Inactive McAfee firewall turned off and won't turn back on

T

Tyrone Branch

Posts: 12   +0
Please see attached log from malware removal

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tyrone.Branch :: TYRONEBRANCH-PC [administrator]

Protection: Enabled

05/06/2012 9:57:20 PM
mbam-log-2012-05-06 (21-57-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339763
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Users\Tyrone.Branch\tuaavix.exe (Trojan.FakeFolder) -> 5256 -> Delete on reboot.

Memory Modules Detected: 1
C:\Windows\SysWOW64\slrwvgnz.dll (Trojan.Zbot.Gen) -> Delete on reboot.

Registry Keys Detected: 4
HKCR\CLSID\{00000000-0000-0000-0000-000000000000} (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
HKCR\Uoruvess (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000} (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ANTIVIRUS32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tuaavix (Trojan.FakeFolder) -> Data: C:\Users\Tyrone.Branch\tuaavix.exe /l -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Antivirus32|ImagePath (Trojan.Agent) -> Data: C:\Windows\system32\monilor.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent.FRCGen) -> Bad: (C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com) Good: () -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 40
C:\Windows\SysWOW64\slrwvgnz.dll (Trojan.Zbot.Gen) -> Delete on reboot.
C:\Users\Tyrone.Branch\tuaavix.exe (Trojan.FakeFolder) -> Delete on reboot.
C:\Users\Tyrone.Branch\Local Settings\Temp\msiziara.com (Trojan.Agent.FRCGen) -> Delete on reboot.
C:\Windows\System32\slrwvgnz.dll (Trojan.Zbot.Gen) -> Delete on reboot.
C:\Users\Tyrone.Branch\AppData\Local\Temp\msiziara.com (Trojan.Agent.FRCGen) -> Delete on reboot.
C:\Windows\Temp\temp11.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp42.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp50.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp62.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp86.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Windows\Temp\bahvuu\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\2sor.exe (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\3orx.exe (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\zorx.exe (Trojan.ZADrop.Gen1) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\zsor.exe (Trojan.ZADrop.Gen1) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\833RX4YB\aa2[1] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\833RX4YB\aa2[2] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\833RX4YB\aa3[2] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\833RX4YB\calc[2].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\AC3VI92Z\aa2[2] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\AC3VI92Z\aa3[1] (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\AC3VI92Z\aa3[2] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\AC3VI92Z\aa3[3] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\AC3VI92Z\aa3[4] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\1[1] (Trojan.Downloader.ic) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\1[2] (Trojan.FakeFolder) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\aa1[1] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\calc[1].exe (Trojan.FakeAlert.RO) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\z[1] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\QXWIYMO9\z[2] (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\1[1] (Trojan.Downloader.ic) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\1[2] (Worm.SFDC) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\1[3] (Trojan.FakeFolder) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa1[1] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa1[2] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa1[3] (RootKit.0Access.NFGen) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa1[4] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa1[5] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tyrone.Branch\Local Settings\Temporary Internet Files\Content.IE5\TMSLS17Q\aa2[2] (Trojan.Agent.FRCGen) -> Quarantined and deleted successfully.
C:\Windows\System32\monilor.exe (Trojan.Agent) -> Delete on reboot.

(end)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrone.Branch at 22:42:42 on 2012-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2099 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mWinlogon: Userinit=userinit.exe,
uWindows: Load=C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [cdloader] "C:\Users\Tyrone.Branch\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Facebook Update] "C:\Users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [AdobeBridge]
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\TYRONE~1.BRA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HUEYPR~1.LNK - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7607D85A-5AAB-46B3-9A46-0DA5B72ED4B4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}\25567696E616 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}\35075656463547275616D602D435 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}\35A4050575942554C4543535 : DhcpNameServer = 205.214.222.201 205.214.219.202
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}\B45656D69724 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}\C494D45463832383 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO-X64: NCH EN - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-29 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-6-17 60928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-6 654408]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-22 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-22 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-22 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-22 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-17 1692480]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-11 2358656]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 brnicruz;Realtek 8167 NT Helper;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-22 355440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 257696]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-7 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-07 01:56:1145056----a-w-C:\Users\Tyrone.Branch\xuods.com
2012-05-07 01:51:10--------d-----w-C:\Users\Tyrone.Branch\AppData\Roaming\Malwarebytes
2012-05-07 01:50:59--------d-----w-C:\ProgramData\Malwarebytes
2012-05-07 01:50:5824904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-05-07 01:50:58--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-07 01:46:2124416----a-r-C:\Windows\System32\AdobePDFUI.dll
2012-05-07 01:38:0445056----a-w-C:\Users\Tyrone.Branch\ptov.com
2012-05-06 15:17:5245056----a-w-C:\Users\Tyrone.Branch\xhc.com
2012-05-05 14:01:4070304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:01:40419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:17:26--------d-----w-C:\Program Files\iPod
2012-05-04 21:17:25--------d-----w-C:\Program Files\iTunes
2012-04-26 18:04:410--sha-w-C:\Windows\System32\dds_trash_log.cmd
2012-04-26 18:03:30--------d-----weC:\Windows\system64
2012-04-26 16:40:51--------d-----w-C:\Clickfree restored files
2012-04-14 16:15:29--------d-----w-C:\ProgramData\Digicel Wireless Modem
2012-04-14 16:15:141490656----a-w-C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2012-04-14 16:09:54--------d-----w-C:\ProgramData\DatacardService
2012-04-14 15:37:325559152----a-w-C:\Windows\System32\ntoskrnl.exe
2012-04-14 15:37:313968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 15:37:313913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-04-14 15:31:3581408----a-w-C:\Windows\System32\imagehlp.dll
2012-04-14 15:31:355120----a-w-C:\Windows\SysWow64\wmi.dll
2012-04-14 15:31:355120----a-w-C:\Windows\System32\wmi.dll
2012-04-14 15:31:3523408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 15:31:35220672----a-w-C:\Windows\System32\wintrust.dll
2012-04-14 15:31:35172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-04-14 15:31:35159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-04-13 20:43:388769696----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-04-14 16:14:291490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2012-03-14 16:03:40472808----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-03-05 23:37:22129784------w-C:\Windows\SysWow64\pxafs.dll
2012-03-05 23:37:22118520------w-C:\Windows\SysWow64\pxinsi64.exe
2012-03-05 23:37:22116472------w-C:\Windows\SysWow64\pxcpyi64.exe
2012-02-28 06:56:482311168----a-w-C:\Windows\System32\jscript9.dll
2012-02-28 06:49:561390080----a-w-C:\Windows\System32\wininet.dll
2012-02-28 06:48:571493504----a-w-C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:552382848----a-w-C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:551799168----a-w-C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:211427456----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:071127424----a-w-C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:162382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:261031680----a-w-C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22826880----a-w-C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:3223552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 16:09:441070352----a-w-C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:071544192----a-w-C:\Windows\System32\DWrite.dll
2012-02-10 05:38:431077248----a-w-C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 22:43:34.70 ===============
 
