Solved 0i763f66bz.exe

M

multcomedic

Posts: 20   +0
I have found the about file on my computer and have been unable to remove it. I have began to have problems such as error pop ups regarding windows 7 not being genuine and the check disc utility running on start up but always failing and cycling back unless I skip it. Does anyone have a fix? I have not been able to find a whole lot on this file using google or help from Mcafee other than a few listing in spanish.
 
I've also ran through the 5 steps and was unable to get GMER to run and dds to download. Here is the Malware log.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shanahan Family :: SHANAHANFAMILY [administrator]

Protection: Disabled

6/25/2012 1:49:58 AM
mbam-log-2012-06-25 (01-49-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233151
Time elapsed: 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
I managed to GMER running and obtained the following log. Still unable to get DDS to download.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-25 02:20:50
Windows 6.1.7601 Service Pack 1
Running: ffoxi9z6.exe


---- Services - GMER 1.0.15 ----

Service C:\SystemRoot\System32\Drivers\aa4c16f84acedb9.sys (*** hidden *** ) [BOOT] aa4c16f84acedb9 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
 
Got DDS to work.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Shanahan Family at 2:46:48 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.3423 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Users\Shanahan Family\0i763f66bz.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
C:\Windows\Explorer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [0i763f66bz] C:\Users\Shanahan Family\0i763f66bz.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{A9617A1D-E405-4F40-AE53-680196DD5D5C} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{FA0F4E18-98EA-46C9-A4C3-E8D426408D8A} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO-X64: SmileBox EN - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun-x64: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun-x64: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
IE-X64: {DFA963BD-D1F9-4E94-855E-65CD528E7A03} - http://qwest.live.com
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-21 98208]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2012-2-21 135168]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-3-31 77984]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2012-2-21 98304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2012-2-21 176128]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-21 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-21 2656280]
R3 DCDhcpService;DCDhcpService;C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [2012-2-21 100352]
S2 0198421340566558mcinstcleanup;McAfee Application Installer Cleanup (0198421340566558);C:\Windows\TEMP\019842~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\019842~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-25 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S2 McShield;McAfee McShield;"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [?]
S2 mfefire;McAfee Firewall Core Service;"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-22 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-21 224704]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-25 08:38:24--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
2012-06-25 08:38:1724904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-25 08:38:17--------d-----w-C:\ProgramData\Malwarebytes
2012-06-25 08:38:17--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 03:11:05--------d-----w-C:\UBCD4Win
2012-06-25 03:05:37--------d-sh--w-C:\$RECYCLE.BIN
2012-06-25 03:00:41--------d-----w-C:\Program Files (x86)\Windows Resource Kits
2012-06-24 17:40:1798816----a-w-C:\Windows\sed.exe
2012-06-24 17:40:17518144----a-w-C:\Windows\SWREG.exe
2012-06-24 17:40:17256000----a-w-C:\Windows\PEV.exe
2012-06-24 17:40:17208896----a-w-C:\Windows\MBR.exe
2012-06-23 18:48:20--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\McAfee
2012-06-22 00:12:232622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-22 00:12:1499840----a-w-C:\Windows\System32\wudriver.dll
2012-06-22 00:12:0536864----a-w-C:\Windows\System32\wuapp.exe
2012-06-22 00:12:05186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-13 18:36:009216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-13 18:36:0077312----a-w-C:\Windows\System32\rdpwsx.dll
2012-06-13 18:36:00149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-06-13 18:35:36209920----a-w-C:\Windows\System32\profsvc.dll
2012-06-13 18:35:343968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 18:35:343913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 18:35:293216384----a-w-C:\Windows\System32\msi.dll
2012-06-13 18:35:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-06-13 18:35:22184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-06-13 18:35:221462272----a-w-C:\Windows\System32\crypt32.dll
2012-06-13 18:35:22140288----a-w-C:\Windows\System32\cryptnet.dll
2012-06-13 18:35:221158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-06-13 18:35:21140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 18:35:21103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-05-31 14:37:12--------d-----w-C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
2012-05-31 14:37:10--------d-----w-C:\Windows\Hewlett-Packard
.
