 21:59 . 2009-07-14 01:48114752 c:\windows\system32\drivers\lsi_fc.sys
    + 2012-03-21 22:52 . 2011-11-17 06:49152432 c:\windows\system32\drivers\ksecpkg.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24243712 c:\windows\system32\drivers\ks.sys
    + 2009-07-14 00:09 . 2009-07-14 00:09120320 c:\windows\system32\drivers\irda.sys
    + 2009-07-14 00:10 . 2009-07-14 00:10116224 c:\windows\system32\drivers\ipnat.sys
    + 2012-02-22 01:09 . 2010-02-27 01:32158976 c:\windows\system32\drivers\Impcd.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23410496 c:\windows\system32\drivers\iaStorV.sys
    + 2012-02-22 01:09 . 2010-11-06 02:45438808 c:\windows\system32\drivers\iaStor.sys
    + 2009-07-13 23:19 . 2009-07-13 23:19105472 c:\windows\system32\drivers\i8042prt.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23753664 c:\windows\system32\drivers\http.sys
    + 2009-07-14 00:06 . 2009-07-14 00:06100864 c:\windows\system32\drivers\hidbth.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23122368 c:\windows\system32\drivers\hdaudbus.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24288640 c:\windows\system32\drivers\FWPKCLNT.SYS
    + 2010-11-21 03:24 . 2010-11-21 03:24223248 c:\windows\system32\drivers\fvevol.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24289664 c:\windows\system32\drivers\fltMgr.sys
    + 2009-07-13 23:23 . 2009-07-13 23:23204800 c:\windows\system32\drivers\fastfat.sys
    + 2008-09-25 02:36 . 2008-09-25 02:36238848 c:\windows\system32\drivers\facap.sys
    + 2009-07-13 23:23 . 2009-07-13 23:23195072 c:\windows\system32\drivers\exfat.sys
    + 2009-06-10 20:36 . 2009-07-14 01:47530496 c:\windows\system32\drivers\elxstor.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24258048 c:\windows\system32\drivers\dxgmms1.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24982912 c:\windows\system32\drivers\dxgkrnl.sys
    + 2009-07-14 00:06 . 2009-07-14 01:01116224 c:\windows\system32\drivers\drmk.sys
    + 2009-07-14 00:00 . 2009-07-14 00:00145920 c:\windows\system32\drivers\Dot4.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24102400 c:\windows\system32\drivers\dfsc.sys
    + 2012-02-22 00:05 . 2011-01-20 17:20176096 c:\windows\system32\drivers\CtClsFlt.sys
    + 2012-02-22 00:05 . 2009-05-28 16:49224768 c:\windows\system32\drivers\CtAudDrv.sys
    + 2012-03-21 22:52 . 2011-11-17 06:44459232 c:\windows\system32\drivers\cng.sys
    + 2010-11-21 03:24 . 2010-11-21 03:24179072 c:\windows\system32\drivers\Classpnp.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23147456 c:\windows\system32\drivers\cdrom.sys
    + 2009-06-10 20:34 . 2009-06-10 20:34468480 c:\windows\system32\drivers\bxvbda.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23552960 c:\windows\system32\drivers\bthport.sys
    + 2009-07-14 00:07 . 2009-07-14 00:07118784 c:\windows\system32\drivers\bthpan.sys
    + 2012-02-22 01:09 . 2011-03-31 22:08281248 c:\windows\system32\drivers\btfilter.sys
    + 2011-03-31 20:08 . 2011-03-31 20:08154272 c:\windows\system32\drivers\btath_rcp.sys
    + 2011-03-31 20:08 . 2011-03-31 20:08201376 c:\windows\system32\drivers\btath_hcrp.sys
    + 2011-03-31 20:08 . 2011-03-31 20:08298656 c:\windows\system32\drivers\btath_a2dp.sys
    + 2009-07-14 01:19 . 2009-07-14 01:19286720 c:\windows\system32\drivers\BrSerId.sys
    + 2009-06-10 20:34 . 2009-06-10 20:34270848 c:\windows\system32\drivers\b57nd60a.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23155520 c:\windows\system32\drivers\ataport.sys
    + 2009-06-10 20:37 . 2009-07-14 01:52194128 c:\windows\system32\drivers\amdsbs.sys
    + 2012-02-22 01:23 . 2012-02-22 01:23107904 c:\windows\system32\drivers\amdsata.sys
    + 2012-03-21 22:52 . 2011-12-28 03:59498688 c:\windows\system32\drivers\afd.sys
    + 2009-07-13 21:59 . 2009-07-14 01:52182864 c:\windows\system32\drivers\adpu320.sys
    + 2009-07-13 21:59 . 2009-07-14 01:52339536 c:\windows\system32\drivers\adpahci.sys
    + 2009-06-10 20:36 . 2009-07-14 01:52491088 c:\windows\system32\drivers\adp94xx.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23334208 c:\windows\system32\drivers\acpi.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23229888 c:\windows\system32\drivers\1394ohci.sys
    + 2009-07-13 23:19 . 2009-07-14 01:52367696 c:\windows\system32\clfs.sys
    + 2010-11-21 03:23 . 2010-11-21 03:23780008 c:\windows\system32\ci.dll
    + 2010-11-21 03:24 . 2010-11-21 03:24144384 c:\windows\system32\cdd.dll
    + 2012-02-22 01:23 . 2012-02-22 01:23367616 c:\windows\system32\atmfd.dll
    + 2009-07-14 05:01 . 2012-06-28 14:53428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-06-24 01:48428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-06-25 16:30 . 2012-06-25 19:15429604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1004-12288.dat