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/02/2010 2:14:19 AM
System Uptime: 05/06/2012 10:11:52 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G939P
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 103.684 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 05/03/2012 9:48:51 AM - Scheduled Checkpoint
RP185: 05/05/2012 8:14:55 AM - Removed Skype™ 5.8
.
==== Hosts File Hijack ======================
.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
.
5700_Help
Accelerometer
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ares 3.1.7.3042
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
bpd_scan
BPDSoftware
BPDSoftware_Ini
calibre
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Conduit Engine
Connect
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
DivX Setup
Facebook Messenger 2.0.4478.0
Facebook Video Calling 1.2.0.159
File Uploader
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
hueyPRO 1.5.1
Intel(R) Graphics Media Accelerator Driver
J5700_Basic
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
kuler
Live! Cam Avatar Creator
LoJack Factory Installer
magicJack
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee AntiVirus Plus
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH EN Toolbar
NEF Codec
Nikon Message Center
Nikon Transfer
ooVoo
PDF Settings CS4
Photoshop Camera Raw
Picture Control Utility
PowerDVD DX
Prism Video File Converter
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Burn
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Toolbars
SmartSound Quicktracks for Premiere Elements
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
TeamViewer 6
Toolbox
TuneUp Companion 2.4.2.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
ViewNX
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
05/06/2012 2:11:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
05/06/2012 2:10:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.
05/06/2012 2:10:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.
05/06/2012 2:09:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
05/06/2012 2:06:17 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
05/06/2012 11:16:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.
05/06/2012 10:41:50 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
05/06/2012 10:13:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
05/06/2012 10:13:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
05/06/2012 10:12:17 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
05/06/2012 10:12:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
05/06/2012 10:12:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
05/06/2012 10:12:15 PM, Error: Service Control Manager [7000] - The Realtek 8167 NT Helper service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
05/04/2012 5:14:18 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/29/2012 9:39:04 AM, Error: Service Control Manager [7030] - The Antivirus32 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/29/2012 11:00:59 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-06 22:41:35
Windows 6.1.7601 Service Pack 1
Running: cl1obugq.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619ed6fd7
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619ed6fd7 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
 
Good Morning and Welcome to TechSpot! I'll be glad to help with the malware. Since you have several different malwares, let's let the following scans help us find and remove some of it.

Note I notice at least one file sharing program Ares. I would encourage you to remove it and any other P2P programs[/b] Why? Read on>>
P2P or 'file sharing' Warning:
  • Even if you are using a "safe" P2P program, it is only the program that is safe.
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning to help you better understand these dangers.
If you decide not to uninstall, then please disable and do not use while I am helping you.
=====================================================
The malware has most likely disable the service that runs the firewall. We will handle that as we go. I notice quite a lot of the malware is in the temporary internet file and there re many of them, so you may not be doing any maintenance on the system.
====================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.



Please download Farbar Service Scanner
  • Check ALL boxes to include all files.
  • Press the Scan button
  • Log named FSS.txt will be created in the same directory as the tool
  • Please paste the log into your next reply.
Please leave these 3 logs in your next reply. Read the following carefully and abide by them>>