==================== Find3M ====================
.
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 2:47:09.39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/21/2012 10:42:43 PM
System Uptime: 6/25/2012 1:58:42 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0VFV2M
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 909 GiB total, 824.992 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfewfpk
Device ID: ROOT\LEGACY_MFEWFPK\0000
Manufacturer:
Name: McAfee Inc. mfewfpk
PNP Device ID: ROOT\LEGACY_MFEWFPK\0000
Service: mfewfpk
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C8E57F2&0&0007AB72C0CF_C00000000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Community Help
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader X (10.1.3) MUI
Advanced Audio FX Engine
AIO_Scan
Apple Application Support
Apple Software Update
Atheros Direct Connect
Blio
BufferChm
C4200
c4200_Help
CIR Registry
Cisco WebEx Meetings
Consumer In-Home Service Agreement
Copy
Cozi
CyberLink YouPaint
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Bluetooth Installation
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell KM632 Wireless Keyboard Caps Lock Indicator
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touch Software Suite Games
Dell VideoStage
Dell Webcam Central
DELLOSD
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocProc
Elements 9 Organizer
Elements STI Installer
First Thousand Words
Google Calendar Sync
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
High-Definition Video Playback
HP Product Detection
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 7 Update 3
JavaFX 2.0.3
Junk Mail filter update
Kidzui
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee SecurityCenter
McAfee Virtual Technician
Mesh Runtime
Microsoft Money 2000 Standard Edition
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PhotoShowExpress
PlayReady PC Runtime x86
ProMash
PS_AIO_Software_min
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.5
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
Smilebox
SmileBox EN Toolbar
SolutionCenter
Sonic CinePlayer Decoder Pack
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Status
StickyNotes
SyncUP
Toolbox
TrayApp
TrustedID
UBCD4Win 3.60
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
Yahoo! Toolbar
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: The system cannot find the file specified.
6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 2:31:07 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 2:31:07 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: The system cannot find the file specified.
6/25/2012 2:29:07 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 2:29:06 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 2:25:30 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D4583E73-8C3A-4850-A60F-71363527B0FB}. The error: "740" Happened while starting this command: "C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe" -Embedding
6/25/2012 2:24:46 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 2:24:46 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: A device attached to the system is not functioning.
6/25/2012 2:19:02 AM, Error: Ntfs [55] -
6/25/2012 2:01:15 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 2:01:11 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 2:01:11 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
6/25/2012 2:00:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
6/25/2012 12:07:49 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
6/25/2012 12:05:56 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: Access is denied.
6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
6/25/2012 12:05:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
6/25/2012 12:05:40 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147023611
6/25/2012 12:05:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147023611
6/25/2012 1:59:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk mfewfpk
6/25/2012 1:59:07 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 2:52:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/24/2012 2:52:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/24/2012 12:35:51 PM, Error: Service Control Manager [7023] - The McAfee Validation Trust Protection Service service terminated with the following error: The system cannot find the file specified.
6/24/2012 11:13:36 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
6/24/2012 10:41:02 AM, Error: Service Control Manager [7034] - The Dell WMI Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 10:40:06 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 10:40:06 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 10:26:16 AM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: MfeFire. This service might not be installed.
6/24/2012 10:24:08 AM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
6/24/2012 10:24:08 AM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed.
6/24/2012 10:23:22 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
6/23/2012 6:48:39 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: Access is denied.
6/23/2012 10:35:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {31371420-098D-4C0E-A11E-EBEC2305DD01}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ytbb.exe" -Embedding
6/23/2012 10:35:36 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
6/23/2012 10:30:38 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {6737D319-D20F-4DAF-B321-ECC5E52F692A}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe" -Embedding
6/23/2012 10:30:27 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
6/23/2012 10:30:22 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {694978FF-AB41-4E51-9A2F-862A9312FCB1}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
All set. My wife informed me that she had Mcafee techs working on this today via remote access while I was at work today. I'm not sure what if anything they may have done other than Mcafee still doesn't work.