    + 2012-06-25 18:25 . 2012-06-25 18:25179200 c:\windows\Installer\e14e2.msi
    + 2012-06-25 18:25 . 2012-06-25 18:25461312 c:\windows\Installer\e14dd.msi
    + 2012-06-25 18:22 . 2012-06-25 18:22891392 c:\windows\Installer\e1251.msi
    + 2012-06-25 03:00 . 2012-06-25 03:00379392 c:\windows\Installer\2102681.msi
    + 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
    + 2012-06-25 20:20 . 2012-06-25 20:20123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
    + 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
    + 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
    + 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
    + 2012-06-13 18:35 . 2012-05-15 01:323146752 c:\windows\system32\win32k.sys
    + 2012-06-13 18:35 . 2012-05-04 11:065559664 c:\windows\system32\ntoskrnl.exe
    + 2012-05-12 15:37 . 2012-03-30 11:351918320 c:\windows\system32\drivers\tcpip.sys
    + 2012-02-22 01:09 . 2011-05-30 21:052885224 c:\windows\system32\drivers\RTKVHD64.sys
    + 2009-06-10 20:37 . 2009-07-14 01:451524816 c:\windows\system32\drivers\ql2300.sys
    + 2012-02-22 01:23 . 2012-02-22 01:231659776 c:\windows\system32\drivers\ntfs.sys
    + 2009-06-10 20:34 . 2009-06-10 20:343286016 c:\windows\system32\drivers\evbda.sys
    + 2012-02-22 01:09 . 2011-02-24 13:562700288 c:\windows\system32\drivers\athrx.sys
    + 2012-02-22 00:47 . 2012-06-28 14:531879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-06-25 16:30 . 2012-06-25 20:061127032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1004-8192.dat
    - 2012-03-22 05:56 . 2012-06-23 19:086417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
    + 2012-03-22 05:56 . 2012-06-28 14:536417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
    + 2012-03-22 05:56 . 2012-06-25 20:392426688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-12288.dat
    + 2012-03-27 02:21 . 2012-03-27 02:217622656 c:\windows\Installer\b7034.msi
    + 2012-06-26 22:20 . 2012-06-26 22:207937024 c:\windows\Installer\22c79b.msi
    + 2012-02-22 01:09 . 2011-05-21 21:2112229664 c:\windows\system32\drivers\igdkmd64.sys
    + 2012-06-25 18:24 . 2012-06-25 18:2417379328 c:\windows\Installer\e14d9.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\SmileBox_EN\prxtbSmil.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-16 311400]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-02-16 135168]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-03-31 77984]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-26 162224]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-31 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-31 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-31 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 281248]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 DCDhcpService;DCDhcpService;c:\program files (x86)\Atheros Direct Connect\DCDhcpService.exe [2011-03-31 100352]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MFEHIDK
    *NewlyCreated* - MPFILTER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 10:01]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
    - c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
    - c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
    .
    2012-06-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-06-28 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "DCHostUI"="c:\program files (x86)\Atheros Direct Connect\P2PUIMain.exe" [2011-03-31 366592]
    "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]
    "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
    AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-28 08:12:03
    ComboFix-quarantined-files.txt 2012-06-28 15:12
    ComboFix2.txt 2012-06-24 21:54
    ComboFix3.txt 2012-06-24 18:03
    ComboFix4.txt 2012-06-24 17:46
    .
    Pre-Run: 884,291,596,288 bytes free
    Post-Run: 889,176,846,336 bytes free
    .
    - - End Of File - - 9674EA65C1C5276B11DA693DC1EB65EE
  14. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-28 08:59:11 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    aa4c16f84acedb9 service deleted successfully.
    cdaxeesa service deleted successfully.
    jvaolvfd service deleted successfully.
    oecehykg service deleted successfully.
    uxlgtwoh service deleted successfully.
    zzdmfitz service deleted successfully.
    C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8} moved successfully.
    C:\Users\Shanahan Family\0i763f66bz.exe not found.
    ==== End of Fixlog ====
  15. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    That's because you don't read my instructions carefully:
    ===================================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\aa4c16f84acedb9.sys
    