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
ComboFix 12-05-07.02 - Tyrone.Branch 05/07/2012 10:20:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1939 [GMT -4:00]
Running from: c:\users\TYRONE~1.BRA\AppData\Local\Temp\6df6vtd2.tmp\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Tyrone.Branch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79D992E1-A4E4-4032-8384-0FD68D7D8232}.xps
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP.TyroneBranch-PC\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP.TyroneBranch-PC.004\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP.TyroneBranch-PC.003\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP.TyroneBranch-PC.002\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\TEMP.TyroneBranch-PC.000\AppData\Local\temp
2012-05-07 14:32 . 2012-05-07 14:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-05-07 14:05 . 2010-04-24 09:00336896----a-w-c:\windows\system32\CNMLMA0.DLL
2012-05-07 05:44 . 2012-05-07 06:02--------d-----w-c:\program files (x86)\Stellar Phoenix Photo Recovery
2012-05-07 03:23 . 2012-05-07 03:23--------d-----w-c:\users\Tyrone.Branch\AppData\Roaming\SUPERAntiSpyware.com
2012-05-07 03:23 . 2012-05-07 03:23--------d-----w-c:\program files\SUPERAntiSpyware
2012-05-07 03:23 . 2012-05-07 03:23--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-05-07 03:09 . 2012-05-07 03:0916200----a-w-c:\windows\stinger.sys
2012-05-07 03:09 . 2012-05-07 03:19--------d-----w-c:\program files (x86)\stinger
2012-05-07 01:51 . 2012-05-07 01:51--------d-----w-c:\users\Tyrone.Branch\AppData\Roaming\Malwarebytes
2012-05-07 01:50 . 2012-05-07 01:50--------d-----w-c:\programdata\Malwarebytes
2012-05-07 01:50 . 2012-05-07 01:51--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-07 01:50 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-07 01:46 . 2009-08-20 03:5024416----a-r-c:\windows\system32\AdobePDFUI.dll
2012-05-05 14:01 . 2012-05-05 14:0170304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:01 . 2012-05-05 14:01419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:17 . 2012-05-04 21:17--------d-----w-c:\program files\iPod
2012-05-04 21:17 . 2012-05-04 21:17--------d-----w-c:\program files\iTunes
2012-04-26 16:40 . 2012-04-26 16:40--------d-----w-C:\Clickfree restored files
2012-04-14 16:15 . 2012-04-14 16:15--------d-----w-c:\programdata\Digicel Wireless Modem
2012-04-14 16:15 . 2012-04-14 16:141490656----a-w-c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-04-14 16:09 . 2012-04-24 17:36--------d-----w-c:\programdata\DatacardService
2012-04-14 15:37 . 2012-03-06 06:535559152----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-14 15:37 . 2012-03-06 05:593968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-04-14 15:37 . 2012-03-06 05:593913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-04-14 15:31 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-14 15:31 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll
2012-04-14 15:31 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2012-04-14 15:31 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2012-04-14 15:31 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-04-14 15:31 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-04-14 15:31 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2012-04-13 20:43 . 2012-05-05 12:548769696----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 16:14 . 2011-07-20 20:281490656----a-w-c:\windows\system32\WdfCoInstaller01007.dll
2012-03-21 16:40 . 2012-03-21 16:4053248----a-r-c:\users\Tyrone.Branch\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-14 16:03 . 2010-07-27 14:21472808----a-w-c:\windows\SysWow64\deployJava1.dll
2012-03-05 23:37 . 2012-03-05 23:39129784------w-c:\windows\SysWow64\pxafs.dll
2012-03-05 23:37 . 2012-03-05 23:39118520------w-c:\windows\SysWow64\pxinsi64.exe
2012-03-05 23:37 . 2012-03-05 23:39116472------w-c:\windows\SysWow64\pxcpyi64.exe
2012-02-17 06:38 . 2012-03-14 02:431031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 02:43826880----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 02:43210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 02:4323552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:091070352----a-w-c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 02:451544192----a-w-c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 02:451077248----a-w-c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54175912----a-w-c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 20:54175912----a-w-c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-12-12 22459984]
"cdloader"="c:\users\Tyrone.Branch\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Facebook Update"="c:\users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-30 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-09-01 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-11 1484856]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-24 98488]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-23 296056]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
hueyPROTray.lnk - c:\program files (x86)\Pantone\hueyPRO\hueyPROTray.exe [2012-3-2 1081344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-24 02:17147640----a-w-c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli FAPassSync
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 brnicruz;Realtek 8167 NT Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-07 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-24 2412728]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
brnicruz
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 14:01]
.
2012-05-07 c:\windows\Tasks\At1.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000Core.job
- c:\users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-13 12:11]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000UA.job
- c:\users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-13 12:11]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 23:34]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 23:34]
.
2012-04-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-12-03 16:40]
.
2012-05-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-12-03 16:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"combofix"="c:\combofix\CF12568.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
VHidMinidrv
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\windows\SysWOW64\ping.exe
c:\windows\TEMP\Startup\svchost.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-05-07 10:48:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 14:48
.
Pre-Run: 140,500,856,832 bytes free
Post-Run: 185,575,043,072 bytes free
.
- - End Of File - - FEA7CEEEB7021D1E8C10F8E0EA006DD2
--------------------------------------------
Eset scan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.virWin32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.virWin64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.virWin64/Sirefef.G trojan
C:\Users\Tyrone.Branch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Tyrone.Branch\Desktop\unknownWin32/Boaxxe.A trojan
C:\Windows\assembly\temp\U\80000000.@Win64/Sirefef.W trojan
C:\Windows\assembly\temp\U\80000032.@a variant of Win32/Sirefef.EU trojan
C:\Windows\assembly\temp\U\80000064.@Win64/Sirefef.AC trojan
C:\Windows\system64\consrv.dllWin64/Sirefef.G trojan
C:\Windows\system64\nvidesm.dllWin64/Sirefef.W trojan
Operating memorya variant of Win32/Sirefef.DN trojan
----------------------------------------------------

Farbar Service Scanner Version: 30-04-2012 01
Ran by Tyrone.Branch (administrator) on 07-05-2012 at 16:28:23
Running from "C:\Users\Tyrone.Branch\AppData\Local\Temp\yynlp1yu.tmp"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
There are 2 lines in the Combofix directions that instruct you to disable the security programs before you run the scan. You did not do that:
AV: McAfee Anti-Virus and Anti-Spyware *Enabled
FW: McAfee Firewall *Enabled*
SP: McAfee Anti-Virus and Anti-Spyware *Enable
So it is possible this scan isn't accurate.
---------------------------------------------
The system is badly infected. I need to be able to work from the logs I see to help you. There are multiple entries for 5/7 which is after you posted the first log. One of the entries on that date is 2012-05-07 03:19--------d-----w-c:\program files (x86)\stinger
McAfee Stinger detects and removes prevalent Fake Alert malware and threats identified in the "List Viruses" section.

MY directions cover the above- but it appears that you didn't read them:
Observe these:
Click to expand...
[o] Don't follow directions given to someone else
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Click to expand...
---------------------------------------------
If you want me to help you, you must run only what I direct you to and you must carefully follow the directions given with each program

The malware programs on your system can cause specific problem. Does it seem that program, icons, desktop are 'missing'? Are you getting messages of 'critical system problems'? Your Host Files have been hijacked- are you being redirected to sites other than what you choose? I can help with the problems if I know what they are. You have given me no information except that the McAfee Firewall us off and won't turn back on
-------------------------------------------------
It appears that you have edited some of the spaces out of the Eset log. Please don't edit anything in any log. I would also appreciate it if you left a couple of spaces between logs and make sure each log has a header.

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files
C:\Users\Tyrone.Branch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Tyrone.Branch\Desktop\unknown
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000032.@
C:\Windows\assembly\temp\U\80000064.@
C:\Windows\system64\consrv.dll
C:\Windows\system64\nvidesm.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL created 2 logs. Please leve them in your next reply.
 
Thanks so much for helping me.

I want to explain that I did turn off McAfee and somewhere in the middle of the scan it came back on automatically.

Also, the reason I noticed there was a problem was when the firewall notification came up.

Also, I did not edit the ESET file, I selected all (CTRL + A) and copied and pasted

I am assuming I got these issues right after I clicked on a linked that was being passed via facebook and the link directed me to a blank page.

Since then, once I was using Facebook Messenger or Skype, it was just sending persons the link that I chat to.