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 01:56:19
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-06-22] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-06-22] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-06-22] (Intel Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [DCHostUI] "C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe" -nogui [366592 2011-03-31] (Atheros Communication)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [617120 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj" [6433439 2011-03-18] ()
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2011-12-31] ()
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [53248 2011-01-12] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKU\Kids\...\Policies\system: [LogonHoursAction] 2
HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Shanahan Family\...\Policies\system: [LogonHoursAction] 2
HKU\Shanahan Family\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [77984 2011-03-31] (Atheros Commnucations)
3 DCDhcpService; "C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe" [100352 2011-03-31] (Atheros Communication Inc.)
2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162224 2012-05-25] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

0 aa4c16f84acedb9; C:\Windows\System32\Drivers\aa4c16f84acedb9.sys [74184 2012-06-23] ()
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-31] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-31] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-31] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-31] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-31] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-31] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [281248 2011-03-31] (Atheros)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [311400 2011-03-15] (Realtek Semiconductor Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 cdaxeesa; \??\C:\Windows\system32\drivers\cdaxeesa.sys [x]
1 jvaolvfd; \??\C:\Windows\system32\drivers\jvaolvfd.sys [x]
1 oecehykg; \??\C:\Windows\system32\drivers\oecehykg.sys [x]
1 uxlgtwoh; \??\C:\Windows\system32\drivers\uxlgtwoh.sys [x]
1 zzdmfitz; \??\C:\Windows\system32\drivers\zzdmfitz.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 02:46 - 2005-08-31 12:38 - 00000956 ____A C:\Windows\SysWOW64\iconcfg.ini
2012-06-26 02:46 - 2003-12-16 12:04 - 00049152 ____A (General) C:\Windows\SysWOW64\usbmonit.exe
2012-06-26 02:46 - 2003-05-21 11:27 - 00139264 ____A (Genesys) C:\Windows\SysWOW64\geneicon.dll
2012-06-26 02:46 - 2003-03-07 13:52 - 00036864 ____A C:\Windows\SysWOW64\deluidrv.exe
2012-06-26 02:46 - 2002-03-05 12:10 - 00032768 ____A C:\Windows\SysWOW64\delentry.exe
2012-06-26 02:45 - 2012-06-26 02:45 - 00120933 ____A C:\Users\Shanahan Family\Downloads\sddr-103-107-driver.zip
2012-06-26 02:45 - 2003-12-16 12:15 - 00024848 ____A (General) C:\Windows\SysWOW64\Drivers\geneuide.sys
2012-06-26 02:42 - 2012-06-26 02:42 - 01425797 ____A C:\Users\Shanahan Family\Downloads\FRST64.exe
2012-06-26 01:56 - 2012-06-26 01:56 - 00000000 ____D C:\FRST
2012-06-25 23:19 - 2012-06-25 15:47 - 00000000 ____D C:\users\mcafee test
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-06-25 15:50 - 2012-06-25 15:50 - 01807128 ____A (Dell Inc) C:\Users\Shanahan Family\Downloads\aulauncher.exe
2012-06-25 15:20 - 2012-06-25 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\mseinstall.exe
2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 15:10 - 2012-06-25 15:10 - 04285248 ____A (McAfee, Inc.) C:\Users\Shanahan Family\Downloads\McAfeeSetup.exe
2012-06-25 15:10 - 2012-05-25 19:13 - 00162224 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-06-25 14:55 - 2012-06-25 14:55 - 00809328 ____A (AirInstaller Inc.) C:\Users\Shanahan Family\Downloads\setup (1).exe
2012-06-25 14:51 - 2012-06-25 14:51 - 00000087 ___RH C:\Users\Shanahan Family\Downloads\GetSusp.opt
2012-06-25 14:49 - 2012-06-25 14:49 - 05018217 ____N C:\Users\Shanahan Family\Downloads\gsusp_0E2C0FE93D33_062512_124918.zip
2012-06-25 14:46 - 2012-06-25 14:49 - 00004513 ____A C:\Users\Shanahan Family\Downloads\GetSusp.xml
2012-06-25 14:46 - 2012-06-25 14:46 - 01501248 ____A (McAfee Inc.) C:\Users\Shanahan Family\Downloads\getsusp.exe
2012-06-25 14:11 - 2012-06-25 15:17 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee.com
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-25 14:00 - 2012-06-25 15:20 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-25 13:46 - 2012-06-25 23:15 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-25 13:46 - 2012-06-25 23:15 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-06-25 13:46 - 2012-06-25 13:59 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-25 13:46 - 2012-06-25 13:46 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-25 13:46 - 2012-03-06 18:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-25 13:45 - 2012-06-25 13:46 - 74761776 ____A C:\Users\Shanahan Family\Downloads\setup_av_free.exe