    Rootkit::
    c:\windows\system32\drivers\aa4c16f84acedb9.sys
    
    Driver::
    aa4c16f84acedb9
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  16. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    "That's because you don't read my instructions carefully:"
    Guilty as charged. Saw it after I made my last post. Here is the combofix log. Thanks for your continued help.

    ComboFix 12-06-28.03 - Shanahan Family 06/29/2012 7:22.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4028 [GMT -7:00]
    Running from: c:\users\Shanahan Family\Downloads\ComboFix.exe
    Command switches used :: c:\users\Shanahan Family\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\aa4c16f84acedb9.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\aa4c16f84acedb9.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AA4C16F84ACEDB9
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 14:27 . 2012-06-29 14:27--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-29 14:18 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F2A8CD1-3ED5-4AE4-A7D0-34077D761585}\mpengine.dll
    2012-06-26 07:46 . 2003-12-16 17:0449152----a-w-c:\windows\SysWow64\usbmonit.exe
    2012-06-26 07:46 . 2003-05-21 16:27139264----a-w-c:\windows\SysWow64\geneicon.dll
    2012-06-26 07:46 . 2003-03-07 18:5236864----a-w-c:\windows\SysWow64\deluidrv.exe
    2012-06-26 07:46 . 2002-03-05 17:1032768----a-w-c:\windows\SysWow64\delentry.exe
    2012-06-26 07:45 . 2003-12-16 17:1524848----a-w-c:\windows\SysWow64\drivers\geneuide.sys
    2012-06-26 06:56 . 2012-06-26 06:56--------d-----w-C:\FRST
    2012-06-26 04:19 . 2012-06-25 20:47--------d-----w-c:\users\mcafee test
    2012-06-26 04:17 . 2012-06-26 04:174285248----a-w-c:\users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts\McAfeeSetup.exe
    2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\program files (x86)\Citrix
    2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\users\Shanahan Family\AppData\Local\Citrix
    2012-06-25 20:21 . 2012-02-09 21:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A24A782-8E6D-4047-8E9E-B2FEC9DB8AC7}\gapaengine.dll
    2012-06-25 20:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files\Microsoft Security Client
    2012-06-25 20:10 . 2012-05-26 00:13162224----a-w-c:\windows\system32\mfevtps.exe
    2012-06-25 19:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D80087E-C3DA-41CD-A4C1-5EEDCC7A1F6D}\mpengine.dll
    2012-06-25 19:11 . 2012-06-25 20:39--------d-----w-c:\program files (x86)\Common Files\McAfee
    2012-06-25 19:11 . 2012-06-25 20:17--------d-----w-c:\program files\Common Files\McAfee
    2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files\McAfee
    2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files (x86)\McAfee
    2012-06-25 18:46 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
    2012-06-25 18:46 . 2012-06-26 04:15--------d-----w-c:\programdata\AVAST Software
    2012-06-25 18:46 . 2012-06-25 18:46--------d-----w-c:\program files\AVAST Software
    2012-06-25 18:37 . 2012-06-25 20:12--------d-----w-c:\programdata\McAfee
    2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Common Files\Java
    2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Oracle
    2012-06-25 18:22 . 2012-06-25 18:22955840----a-w-c:\windows\system32\npDeployJava1.dll
    2012-06-25 18:22 . 2012-06-25 18:22--------d-----w-c:\program files\Java
    2012-06-25 17:55 . 2012-06-29 14:28--------d-----w-c:\windows\system32\wbem\repository
    2012-06-25 17:28 . 2012-06-25 17:28--------d-s---w-c:\windows\SysWow64\Microsoft
    2012-06-25 16:22 . 2012-06-25 16:22--------d-----w-C:\mfe
    2012-06-25 10:01 . 2012-06-25 10:01426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\users\Shanahan Family\AppData\Roaming\Malwarebytes
    2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\programdata\Malwarebytes
    2012-06-25 03:11 . 2012-06-25 19:44--------d-----w-C:\UBCD4Win
    2012-06-25 03:00 . 2012-06-25 03:00--------d-----w-c:\program files (x86)\Windows Resource Kits
    2012-06-23 18:48 . 2012-06-23 18:48--------d-----w-c:\users\Shanahan Family\AppData\Roaming\McAfee
    2012-06-23 17:21 . 2012-06-23 17:37--------d-----w-c:\users\Kids
    2012-06-22 00:12 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-22 00:12 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-22 00:12 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-22 00:12 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-22 00:12 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-22 00:12 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-22 00:12 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-22 00:12 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-22 00:12 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-13 18:36 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 18:36 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 18:36 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-05-31 14:39 . 2012-05-31 14:39--------d-----w-c:\program files (x86)\Hewlett-Packard
    2012-05-31 14:37 . 2012-06-07 14:22--------d-----w-c:\users\Shanahan Family\AppData\Roaming\HpUpdate
    2012-05-31 14:37 . 2012-05-31 14:37--------d-----w-c:\windows\Hewlett-Packard
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-25 18:22 . 2012-02-21 23:51839096----a-w-c:\windows\system32\deployJava1.dll
    2012-06-25 10:01 . 2012-02-21 23:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 02:29 . 2012-03-21 23:59772504----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2012-05-05 02:29 . 2012-02-21 23:51687504----a-w-c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-06-28_15.10.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-06-29 14:0955786 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-06-28 15:0138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-28 21:4138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-22 05:44 . 2012-06-28 21:4110148 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1000_UserData.bin
    - 2012-02-22 00:06 . 2012-06-28 14:531972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-02-22 00:06 . 2012-06-29 14:271972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-29 14:28 . 2012-06-29 14:282048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-29 14:28 . 2012-06-29 14:282048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-06-29 14:12665138 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-28 15:05665138 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-29 14:12122906 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-06-28 15:05122906 c:\windows\system32\perfc009.dat
    + 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system32\MpSigStub.exe
    - 2009-07-14 05:01 . 2012-06-28 14:53428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-29 14:27428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-02-22 00:47 . 2012-06-29 14:271879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-02-22 00:47 . 2012-06-28 14:531879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-03-22 05:56 . 2012-06-28 14:536417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
    + 2012-03-22 05:56 . 2012-06-29 14:276417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\SmileBox_EN\prxtbSmil.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
    R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Atheros Direct Connect\DCDhcpService.exe [2011-03-31 100352]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-16 311400]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-02-16 135168]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-03-31 77984]
    S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-26 162224]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-31 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-31 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-31 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 281248]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 10:01]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
    - c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
    - c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
    .
    2012-06-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-06-29 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "DCHostUI"="c:\program files (x86)\Atheros Direct Connect\P2PUIMain.exe" [2011-03-31 366592]
    "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]
    "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "combofix"="c:\combofix\CF25567.3XE" [2010-11-21 345088]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-29 07:33:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-29 14:33
    ComboFix2.txt 2012-06-28 15:12
    ComboFix3.txt 2012-06-24 21:54
    ComboFix4.txt 2012-06-24 18:03
    ComboFix5.txt 2012-06-29 14:22
    .
    Pre-Run: 888,742,449,152 bytes free
    Post-Run: 888,115,298,304 bytes free
    .
    - - End Of File - - D9260216237E176BDAF081B163B8536D
  17. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    I've been getting fewer errors and windows genuine issues. I appreciate your help very much. Here are the latest logs.