The logs are as follows:

All processes killed
========== FILES ==========
C:\Users\Tyrone.Branch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Tyrone.Branch\Desktop\unknown moved successfully.
C:\Windows\assembly\temp\U\80000000.@ moved successfully.
C:\Windows\assembly\temp\U\80000032.@ moved successfully.
C:\Windows\assembly\temp\U\80000064.@ moved successfully.
LoadLibrary failed for C:\Windows\system64\consrv.dll
C:\Windows\system64\consrv.dll moved successfully.
LoadLibrary failed for C:\Windows\system64\nvidesm.dll
C:\Windows\system64\nvidesm.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC.001
->Temp folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.TyroneBranch-PC.004
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Tyrone.Branch
->Temp folder emptied: 211975292 bytes
->Temporary Internet Files folder emptied: 372796023 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 129921024 bytes
->Flash cache emptied: 64831 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56916793 bytes
RecycleBin emptied: 16689343 bytes

Total Files Cleaned = 752.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05082012_145227




________
 
OTL Extras logfile created on: 5/8/2012 3:18:06 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tyrone.Branch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Caribbean | Language: ENB | Date Format: MM/dd/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.05% Memory free
7.60 Gb Paging File | 4.86 Gb Available in Paging File | 63.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 169.04 Gb Free Space | 59.65% Space Free | Partition Type: NTFS

Computer Name: TYRONEBRANCH-PC | User Name: Tyrone.Branch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D9DA06-FB63-434B-81A8-72FFF58E44F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{0BEB3D1D-C405-43C5-835F-C8D6A735ECFA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{18F0343D-6832-43BC-994F-854C51AC348C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1C7C9D73-EF22-4448-B20A-2D80B3E78200}" = lport=138 | protocol=17 | dir=in | app=system |
"{2421ED57-59E7-4C5B-8034-E2B0AB3C4A5F}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C3698EB-5038-4851-B13C-5C0B3185675D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4835681D-6A06-4CD4-95E1-F86F68AE3F76}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E32B0AB-5780-4978-B8DF-FA9621525046}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{5B3A33F4-4EEC-4986-BBF5-0BBA94F24A6B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{6DAD316C-83D9-47A6-B43A-FE438FAC259D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E4FAC50-3E41-4664-838C-094DF583AE19}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{82003B64-AD76-471D-948C-26BB988BEECC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{83290EE3-8C9D-471F-8DB0-E300E4BC9658}" = lport=139 | protocol=6 | dir=in | app=system |
"{8A88333C-C6EE-4CF7-91B5-11FDB35D5888}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DE43B5A-9963-4470-8AFB-DB09C66E3FB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93FC6C30-EA6E-461F-BB49-F16C4AE5F746}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95BF66DB-304E-4BEF-BF7E-5F4135A1AFBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96E3309F-CA02-447D-A08E-84037EC2FDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99DBDF0A-9601-4268-98A4-1C405E3F53F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A12E71E4-4FF2-43DA-B225-7B5FABB36A24}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7371BE5-B074-44DD-B8BC-575947ABD872}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AA793C31-BD7B-48DF-B1E6-F6B905DDBACA}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAF4B1ED-D6BD-4F47-97D5-E00F923A984B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B52BD95A-9DB5-4699-8200-F33990A85448}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{BDA55CA0-C1D8-4CA6-B973-00959282339F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C5717493-9B43-44DB-BC10-EABC37709D68}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7D10338-BAF3-42C7-A80C-FA9B0B714277}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C860FA8A-7D1E-48BE-BE36-DF3CFF92F19F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9713B52-DD48-4960-9F20-5B4E12B904EE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E0A0D879-E9E3-4228-BAF9-2A78DD194BCD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EC673324-0BFB-4EAA-AB13-670E0D90BB72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F663F078-B135-4C22-A9E9-681F65F2BD25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F76AEE7D-52C4-4779-A3BD-1258BF3C4CFA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{F8AD2F2C-B2A1-4375-A0CF-14E2DA3AB509}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA99B227-4795-436A-BCC2-4B0726485BEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEF6EFB9-3CB8-4B43-9FD8-B9C1C6C9F34A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF62EF5F-C143-4489-8E39-FF1BD205F420}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0A3B8-6835-4CF7-8EB9-E986B3C79899}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{040CF1D8-1E19-4DA9-BAA0-ED01F6666AD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{04443C4F-66D5-400F-94BD-2B5F508461B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0FAD3358-A673-4E50-9673-933D9FCF7D34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{104B7E44-00B8-47F7-A76D-1710A77AF17E}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{10943054-33F4-4A17-9B38-870ED85FEDAD}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{1459435D-3136-474B-A9A8-F39CE1DB9434}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{150DC2FE-F21B-42F2-A828-E2F3D00D1E1B}" = protocol=6 | dir=out | app=system |
"{15A7C87C-E694-4FF7-9251-E0FFD78ECA93}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1CCA13BF-9EED-4426-98F6-1128F500A933}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1EBB62F9-B116-426E-B504-F6BF4EA63BCC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{267B8B47-1EEC-4157-BCD7-A1EEB6B72693}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{33D073B5-6C2E-4D64-9075-A17AF5E83D9D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{35E73A79-FEFF-46E9-9F6C-546A9BE8E037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39DA1F6C-B786-4AEB-8E56-661C22881A34}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{42151157-7659-48DD-BBCB-7FB8B3838C11}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{458D2368-F23D-41F1-96BD-92A425C8A28D}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{48063A9C-3786-4260-AC25-6415FA431571}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AAE63D4-E4F1-4419-A890-A6ECD68A631D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4C5B42EB-2D50-4E4B-81CD-99B0314F871E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53B9DD48-0B3E-499A-BF88-9DF2DA7B2D94}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{57C5B0E4-D014-4CDD-AABF-899A3EDBA7E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{5A3B083F-36C7-4CFA-A5E1-AA3292A1BCB8}" = dir=in | app=c:\users\tyrone.branch\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{644AD878-E8B0-44AC-86E4-4C2B17FB9D7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65750D4C-0468-48ED-9867-B743038C167E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6DB3A912-7C3E-47B4-BFA7-8992C4D52F7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{6F5D49D8-4C02-49EB-9030-392E36DF441A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{706B34E4-9072-40C6-80A3-DA930551EA78}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74B52A2B-5EBA-4998-8C31-09CCACF1E572}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A25DB5C-5FF3-45A6-A042-68A38F3EB41B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9BF3A079-C3EF-493B-A46F-A4A70685C12B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0CAD265-D463-4D9D-AF37-E0CD2ABE6FCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8943562-0B85-4AF5-B76C-CFD521AAE0F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABF27EA0-98C9-4008-A51B-8190D383B9D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{AFF1B608-92D4-45DB-B985-22230B898FCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0CD93B2-979D-43B3-A18E-1A4DF935929E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B33446FD-2BF8-4D2D-9167-B2BB17700DCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B3454B75-3A98-498D-862E-DCB29DA0DCC2}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{B5CC4A44-D309-41A5-84F4-DC396C3C4CCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B85D9D76-5F8A-4467-8956-21336CAF0DED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA80CBB8-0509-41A0-AED1-2ED4789B1A8A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB956990-28E2-406F-871F-1504A8397322}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBEC87C3-5F72-4BBD-8ECF-BCA303B524AC}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{C1F05823-4670-4A0E-B206-004BA904AE5D}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{C208CE8F-EBC7-4548-B40B-555305C0E7FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CB128C6E-437C-4DDF-BB5C-91B8EE125181}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D21E4E8D-B93E-4B80-A29C-0FEBE1D68C77}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D25B79E4-2AD5-4254-AE01-3505AEDF91CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D8280E48-29BE-447F-8D2F-FA0CA26E834C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD1102E9-BA4D-4D0D-8315-655DE9189D58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E08CC953-9C1F-4155-A218-4F07F18DC4B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E516022A-CD86-4E5C-B52E-5C8119067915}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{ED72CC2B-A420-482E-97BE-4D42156BA3A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EDE7FDD5-10D5-43F8-A932-E05860626795}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F55B8927-6EF0-4F4F-AE89-79AFF9703187}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F72507AC-0A4A-47C1-B14F-92F86D4A16A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7260AB3-8CEF-4D45-9409-05603308EBD6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F749F18A-DEF0-4B0C-8B7E-3E5A4EA90409}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F98F823F-5CD4-4C39-87A2-3B6996081F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F9D96268-058C-4442-9547-2A71FA863C5D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD02812F-2E2A-4CD6-BE61-92FEDAF26C9A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C7663280-83B4-4E21-838C-ACEEB4C61FA2}" = FastAccess
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2F8F16F-253E-4846-B508-8666FE2C5B14}" = HP Officejet J5700 Series
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
 