2012-06-25 13:37 - 2012-06-25 15:12 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-25 13:37 - 2012-06-25 15:12 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-25 13:30 - 2012-06-25 14:15 - 00000000 ____D C:\Windows\pss
2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-25 13:25 - 2012-06-25 13:25 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-25 13:25 - 2012-05-04 21:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-25 13:22 - 2012-06-25 13:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00000000 ____D C:\Program Files\Java
2012-06-25 11:22 - 2012-06-25 11:22 - 00000000 ____D C:\mfe
2012-06-25 05:19 - 2012-06-25 05:19 - 00159144 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\WindowsActivationUpdate.exe
2012-06-25 05:01 - 2012-06-25 16:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 05:01 - 2012-06-25 05:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-25 04:20 - 2012-06-25 04:20 - 00000330 ____A C:\Users\Shanahan Family\Desktop\gmer.log
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-24 22:11 - 2012-06-25 14:44 - 00000000 ____D C:\UBCD4Win
2012-06-24 22:01 - 2012-06-24 22:01 - 00000942 ____A C:\Users\Shanahan Family\Downloads\dellregfix.zip
2012-06-24 22:00 - 2012-06-24 22:00 - 00379392 ____A C:\Users\Shanahan Family\Downloads\subinacl.msi
2012-06-24 22:00 - 2012-06-24 22:00 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-06-24 16:54 - 2012-06-24 16:54 - 00023006 ____A C:\ComboFix.txt
2012-06-24 12:40 - 2012-06-24 16:54 - 00000000 ____D C:\Qoobox
2012-06-24 12:40 - 2012-06-24 12:45 - 00000000 ____D C:\Windows\erdnt
2012-06-24 12:40 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-24 12:40 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-24 12:40 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-24 12:40 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-24 12:40 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-24 12:40 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-24 12:40 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-24 12:40 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-23 14:01 - 2012-06-23 14:01 - 00071358 ____A C:\Users\Shanahan Family\Downloads\OTL.Txt
2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\McAfee
2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\McAfee
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\KidZui
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\Adobe
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\KidZui
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Adobe
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\BMExplorer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\BMExplorer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Roxio
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Creative
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Apple Computer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Roxio
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Creative
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Apple Computer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\BMExplorer
2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\Application Data\Atheros Communication
2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Atheros Communication
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Atheros
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Atheros
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\AppData\Local\Atheros
2012-06-23 12:21 - 2012-06-23 12:37 - 00118252 _RASH C:\Users\Kids\ntuser.pol
2012-06-23 12:21 - 2012-06-23 12:37 - 00000000 ____D C:\users\Kids
2012-06-23 12:21 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Dell
2012-06-23 12:21 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell
2012-06-23 12:21 - 2012-06-23 12:21 - 00000020 ___SH C:\Users\Kids\ntuser.ini
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Adobe
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Adobe
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell Touch Zone
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell Touch Zone
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\Local Settings\SoftThinks
2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\SoftThinks
2012-06-23 12:21 - 2012-06-23 12:07 - 00000000 ____D C:\Users\Kids\AppData\Local\SoftThinks
2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\Local Settings\Microsoft Help
2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Microsoft Help
2012-06-23 12:21 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Kids\AppData\Local\Microsoft Help
2012-06-23 12:21 - 2012-02-21 19:16 - 00000000 ____D C:\Users\Kids\Application Data\Macromedia
2012-06-23 12:21 - 2012-02-21 19:16 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Macromedia
2012-06-23 12:21 - 2012-02-21 19:11 - 00000000 ___RD C:\Users\Kids\Desktop\Play Games