    OTL Extras logfile created on: 6/29/2012 5:11:28 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Shanahan Family\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 71.87% Memory free
    11.81 Gb Paging File | 9.78 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 909.10 Gb Total Space | 827.22 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

    Computer Name: SHANAHANFAMILY | User Name: Shanahan Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{150A96F0-848B-41DC-83A6-A6EF41DE4197}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2476E43D-083A-40E2-A717-CFF0E5F6A0EB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3251EAB1-F1DF-4252-ACD5-B77FF460E3DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{334AA962-337D-447F-857A-C3EB94214A15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3358F6A8-4723-44C4-A916-475E5068D52C}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\atheros direct connect\dcdhcpservice.exe |
    "{407FBD00-18DA-467D-9B71-11C80C543D8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{40D1949D-A1BF-49F3-877B-1F1106806D57}" = rport=138 | protocol=17 | dir=out | app=system |
    "{513EFFAC-CE9D-4C4C-A8C4-82E1DD257C59}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5BC3D478-E3C2-497A-9B4B-CED7E7C18BCF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{610516C9-7276-4F16-94A3-C50B03164057}" = rport=137 | protocol=17 | dir=out | app=system |
    "{633DDC2F-5B94-4F71-B4F3-589115764B1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6DB43DF2-9782-4A81-B700-210C7D4758B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6F2E8790-CC10-4A53-B9D5-31E2D543C9B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{747B48C5-E49F-4B0C-B407-241BBB4F7657}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
    "{77A1EB8B-373D-401D-AB86-87083B71C7C3}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
    "{799DB799-86C3-4FA7-B536-7FAADD39A6DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{8D90E878-6F0D-45CE-B84E-EEF90D97F723}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{98FD79F1-C484-4A8E-BD6F-3D699FF0CD0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9E9DBF4F-4B02-4D56-98A1-10A49E55E5C6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{9EB21919-D68F-425F-BAAB-6BA5CAA51311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ACBEAB57-91F8-4E41-B0B7-B84920AB5EF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BC91DB61-C347-4D7A-9A18-9F405BC15094}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BD81FF62-7071-4243-B355-79AE9A72054E}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
    "{C540F3D1-B6F0-4B80-ABF3-5EF33862EC93}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{C7E4057F-F899-4E01-9AC4-B48BB7433E4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DE3ACD89-AF43-46B7-82FA-AA775B979070}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
    "{E07A1B5D-4EEB-40BD-BB6F-91B0534480BE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EF7F1280-D43D-4306-9DC7-1FCACE486B8E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F1BDBFDF-7810-4669-A87D-987C2D5764D7}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F2502483-790C-4693-8547-B203A258CBBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F4215BE7-5321-4988-A7B4-72B69634C8B8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\atheros direct connect\p2puimain.exe |
    "{F8ABF72C-29B9-4C53-98FF-2E65D129CD33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03CC2E13-305D-4CB0-B7CC-D0C39B8AFBB0}" = protocol=6 | dir=out | app=system |
    "{13198905-B5A2-4282-B860-474BF84BFA1F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{13A768BE-4A9C-459F-92D4-F18735F88F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D35D9C1-782E-4EDA-A131-E622B9965B2A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{26504917-EFB5-4595-A387-64004F8BB473}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{2732215F-7065-4BA1-ACA6-1D90DE10C82A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{34463F48-B181-41F0-ADC7-ACD0ABC7DA45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{3AEFD812-AB03-44DC-995F-76881B1AA36D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{3FBE87FB-BBAD-4514-8916-FCC32DF48083}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{4B6AF952-DBA6-4D96-B2B1-1CE1DB57902E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{4C250883-9FB2-4020-A477-466242E8B412}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
    "{4C54F63D-0595-4BAF-A29C-C96E519ABCD9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{55DE1E8D-42BC-4BC4-9C2C-2A8A00B3640C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5CE1BBB0-3161-4B3E-B390-9242DA951AC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{5EC8346F-9032-4254-BD15-88D58424F14F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{60FD7954-727B-4486-99A2-0F3E7DD7380B}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