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{70CAF6DA-C2F4-40C4-A0A4-10FB04701669}" = bpd_scan
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7355D6F3-DBA4-4CD4-8FC3-B96FA766B642}" = calibre
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0B72BC-3007-45E9-BBA3-7B7EF8819FA3}" = 5700_Help
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)40000-0054-0409-0000-0000000FF1CE}
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A10B9E4E-9C40-4491-A3E1-C2B53DAB03C1}" = Facebook Messenger 2.0.4478.0
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A8B4A92C-BAB9-4CBC-A095-BEE5F44686F5}" = J5700_Basic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.7.3042
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43B1A55-6957-4E93-A674-338F78B4A202}" = BPDSoftware
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A1335B-3D84-413B-B92C-DF2D4BAACA0C}" = BPDSoftware_Ini
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GoToAssist" = GoToAssist 8.0.0.514
"huey_is1" = hueyPRO 1.5.1
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee AntiVirus Plus
"NCH_EN Toolbar" = NCH EN Toolbar
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"TeamViewer 6" = TeamViewer 6
"TuneUpMedia" = TuneUp Companion 2.4.2.2
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2012 12:00:00 PM | Computer Name = TyroneBranch-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 9:20:29 AM | Computer Name = TyroneBranch-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 9:20:35 AM | Computer Name = TyroneBranch-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 10:19:09 AM | Computer Name = TyroneBranch-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/15/2012 4:26:17 PM | Computer Name = TyroneBranch-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/17/2012 5:45:54 AM | Computer Name = TyroneBranch-PC | Source = PC-Doctor | ID = 1
Description = (9192) Asapi: (05:45:54:6440)(9192) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 40734; threadid = 9052): License authentication
result = FAIL; reasons = SIGNATURE_CHECK Stack Trace: !!! Stack Trace exceptions
not supported in 64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe
to translate the instruction offsets into function names.

Error - 1/17/2012 5:46:04 AM | Computer Name = TyroneBranch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/17/2012 5:46:04 AM | Computer Name = TyroneBranch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15039

Error - 1/17/2012 5:46:04 AM | Computer Name = TyroneBranch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15039

Error - 1/17/2012 9:51:23 AM | Computer Name = TyroneBranch-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Dell Events ]
Error - 10/2/2010 8:08:42 PM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/2/2010 8:08:42 PM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/25/2011 9:52:13 AM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/25/2011 9:52:13 AM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/28/2011 7:17:57 AM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/28/2011 7:17:57 AM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/12/2011 1:46:17 PM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/12/2011 1:46:17 PM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/16/2011 12:45:11 PM | Computer Name = TyroneBranch-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 4/26/2012 4:10:11 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 4:10:11 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 4/29/2012 4:23:17 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 4:23:17 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 4/30/2012 7:52:45 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 7:52:45 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/1/2012 2:48:02 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 2:48:02 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/3/2012 8:23:01 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 8:23:01 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/4/2012 4:04:26 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 4:04:26 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/5/2012 8:06:00 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 8:05:59 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/6/2012 2:07:37 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 2:07:37 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/7/2012 3:16:15 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 3:16:15 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

Error - 5/8/2012 3:16:33 AM | Computer Name = TyroneBranch-PC | Source = MCUpdate | ID = 0
Description = 3:16:33 AM - Failed to retrieve Directory (Error: CountryCode is invalid.)