2012-06-23 12:14 - 2012-06-23 13:40 - 00000632 _RASH C:\Users\Shanahan Family\ntuser.pol
2012-06-23 12:06 - 2012-06-23 12:06 - 00074184 ____A C:\Windows\System32\Drivers\aa4c16f84acedb9.sys
2012-06-21 19:12 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 19:12 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 19:12 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 19:12 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 19:12 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 19:12 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 19:12 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 19:12 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 19:12 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 16:06 - 2012-06-18 16:06 - 00026112 ____A C:\Users\Shanahan Family\Downloads\TS001018259.dot
2012-06-13 22:23 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 22:23 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 22:23 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 22:23 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 22:23 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 22:23 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 22:23 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 22:23 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 22:23 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 22:23 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 22:23 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 22:23 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 22:23 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 22:23 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 22:23 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 22:23 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 22:23 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 22:23 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 22:23 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 22:23 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 22:23 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 22:23 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 22:23 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 22:23 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 22:23 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 22:23 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 22:23 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 22:23 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 13:45 - 2012-06-13 13:45 - 00051356 ____A C:\Users\Shanahan Family\Downloads\WHAT TO PACK IN YOUR CHILD.mht
2012-06-13 13:36 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 13:36 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 13:36 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:35 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 13:35 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 13:35 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 13:35 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 13:35 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 13:35 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 13:35 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 13:35 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 13:35 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 13:35 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 13:35 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 13:35 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 13:35 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:35 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-05-31 09:39 - 2012-05-31 09:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-31 09:37 - 2012-06-07 09:22 - 00000000 ____D C:\Users\Shanahan Family\Application Data\HpUpdate
2012-05-31 09:37 - 2012-06-07 09:22 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
2012-05-31 09:37 - 2012-05-31 09:37 - 00000000 ____D C:\Windows\Hewlett-Packard
 
============ 3 Months Modified Files and Folders =============
2012-06-26 02:48 - 2009-07-14 00:13 - 00786422 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 02:45 - 2012-06-26 02:45 - 00120933 ____A C:\Users\Shanahan Family\Downloads\sddr-103-107-driver.zip
2012-06-26 02:42 - 2012-06-26 02:42 - 01425797 ____A C:\Users\Shanahan Family\Downloads\FRST64.exe
2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Nero
2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Nero
2012-06-26 02:25 - 2012-03-22 02:56 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Nero
2012-06-26 02:20 - 2012-03-21 18:10 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
2012-06-26 02:17 - 2012-03-22 11:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-26 02:16 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 02:16 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 02:10 - 2012-03-22 11:07 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-06-26 02:10 - 2012-02-21 19:07 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-26 02:10 - 2012-02-21 18:58 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-26 02:08 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 02:07 - 2009-07-13 23:51 - 00050543 ____A C:\Windows\setupact.log