    "{66EB612D-AEE4-4B54-9A48-4DC8111AAB3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{69E16514-7382-4D12-AAA6-D529A5859330}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{6B6A2C73-9004-4E21-BC6D-8EE95AF88152}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{6C174992-043E-4C07-9FDA-AD9A4F78BA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{6E8A8F58-FAC1-43E1-AECE-67C5A35CAB9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{71CF650D-C05D-4E8B-9290-34C33096F66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{724B53C5-E190-4F22-88F0-6743414B7B64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{742AC8CE-6CDC-4E0C-B5F4-1B8F04A2C982}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{75634515-C850-4661-A041-6986B9B7D2EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{81F8244B-A17E-4345-A955-5E6693BAFA80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{830C4108-7448-464F-96B7-F8C901D1CD15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E91C81D-B7A0-4CF8-81CC-29639ABCAC29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{9C2467AB-ADE8-4DA0-B118-B986FDF3806B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{9D40CB9B-3F97-4CCF-BD4E-24F1A425E9F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{A26182E5-4D31-4D37-B587-91F8CC8FA193}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
    "{ABFCF521-8C97-4BD0-86EE-75AF7EC5F280}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
    "{AC815D19-638E-4A15-8765-7D1F56C8DCC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{ACD52996-7F7E-4F9B-B189-6FD6A0AD311C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{AE90309A-FCF0-41F5-8602-7B7FE3BBA578}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B11C25CA-06D0-4F74-8E8E-F808293080B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{B646BB79-F0FF-4C46-BCA9-FBCA1460A61A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B7533C09-05CB-4D5F-BB3F-8BF572AAE611}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{BD8EC7B0-C590-40D4-A9A5-A59754D7A996}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C007F636-5113-4DE1-A2C9-FBDDFEE79968}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C04BC3DA-446C-4F92-BE60-C4597FA6B379}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{C21A22DE-3BA1-4C1A-99D8-7030FA3CACE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{C997860E-3DF3-4F39-B802-2A347BEB1BD7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{CB40359B-D547-4283-BB3C-533B314B113C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{DB73A6C8-A513-49DA-B1ED-50D9563CC067}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DE94D6D2-7927-4B0A-B114-1D681464AD5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{E21544C2-07EC-4579-B1FB-EBB2E06B5EFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E42EE399-FEFD-47FC-B27C-A5CB05A012CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{E56BDF8A-6AE3-491A-8E75-CA2262DF293F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{E655DBA5-0DE6-496E-A27C-1C4E2383C483}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E97F8D8E-7F63-411B-972C-9BA30A530370}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{EACDF057-9392-4F13-BE08-F6F0BC591BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EC2E2677-84E9-4153-B786-8A48F8DE9975}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F3F4E0E1-0F31-42DA-86E3-FBC971900DC6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{F5C85B74-4D19-4C81-BBF1-77AA7CDB1BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{F6C7774C-589E-4EE0-8887-3EDE81472203}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{F8E38D01-679D-4ABB-9FC3-3463AC28ED2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FB401562-76DC-4CCC-999E-862DEB6074CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{FBF8D21C-F365-406C-815B-8283ED8BD488}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{FD3B124D-3A92-4288-9120-E1BF5D9C5F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{FE2A986B-B1EC-4390-9B70-7069B6D4308D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Dell Support Center" = Dell Support Center
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Atheros Direct Connect
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell Bluetooth Installation
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{55586382-6704-4237-AAA7-85FF9C055022}" = Dell KM632 Wireless Keyboard Caps Lock Indicator
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{6FB3428E-23AA-4CA1-BA9D-E6D5F3F692E4}" = Dell Touch Software Suite Games
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFA1FCA1-626E-403C-9BCA-968FECB62C4D}" = CIR Registry
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0789AE7-70D4-454A-90D1-5BA5728E254A}" = StickyNotes
    "{B0F29C6D-C7A9-40AC-9658-921961818E2B}" = DELLOSD
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Dell Webcam Central" = Dell Webcam Central
    "First Thousand Words" = First Thousand Words
    "GENEUIDE" = USB Storage Driver
    "Google Calendar Sync" = Google Calendar Sync
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Kidzui" = Kidzui
    "McAfee Virtual Technician" = McAfee Virtual Technician
    "MSMONEYV80" = Microsoft Money 2000 Standard Edition
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PremElem90" = Adobe Premiere Elements 9
    "SmileBox_EN Toolbar" = SmileBox EN Toolbar
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Google Chrome" = Google Chrome
    "Smilebox" = Smilebox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/23/2012 2:53:51 PM | Computer Name = ShanahanFamily | Source = Application Error | ID = 1000
    Description = Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385,
    time stamp: 0x4a5bd026 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e21213c Exception code: 0xc06d007f Fault offset: 0x000000000000cacd
    Faulting
    process id: 0x534 Faulting application start time: 0x01cd517186a53ec3 Faulting application
    path: C:\Program Files\Windows Media Player\wmpnscfg.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: c5553fa1-bd64-11e1-85ab-7ce9d37ca4a2