[ System Events ]
Error - 5/8/2012 3:05:46 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7000
Description = The Realtek 8167 NT Helper service failed to start due to the following
error: %%1083

Error - 5/8/2012 3:05:49 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 5/8/2012 3:05:49 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 5/8/2012 3:05:50 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 5/8/2012 3:06:37 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/8/2012 3:07:36 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 5/8/2012 3:08:51 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 5/8/2012 3:08:51 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 5/8/2012 3:09:30 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 5/8/2012 3:09:30 PM | Computer Name = TyroneBranch-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >
 
OTL logfile created on: 5/8/2012 3:18:06 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tyrone.Branch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Caribbean | Language: ENB | Date Format: MM/dd/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.05% Memory free
7.60 Gb Paging File | 4.86 Gb Available in Paging File | 63.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 169.04 Gb Free Space | 59.65% Space Free | Partition Type: NTFS

Computer Name: TYRONEBRANCH-PC | User Name: Tyrone.Branch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tyrone.Branch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (VHidMinidrv) -- C:\Windows\SysNative\nvidesm.dll (Oak Technology Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (OA002Vid) -- C:\Windows\SysNative\drivers\OA002Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA002Ufd) -- C:\Windows\SysNative\drivers\OA002Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA002Afx) -- C:\Windows\SysNative\drivers\OA002Afx.sys (Creative Technology Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {912958F4-92FE-497F-B896-BD1AC4408683}
IE:64bit: - HKLM\..\SearchScopes\{912958F4-92FE-497F-B896-BD1AC4408683}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B90F8A7E-5B2D-4622-947E-DF860C30FF7F}
IE - HKLM\..\SearchScopes\{B90F8A7E-5B2D-4622-947E-DF860C30FF7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B90F8A7E-5B2D-4622-947E-DF860C30FF7F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tyrone.Branch\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/06/04 17:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/08 16:04:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/06 12:14:48 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
 
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [cdloader] C:\Users\Tyrone.Branch\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe (Facebook)
F3:64bit: - HKCU WinNT: Load - (C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com) - File not found
F3 - HKCU WinNT: Load - (C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7607D85A-5AAB-46B3-9A46-0DA5B72ED4B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08c72e35-7cb9-11e0-950d-c44619ed6fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{08c72e35-7cb9-11e0-950d-c44619ed6fd7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{11c4f9ef-63d9-11e1-8914-c44619ed6fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{11c4f9ef-63d9-11e1-8914-c44619ed6fd7}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O33 - MountPoints2\{87fc82d5-864a-11e1-b7a9-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{87fc82d5-864a-11e1-b7a9-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{87fc82f9-864a-11e1-b7a9-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{87fc82f9-864a-11e1-b7a9-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ade3793c-5f82-11e0-a7ce-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{ade3793c-5f82-11e0-a7ce-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: VHidMinidrv - C:\Windows\SysNative\nvidesm.dll (Oak Technology Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 15:15:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tyrone.Branch\Desktop\OTL.exe
[2012/05/08 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/08 14:52:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/07 11:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/07 10:58:12 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/07 10:32:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/07 10:16:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/07 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/07 10:16:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/07 10:14:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/07 01:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/07 01:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2012/05/07 01:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2012/05/06 23:23:33 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/06 23:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/06 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/06 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/06 23:09:33 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/05/06 23:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/05/06 21:51:10 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\Malwarebytes
[2012/05/06 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/06 21:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/06 21:50:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/06 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 17:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/04 17:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/04 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/30 08:12:25 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/04/26 12:40:51 | 000,000,000 | ---D | C] -- C:\Clickfree restored files
[2012/04/25 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\My Shared Folder
[2012/04/24 07:19:30 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\St. Paul Videos
[2012/04/14 12:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Digicel Wireless Modem
[2012/04/14 12:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService

========== Files - Modified Within 30 Days ==========

[2012/05/08 15:18:10 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/08 15:15:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tyrone.Branch\Desktop\OTL.exe
[2012/05/08 15:13:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 15:13:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 15:07:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 15:06:34 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/08 15:06:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 15:05:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 15:05:18 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 02:17:15 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000UA.job
[2012/05/07 02:02:22 | 000,032,316 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery Scan.DAT
[2012/05/07 01:44:59 | 000,001,114 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery.lnk
[2012/05/07 01:41:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 23:58:55 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/06 23:58:55 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/06 23:58:55 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/06 23:23:18 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/06 23:09:33 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/05/06 21:51:01 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/06 12:14:48 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/06 11:13:42 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/05/05 08:18:46 | 000,001,256 | ---- | M] () -- C:\Users\Tyrone.Branch\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/05 08:17:06 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000Core.job
[2012/05/04 17:24:11 | 000,002,515 | ---- | M] () -- C:\Users\Tyrone.Branch\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/04 17:24:11 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/04 17:18:02 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 08:12:26 | 000,001,355 | ---- | M] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/04/26 19:09:55 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | M] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/04/26 19:09:55 | 000,036,608 | ---- | M] () -- C:\Windows\SysWow64\nkmggrlq.dat
[2012/04/26 19:09:55 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rfaixcpa.dat
[2012/04/26 14:35:40 | 000,019,456 | ---- | M] () -- C:\Users\Tyrone.Branch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:40:51 | 000,001,676 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\ClickFree Backup Restored Files.lnk
[2012/04/25 17:44:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/14 12:16:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/04/14 12:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2012/05/07 10:16:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/07 02:02:20 | 000,032,316 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery Scan.DAT
[2012/05/07 01:44:59 | 000,001,114 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery.lnk
[2012/05/06 23:23:18 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/06 21:51:01 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 10:01:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 17:24:11 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/04 17:18:02 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 08:12:26 | 000,001,355 | ---- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/04/26 19:09:55 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | C] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/04/26 19:09:55 | 000,036,608 | ---- | C] () -- C:\Windows\SysWow64\nkmggrlq.dat
[2012/04/26 19:09:55 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\rfaixcpa.dat
[2012/04/26 18:43:00 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/04/26 14:04:41 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/26 12:40:51 | 000,001,676 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\ClickFree Backup Restored Files.lnk
[2012/04/14 12:16:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/04/14 12:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/02/27 19:09:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/02/07 22:45:56 | 000,142,459 | ---- | C] () -- C:\Windows\hpwins10.dat
[2012/02/07 22:45:56 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2012/01/24 12:45:47 | 000,019,456 | ---- | C] () -- C:\Users\Tyrone.Branch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 22:18:10 | 000,100,208 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2011/04/23 22:17:32 | 000,062,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2011/04/23 22:16:44 | 000,250,552 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/07 09:49:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010/07/07 09:49:58 | 000,000,268 | RH-- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Widgets
[2010/07/07 09:49:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/07/07 09:48:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Woodwinds
[2010/07/07 09:48:07 | 000,000,268 | RH-- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Vocals
[2010/07/07 09:48:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/07/07 09:39:24 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/17 19:51:24 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== LOP Check ==========