2012-06-26 01:56 - 2012-06-26 01:56 - 00000000 ____D C:\FRST
2012-06-25 23:20 - 2012-03-21 18:10 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
2012-06-25 23:20 - 2012-02-21 18:54 - 00000000 ____D C:\Users\All Users\Atheros
2012-06-25 23:20 - 2012-02-21 18:54 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
2012-06-25 23:19 - 2012-04-18 11:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-25 23:15 - 2012-06-25 13:46 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-25 23:15 - 2012-06-25 13:46 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Citrix
2012-06-25 23:05 - 2012-06-25 23:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-06-25 16:52 - 2012-06-25 05:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\CrashDumps
2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\CrashDumps
2012-06-25 16:05 - 2012-04-27 17:30 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\CrashDumps
2012-06-25 15:52 - 2012-03-22 15:00 - 00000000 ____D C:\Users\All Users\PCDr
2012-06-25 15:52 - 2012-03-22 15:00 - 00000000 ____D C:\Users\All Users\Application Data\PCDr
2012-06-25 15:50 - 2012-06-25 15:50 - 01807128 ____A (Dell Inc) C:\Users\Shanahan Family\Downloads\aulauncher.exe
2012-06-25 15:47 - 2012-06-25 23:19 - 00000000 ____D C:\users\mcafee test
2012-06-25 15:39 - 2010-11-20 22:47 - 00081268 ____A C:\Windows\PFRO.log
2012-06-25 15:20 - 2012-06-25 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\mseinstall.exe
2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-25 15:20 - 2012-06-25 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 15:20 - 2012-06-25 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-25 15:20 - 2012-02-21 18:32 - 01553943 ____A C:\Windows\WindowsUpdate.log
2012-06-25 15:20 - 2011-02-10 11:10 - 00800080 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-25 15:17 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-06-25 15:12 - 2012-06-25 13:37 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-25 15:12 - 2012-06-25 13:37 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-25 15:10 - 2012-06-25 15:10 - 04285248 ____A (McAfee, Inc.) C:\Users\Shanahan Family\Downloads\McAfeeSetup.exe
2012-06-25 15:06 - 2012-04-11 22:06 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Outlook Files
2012-06-25 15:06 - 2012-04-11 22:06 - 00000000 ____D C:\Users\Shanahan Family\Documents\Outlook Files
2012-06-25 15:05 - 2012-03-22 00:42 - 00000000 ____D C:\users\Shanahan Family
2012-06-25 14:55 - 2012-06-25 14:55 - 00809328 ____A (AirInstaller Inc.) C:\Users\Shanahan Family\Downloads\setup (1).exe
2012-06-25 14:51 - 2012-06-25 14:51 - 00000087 ___RH C:\Users\Shanahan Family\Downloads\GetSusp.opt
2012-06-25 14:49 - 2012-06-25 14:49 - 05018217 ____N C:\Users\Shanahan Family\Downloads\gsusp_0E2C0FE93D33_062512_124918.zip
2012-06-25 14:49 - 2012-06-25 14:46 - 00004513 ____A C:\Users\Shanahan Family\Downloads\GetSusp.xml
2012-06-25 14:46 - 2012-06-25 14:46 - 01501248 ____A (McAfee Inc.) C:\Users\Shanahan Family\Downloads\getsusp.exe
2012-06-25 14:44 - 2012-06-24 22:11 - 00000000 ____D C:\UBCD4Win
2012-06-25 14:15 - 2012-06-25 13:30 - 00000000 ____D C:\Windows\pss
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee.com
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files\McAfee
2012-06-25 14:11 - 2012-06-25 14:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-25 13:59 - 2012-06-25 13:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-25 13:46 - 2012-06-25 13:46 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-25 13:46 - 2012-06-25 13:45 - 74761776 ____A C:\Users\Shanahan Family\Downloads\setup_av_free.exe
2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-25 13:25 - 2012-06-25 13:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-25 13:25 - 2012-06-25 13:25 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-25 13:22 - 2012-06-25 13:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-25 13:22 - 2012-06-25 13:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-25 13:22 - 2012-06-25 13:22 - 00000000 ____D C:\Program Files\Java
2012-06-25 13:22 - 2012-02-21 18:51 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-25 13:17 - 2009-07-13 23:54 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\Users\Public\desktop.ini
2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\users\desktop.ini
2012-06-25 13:17 - 2009-07-13 23:54 - 00000174 ___SH C:\Program Files (x86)\desktop.ini
2012-06-25 13:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-06-25 11:23 - 2012-03-21 18:23 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-25 11:23 - 2012-03-21 18:23 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-06-25 11:22 - 2012-06-25 11:22 - 00000000 ____D C:\mfe