    Error - 6/23/2012 2:58:51 PM | Computer Name = ShanahanFamily | Source = WinMgmt | ID = 10
    Description =

    Error - 6/23/2012 8:59:24 PM | Computer Name = ShanahanFamily | Source = WinMgmt | ID = 10
    Description =

    Error - 6/23/2012 9:25:49 PM | Computer Name = ShanahanFamily | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 6/23/2012 9:29:48 PM | Computer Name = ShanahanFamily | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 6/23/2012 9:30:36 PM | Computer Name = ShanahanFamily | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 6/23/2012 9:31:31 PM | Computer Name = ShanahanFamily | Source = Software Protection Platform Service | ID = 1001
    Description = The Software Protection service failed to start. 0xD0000022 6.1.7601.17514

    Error - 6/23/2012 9:31:41 PM | Computer Name = ShanahanFamily | Source = Windows Activation Technologies | ID = 3
    Description = Health check failure: hr = 0x8004FE21, HealthStatus: 0x0000000000030000

    Error - 6/23/2012 9:31:45 PM | Computer Name = ShanahanFamily | Source = Software Protection Platform Service | ID = 1001
    Description = The Software Protection service failed to start. 0xD0000022 6.1.7601.17514

    Error - 6/23/2012 9:35:47 PM | Computer Name = ShanahanFamily | Source = VSS | ID = 12289
    Description =

    [ System Events ]
    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.


    < End of report >
  19. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    OTL logfile created on: 6/29/2012 5:11:28 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Shanahan Family\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 71.87% Memory free
    11.81 Gb Paging File | 9.78 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 909.10 Gb Total Space | 827.22 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