[2011/10/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\calibre
[2011/02/28 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Canon
[2012/02/07 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\mjusbsp
[2010/07/08 09:09:55 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Nikon
[2012/02/04 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\ooVoo Details
[2012/03/02 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Pantone
[2010/12/28 11:50:48 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\PCDr
[2012/03/21 14:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Research In Motion
[2011/11/05 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\TeamViewer
[2012/04/04 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\TuneUpMedia
[2010/07/07 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\WildTangent
[2012/05/06 11:13:42 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/05/05 08:17:06 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000Core.job
[2012/05/07 02:17:15 | 000,000,960 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000UA.job
[2012/04/25 17:44:44 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/05 08:01:10 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/08 15:18:10 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
< End of report >
 
You have a massive system with what looks like everything on it running! The system is infected with Win32/Sirefef/Zero Access

Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. Does it read "OEM Software" or "OEM Product" in black lettering?
2. Or, does it have the computer manufacturer's name in black lettering?
3. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {5A3DCFFA-7135-40DC-AAC6-2C541954CF14}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5A3DCFFA-7135-40DC-AAC6-2C541954CF14}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-3265492474-3920981868-2539861232</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Studio 1558</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20100527000000.000000+000</Date></BIOS><HWID>18993A07018400FC</HWID><UserLCID>2409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SA Western Standard Time(GMT-04:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7600.0000-1682010
Installation ID: 000540651426532156514865930986492474666292525022320135
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 05/09/2012 12:43:12 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 2:29:2012 15:17
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAEABQABAAEAAAABAAAABAABAAEA6GFOTiRFmlFwTVT1/PoYQpAmDki2/9oRJAVelpo1XF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table NameOEMID ValueOEMTableID Value
APICPTLTDAPIC
FACPINTELCRESTLNE
HPETINTELCRESTLNE
BOOTPTLTD$SBFTBL$
MCFGINTELCRESTLNE
SPCRPTLTD$UCRTBL$
SLICDELL QA09
OSFRDELL DELL
ASF! CETP CETP
SSDTPmRefCpuPm

I am not sure that I posted everything that you asked for, please inform me if I did.
 
There are some questions about the system and what's on it:

1. It appears that the OS was never Activated: You show Remaining Windows rearm count: 4 Win 7 should only have 3:
The re-arms works as:
0 = First 30 days
1 = Second 30 days
2 = Third 30 days
3 = Fourth 30 days
When you first [FONT=inherit][FONT=inherit][FONT=inherit]install [/FONT][FONT=inherit]Windows[/FONT][/FONT][/FONT] you have 30 days 'before' you need to activate it. So if you are using a trial version of the operating system you only have 30 days before you have to decide whether to buy it and activate it or remove it from your PC.
===============================================
2. The system is full of Trojan:Win32/Sirefef.P (Microsoft); Mal/ZAccess-D (Sophos)

3. The system is set to autorun LaunchU3, SmartWare (auto-play), ClickFreeBackup and some other processes I can't identify. Unfortunately, when the autoruns run, the malware is launched again.
====================================================
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {912958F4-92FE-497F-B896-BD1AC4408683}
IE:64bit: - HKLM\..\SearchScopes\{912958F4-92FE-497F-B896-BD1AC4408683}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B90F8A7E-5B2D-4622-947E-DF860C30FF7F}
IE - HKLM\..\SearchScopes\{B90F8A7E-5B2D-4622-947E-DF860C30FF7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B90F8A7E-5B2D-4622-947E-DF860C30FF7F}
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
F3:64bit: - HKCU WinNT: Load - (C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com) - File not found
F3 - HKCU WinNT: Load - (C:\Users\TYRONE~1.BRA\LOCALS~1\Temp\msiziara.com) - File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{08c72e35-7cb9-11e0-950d-c44619ed6fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{08c72e35-7cb9-11e0-950d-c44619ed6fd7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{11c4f9ef-63d9-11e1-8914-c44619ed6fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{11c4f9ef-63d9-11e1-8914-c44619ed6fd7}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O33 - MountPoints2\{87fc82d5-864a-11e1-b7a9-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{87fc82d5-864a-11e1-b7a9-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{87fc82f9-864a-11e1-b7a9-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{87fc82f9-864a-11e1-b7a9-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ade3793c-5f82-11e0-a7ce-b8ac6f70caec}\Shell - "" = AutoRun
O33 - MountPoints2\{ade3793c-5f82-11e0-a7ce-b8ac6f70caec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2012/05/07 10:16:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------
 
OTL logfile created on: 5/14/2012 11:45:21 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Tyrone.Branch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Caribbean | Language: ENB | Date Format: MM/dd/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.24% Memory free
7.60 Gb Paging File | 5.54 Gb Available in Paging File | 72.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.07 Gb Free Space | 60.36% Space Free | Partition Type: NTFS

Computer Name: TYRONEBRANCH-PC | User Name: Tyrone.Branch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe ()
PRC - C:\Users\Tyrone.Branch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrodist.exe (Adobe Systems Incorporated.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (VHidMinidrv) -- C:\Windows\SysNative\nvidesm.dll (Oak Technology Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (nvUpdService) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (OA002Vid) -- C:\Windows\SysNative\drivers\OA002Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA002Ufd) -- C:\Windows\SysNative\drivers\OA002Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA002Afx) -- C:\Windows\SysNative\drivers\OA002Afx.sys (Creative Technology Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tyrone.Branch\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/06/04 17:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/08 16:04:02 | 000,000,000 | ---D | M]
 
O1 HOSTS File: ([2012/05/14 23:35:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101022232628.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [cdloader] C:\Users\Tyrone.Branch\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tyrone.Branch\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Tyrone.Branch\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7607D85A-5AAB-46B3-9A46-0DA5B72ED4B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E6DF1D-B687-441E-AEE1-1243AF6BF66F}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 23:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/14 23:34:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/14 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Logs
[2012/05/14 15:34:05 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Looks
[2012/05/13 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Uriah Chosen
[2012/05/13 17:46:32 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Uriah 2
[2012/05/10 19:50:20 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Daryll
[2012/05/09 12:44:21 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/05/09 12:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/05/08 15:15:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tyrone.Branch\Desktop\OTL.exe
[2012/05/08 14:52:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/07 11:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/07 10:58:12 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/07 10:32:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/07 10:16:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/07 10:16:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/07 10:16:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/07 10:14:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/07 01:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/07 01:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2012/05/07 01:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2012/05/06 23:23:33 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/06 23:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/06 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/06 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/06 23:09:33 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/05/06 23:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/05/06 21:51:10 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\Malwarebytes
[2012/05/06 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/06 21:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/06 21:50:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/06 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 17:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/04 17:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/04 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/30 08:12:25 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/04/26 12:40:51 | 000,000,000 | ---D | C] -- C:\Clickfree restored files
[2012/04/25 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\My Shared Folder
[2012/04/24 07:19:30 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\St. Paul Videos