    Computer Name: SHANAHANFAMILY | User Name: Shanahan Family | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/29 17:09:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Shanahan Family\Downloads\OTL.exe
    PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/31 16:06:32 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2011/09/22 09:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/09/22 09:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/09/22 09:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/09/21 09:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/06/02 13:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    PRC - [2011/06/02 11:11:20 | 000,725,504 | ---- | M] (DELL COMPUTER INC.) -- C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
    PRC - [2011/05/27 16:33:46 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    PRC - [2011/04/13 09:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    PRC - [2011/04/01 16:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
    PRC - [2011/03/31 08:59:16 | 000,100,352 | ---- | M] (Atheros Communication Inc.) -- C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe
    PRC - [2011/03/31 08:56:48 | 000,583,168 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe
    PRC - [2011/02/16 04:22:42 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
    PRC - [2011/01/12 18:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
    PRC - [2010/12/20 13:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 13:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/06 14:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
    PRC - [2010/12/01 14:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
    PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 12:36:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
    MOD - [2012/06/14 06:54:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/14 06:54:25 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 06:54:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 06:54:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 06:54:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/16 09:31:05 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
    MOD - [2012/05/16 09:31:01 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
    MOD - [2012/05/14 07:30:03 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
    MOD - [2012/05/14 07:30:02 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/14 07:30:00 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
    MOD - [2012/05/14 07:30:00 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
    MOD - [2012/05/13 15:27:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/13 12:11:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/13 12:10:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/13 12:10:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/13 12:10:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 12:10:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/13 12:10:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
    MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
    MOD - [2011/12/31 16:06:32 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    MOD - [2011/09/22 09:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/02 13:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/01/12 18:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
    MOD - [2010/12/06 14:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
    MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/25 03:01:42 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2011/09/22 09:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/05/27 16:33:46 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe -- (Dell WMI Service)
    SRV - [2011/03/31 13:08:18 | 000,077,984 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/31 08:59:16 | 000,100,352 | ---- | M] (Atheros Communication Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe -- (DCDhcpService)
    SRV - [2011/02/16 04:22:42 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2010/12/20 13:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 13:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/12/01 14:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc)
    SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/10 12:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012/02/21 18:23:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/02/21 18:23:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/05/21 14:21:58 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/31 15:08:30 | 000,281,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/03/31 13:08:30 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/03/15 19:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/02/24 06:56:44 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/01/20 10:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/12/28 22:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/07/13 18:57:06 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.smilebox.com?a=6PQwIFBVex
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{20B3B36E-C552-4615-A6E1-E35C1488E501}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6PQwIFBVex
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/03/22 09:14:07 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/03/22 09:14:07 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shanahan Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shanahan Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/21 16:23:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/21 16:23:11 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - Extension: Angry Birds = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: YouTube = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Calendar = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
    CHR - Extension: Angry Birds Seasons = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfgpgljcapdjhcnmecmgihadngabijc\1.1_0\
    CHR - Extension: Modern Black = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcjolgglolbcnhaleejjlhjgeokalilc\1.5_0\
    CHR - Extension: Gmail = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/29 07:30:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [DCHostUI] C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe (Atheros Communication)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe ()
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [StickyNotesWidget] c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9617A1D-E405-4F40-AE53-680196DD5D5C}: DhcpNameServer = 192.168.0.1 205.171.3.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA0F4E18-98EA-46C9-A4C3-E8D426408D8A}:
  20. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk /k:C *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/29 17:07:00 | 000,000,000 | R--D | C] -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    [2012/06/29 07:33:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/29 07:30:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/26 00:46:00 | 000,139,264 | ---- | C] (Genesys) -- C:\Windows\SysWow64\geneicon.dll
    [2012/06/26 00:46:00 | 000,049,152 | ---- | C] (General) -- C:\Windows\SysWow64\usbmonit.exe
    [2012/06/26 00:45:58 | 000,024,848 | ---- | C] (General) -- C:\Windows\SysWow64\drivers\geneuide.sys
    [2012/06/25 23:56:12 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/25 21:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2012/06/25 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Local\Citrix
    [2012/06/25 13:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/25 13:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/25 13:10:41 | 000,162,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2012/06/25 12:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2012/06/25 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2012/06/25 11:46:41 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/06/25 11:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/06/25 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/06/25 11:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/06/25 11:30:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/06/25 11:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/25 11:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/06/25 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/06/25 10:28:19 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2012/06/25 09:22:10 | 000,000,000 | ---D | C] -- C:\mfe
    [2012/06/25 01:38:24 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
    [2012/06/25 01:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/24 20:11:05 | 000,000,000 | ---D | C] -- C:\UBCD4Win
    [2012/06/24 20:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
    [2012/06/24 10:40:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/24 10:40:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/24 10:40:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/24 10:40:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/24 10:40:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/23 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\McAfee
    [2012/05/31 07:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2012/05/31 07:37:12 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
    [2012/05/31 07:37:10 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2008/08/12 14:41:49 | 007,670,000 | ---- | C] (Qwest ) -- C:\Users\Shanahan Family\QuickCareSetup2.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/06/29 17:13:53 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 17:13:53 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 17:10:55 | 000,786,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/29 17:10:55 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/29 17:10:55 | 000,122,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/06/29 17:06:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/29 17:06:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/29 17:06:30 | 462,229,503 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/29 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/29 07:30:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/29 07:20:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
    [2012/06/29 07:17:14 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 07:53:32 | 008,126,464 | ---- | M] () -- C:\Users\Shanahan Family\Documents\My Money.mny
    [2012/06/25 21:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
    [2012/06/25 13:20:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/25 13:20:45 | 000,800,080 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/25 11:59:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/06/23 11:40:23 | 000,000,632 | RHS- | M] () -- C:\Users\Shanahan Family\ntuser.pol
    [2012/06/14 06:52:30 | 000,468,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

    ========== Files Created - No Company Name ==========

    [2012/06/26 00:46:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\deluidrv.exe
    [2012/06/26 00:46:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\delentry.exe
    [2012/06/26 00:46:00 | 000,000,956 | ---- | C] () -- C:\Windows\SysWow64\iconcfg.ini
    [2012/06/25 13:20:47 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/25 12:15:37 | 000,002,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    [2012/06/25 12:15:37 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/06/25 12:00:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/06/25 11:46:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/06/25 03:01:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/24 10:40:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/24 10:40:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/24 10:40:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/24 10:40:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/24 10:40:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/23 11:47:50 | 000,002,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
    [2012/06/23 10:14:07 | 000,000,632 | RHS- | C] () -- C:\Users\Shanahan Family\ntuser.pol
    [2012/05/03 11:38:27 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/04/11 20:34:34 | 000,037,861 | ---- | C] () -- C:\Users\Shanahan Family\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2012/03/21 16:20:29 | 000,165,053 | ---- | C] () -- C:\Windows\hpoins13.dat
    [2012/03/21 16:20:29 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
    [2012/02/21 18:09:45 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/02/21 18:09:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/02/21 18:09:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/02/21 18:09:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/02/21 18:09:42 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/02/10 09:10:51 | 000,800,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2006/08/24 14:30:10 | 000,000,010 | ---- | C] () -- C:\Users\Shanahan Family\usb

    ========== LOP Check ==========

    [2012/06/23 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Fingertapps
    [2012/06/23 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\KidZui
    [2012/03/21 22:45:55 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Fingertapps
    [2012/05/22 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\KidZui
    [2012/03/22 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\PCDr
    [2012/05/21 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Smilebox
    [2012/04/11 18:42:33 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\SoftGrid Client
    [2012/05/03 11:40:13 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Stamps.com Internet Postage
    [2012/03/24 07:47:53 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\TP
    [2012/03/26 09:50:46 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\webex
    [2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/06/28 08:26:30 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/03/21 10:37:43 | 000,042,279 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/25 11:01:51 | 000,001,502 | ---- | M] () -- C:\ASLog.txt
    [2011/03/27 00:08:41 | 000,003,238 | ---- | M] () -- C:\CD3rdPartyWrapper.log
    [2012/06/29 07:33:29 | 000,027,314 | ---- | M] () -- C:\ComboFix.txt
    [2006/08/16 22:36:28 | 000,006,442 | RH-- | M] () -- C:\dell (1).sdr
    [2012/02/21 18:25:59 | 000,034,402 | RH-- | M] () -- C:\dell.sdr
    [2007/10/27 16:18:32 | 000,061,713 | ---- | M] () -- C:\dlcf.log
    [2008/02/20 18:35:49 | 000,000,042 | ---- | M] () -- C:\END
    [2012/06/29 17:06:30 | 462,229,503 | -HS- | M] () -- C:\hiberfil.sys
    [2006/08/25 09:42:12 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2011/12/15 09:53:55 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2006/08/16 22:56:48 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
    [2012/06/16 21:10:06 | 000,000,400 | ---- | M] () -- C:\log.txt
    [2012/06/29 17:06:31 | 2047,963,135 | -HS- | M] () -- C:\pagefile.sys
    [2007/09/05 20:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2007/09/29 23:11:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2007/09/29 23:13:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2007/10/07 23:23:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2007/10/07 23:36:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2007/11/13 12:28:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/02/09 21:34:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/05/03 21:38:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/02/15 11:14:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2007/09/05 20:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2007/09/29 23:11:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2007/09/29 23:13:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2007/10/07 23:23:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2007/10/07 23:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2007/11/13 12:28:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/02/09 21:34:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/05/03 21:38:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/02/15 11:14:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2006/08/16 22:56:54 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2007/11/01 13:09:01 | 000,024,576 | ---- | M] () -- C:\t3sg.e
    [2011/03/16 22:03:37 | 000,000,747 | ---- | M] () -- C:\updatedatfix.log
    [2009/01/09 00:48:34 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
    [2010/07/05 12:16:41 | 000,497,356 | ---- | M] () -- C:\vcredist_x86 (1).log
    [2012/02/21 17:03:23 | 001,376,146 | ---- | M] () -- C:\vcredist_x86.log
    [2008/10/15 19:52:13 | 000,102,874 | ---- | M] () -- C:\VETlog.dmp
    [2008/10/15 19:52:13 | 000,002,171 | ---- | M] () -- C:\VETlog.txt
    [2006/08/25 09:40:42 | 000,230,724 | ---- | M] () -- C:\VolEdit.ini.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2012/06/25 11:17:21 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/08/24 13:51:38 | 000,000,119 | -HS- | M] () -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2012/03/21 15:55:38 | 000,000,221 | -HS- | M] () -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/29 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/29 17:06:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/29 17:17:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/25 21:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
    [2012/06/29 07:20:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
    [2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/06/29 17:06:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/28 08:26:30 | 000,032,656 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2008/08/12 14:49:24 | 007,670,000 | ---- | M] (Qwest ) -- C:\Users\Shanahan Family\QuickCareSetup2.exe

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/08/24 13:51:37 | 000,000,122 | -HS- | M] () -- C:\Users\Shanahan Family\Favorites\Desktop (1).ini
    [2012/03/21 16:54:45 | 000,000,402 | -HS- | M] () -- C:\Users\Shanahan Family\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/21 16:24:57 | 000,001,135 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    If you're still having some issues I need more details.

    ===============================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
      O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
      O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
      O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    The last errors I saw was a corrupt file warning of OTL while it was running the 1st time but not this second time with the fix. I was also having to reset the clock every other day but that has seemed to stop as of today/yesterday. I also have a label at the lower right corner of my screen in the background that says "Test Mode Windows 7 Build 7601. Everything is running smoothly this morning!

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kids
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1628833 bytes
    ->Flash cache emptied: 57216 bytes

    User: mcafee test

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Shanahan Family
    ->Temp folder emptied: 309583 bytes
    ->Temporary Internet Files folder emptied: 71171635 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 509555444 bytes
    ->Flash cache emptied: 199271 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34536 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 556.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kids

    User: mcafee test

    User: Public

    User: Shanahan Family
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kids
    ->Flash cache emptied: 0 bytes

    User: mcafee test

    User: Public

    User: Shanahan Family
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06302012_070700

    Files\Folders moved on Reboot...
    C:\Users\Shanahan Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Shanahan Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  23. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Virtual Technician
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
  24. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by Shanahan Family (administrator) on 30-06-2012 at 07:15:36
    Running from "C:\Users\Shanahan Family\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
  25. multcomedic

    multcomedic TS Rookie Topic Starter Posts: 20

    No found threats with eset. I'm pretty sure that's a good thing. :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.