========== Files - Modified Within 30 Days ==========

[2012/05/14 23:50:48 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 23:50:48 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 23:43:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 23:43:01 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/05/14 23:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 23:42:49 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 23:41:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 23:35:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/14 23:17:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000UA.job
[2012/05/14 23:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 12:00:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/14 08:17:01 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000Core.job
[2012/05/14 08:05:22 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 08:05:22 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 08:05:22 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 08:01:13 | 003,031,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 09:17:11 | 000,000,089 | ---- | M] () -- C:\data
[2012/05/13 09:05:54 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/10 13:14:05 | 000,956,416 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\STLYE SENSATION POSTER.pub
[2012/05/10 12:44:30 | 000,289,784 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\Publication1.jpg
[2012/05/08 15:15:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tyrone.Branch\Desktop\OTL.exe
[2012/05/07 01:44:59 | 000,001,114 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery.lnk
[2012/05/06 23:23:18 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/06 23:09:33 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/05/06 21:51:01 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 08:18:46 | 000,001,256 | ---- | M] () -- C:\Users\Tyrone.Branch\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/04 17:24:11 | 000,002,515 | ---- | M] () -- C:\Users\Tyrone.Branch\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/04 17:24:11 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/04 17:18:02 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 08:12:26 | 000,001,355 | ---- | M] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/04/26 19:09:55 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | M] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/04/26 19:09:55 | 000,036,608 | ---- | M] () -- C:\Windows\SysWow64\nkmggrlq.dat
[2012/04/26 19:09:55 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rfaixcpa.dat
[2012/04/26 14:35:40 | 000,019,456 | ---- | M] () -- C:\Users\Tyrone.Branch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:40:51 | 000,001,676 | ---- | M] () -- C:\Users\Tyrone.Branch\Desktop\ClickFree Backup Restored Files.lnk
[2012/04/25 17:44:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2012/05/13 09:17:11 | 000,000,089 | ---- | C] () -- C:\data
[2012/05/10 13:14:03 | 000,956,416 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\STLYE SENSATION POSTER.pub
[2012/05/10 12:41:34 | 000,289,784 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\Publication1.jpg
[2012/05/07 01:44:59 | 000,001,114 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\Stellar Phoenix Photo Recovery.lnk
[2012/05/06 23:23:18 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/06 21:51:01 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 10:01:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 17:24:11 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/04 17:18:02 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 08:12:26 | 000,001,355 | ---- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/04/26 19:09:55 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | C] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/04/26 19:09:55 | 000,036,608 | ---- | C] () -- C:\Windows\SysWow64\nkmggrlq.dat
[2012/04/26 19:09:55 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\rfaixcpa.dat
[2012/04/26 18:43:00 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/04/26 14:04:41 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/26 12:40:51 | 000,001,676 | ---- | C] () -- C:\Users\Tyrone.Branch\Desktop\ClickFree Backup Restored Files.lnk
[2012/02/27 19:09:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/02/07 22:45:56 | 000,142,459 | ---- | C] () -- C:\Windows\hpwins10.dat
[2012/02/07 22:45:56 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2012/01/24 12:45:47 | 000,019,456 | ---- | C] () -- C:\Users\Tyrone.Branch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 22:18:10 | 000,100,208 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2011/04/23 22:17:32 | 000,062,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2011/04/23 22:16:44 | 000,250,552 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/07 09:49:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010/07/07 09:49:58 | 000,000,268 | RH-- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Widgets
[2010/07/07 09:49:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/07/07 09:48:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Woodwinds
[2010/07/07 09:48:07 | 000,000,268 | RH-- | C] () -- C:\Users\Tyrone.Branch\AppData\Roaming\Vocals
[2010/07/07 09:48:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/07/07 09:39:24 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/17 19:51:24 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== LOP Check ==========

[2011/10/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\calibre
[2011/02/28 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Canon
[2012/02/07 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\mjusbsp
[2010/07/08 09:09:55 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Nikon
[2012/02/04 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\ooVoo Details
[2012/03/02 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Pantone
[2010/12/28 11:50:48 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\PCDr
[2012/03/21 14:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\Research In Motion
[2011/11/05 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\TeamViewer
[2012/04/04 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\TuneUpMedia
[2010/07/07 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\Tyrone.Branch\AppData\Roaming\WildTangent
[2012/05/14 23:43:01 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/05/14 08:17:01 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000Core.job
[2012/05/14 23:17:00 | 000,000,960 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3265492474-3920981868-2539861232-1000UA.job
[2012/04/25 17:44:44 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/13 20:42:50 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/14 12:00:17 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
 
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = 
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[2012/05/14 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Logs
[2012/05/14 15:34:05 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Looks
[2012/05/13 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Uriah Chosen
[2012/05/13 17:46:32 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Uriah 2
[2012/05/10 19:50:20 | 000,000,000 | ---D | C] -- C:\Users\Tyrone.Branch\Desktop\Daryll
[2012/05/09 12:44:21 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/04/26 19:09:55 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | M] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/04/26 19:09:55 | 000,036,608 | ---- | M] () -- C:\Windows\SysWow64\nkmggrlq.dat
[2012/04/26 19:09:55 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rfaixcpa.dat
[2012/04/26 14:35:40 | 000,019,456 | ---- | M] () -- C:\Users\Tyrone.Branch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 19:09:55 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\rfirltcc.dat
[2012/04/26 19:09:55 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\lpucxwve.dat
[2012/04/26 19:09:55 | 000,136,960 | ---- | C] () -- C:\Windows\SysWow64\hahhbxlh.dat
[2012/02/27 19:09:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/05/13 09:17:11 | 000,000,089 | ---- | C] () -- C:\data
[2012/04/26 14:04:41 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]5
resethosts]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------

I'm seeing some improvement in the log. How is the system doing?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back