2012-06-25 05:19 - 2012-06-25 05:19 - 00159144 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\WindowsActivationUpdate.exe
2012-06-25 05:01 - 2012-06-25 05:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-25 05:01 - 2012-02-21 18:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-25 04:20 - 2012-06-25 04:20 - 00000330 ____A C:\Users\Shanahan Family\Desktop\gmer.log
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 03:38 - 2012-06-25 03:38 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-24 22:01 - 2012-06-24 22:01 - 00000942 ____A C:\Users\Shanahan Family\Downloads\dellregfix.zip
2012-06-24 22:00 - 2012-06-24 22:00 - 00379392 ____A C:\Users\Shanahan Family\Downloads\subinacl.msi
2012-06-24 22:00 - 2012-06-24 22:00 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-06-24 16:54 - 2012-06-24 16:54 - 00023006 ____A C:\ComboFix.txt
2012-06-24 16:54 - 2012-06-24 12:40 - 00000000 ____D C:\Qoobox
2012-06-24 16:52 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-06-24 12:46 - 2009-07-13 22:20 - 00000000 ____D C:\users\Default
2012-06-24 12:45 - 2012-06-24 12:40 - 00000000 ____D C:\Windows\erdnt
2012-06-23 20:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-23 14:01 - 2012-06-23 14:01 - 00071358 ____A C:\Users\Shanahan Family\Downloads\OTL.Txt
2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\McAfee
2012-06-23 13:48 - 2012-06-23 13:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\McAfee
2012-06-23 13:40 - 2012-06-23 12:14 - 00000632 _RASH C:\Users\Shanahan Family\ntuser.pol
2012-06-23 12:37 - 2012-06-23 12:21 - 00118252 _RASH C:\Users\Kids\ntuser.pol
2012-06-23 12:37 - 2012-06-23 12:21 - 00000000 ____D C:\users\Kids
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\KidZui
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\Application Data\Adobe
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\KidZui
2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Adobe
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-23 12:30 - 2012-06-23 12:30 - 00127328 ____A C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\BMExplorer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\BMExplorer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Roxio
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Creative
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\Application Data\Apple Computer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Roxio
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Creative
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Apple Computer
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\Google
2012-06-23 12:27 - 2012-06-23 12:27 - 00000000 ____D C:\Users\Kids\AppData\Local\BMExplorer
2012-06-23 12:27 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell
2012-06-23 12:27 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell
2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\Application Data\Atheros Communication
2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Atheros Communication
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Atheros
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Atheros
2012-06-23 12:22 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Kids\AppData\Local\Atheros
2012-06-23 12:21 - 2012-06-23 12:21 - 00000020 ___SH C:\Users\Kids\ntuser.ini
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Adobe
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Adobe
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Application Data\Dell Touch Zone
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dell Touch Zone
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\VirtualStore
2012-06-23 12:21 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
2012-06-23 12:14 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\SoftThinks
2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\SoftThinks
2012-06-23 12:07 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\SoftThinks
2012-06-23 12:06 - 2012-06-23 12:06 - 00074184 ____A C:\Windows\System32\Drivers\aa4c16f84acedb9.sys
2012-06-22 14:05 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Bluetooth Folder
2012-06-22 14:05 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Documents\Bluetooth Folder
2012-06-20 18:52 - 2007-10-27 01:31 - 00000000 ____D C:\Users\Shanahan Family\My Documents\My Scans
2012-06-20 18:52 - 2007-10-27 01:31 - 00000000 ____D C:\Users\Shanahan Family\Documents\My Scans
2012-06-18 17:23 - 2012-02-21 19:13 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-18 17:23 - 2012-02-21 19:13 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-06-18 16:15 - 2011-05-21 15:16 - 00000000 ____D C:\Users\Shanahan Family\My Documents\LRAT
2012-06-18 16:15 - 2011-05-21 15:16 - 00000000 ____D C:\Users\Shanahan Family\Documents\LRAT
2012-06-18 16:06 - 2012-06-18 16:06 - 00026112 ____A C:\Users\Shanahan Family\Downloads\TS001018259.dot
2012-06-18 15:48 - 2007-03-13 21:55 - 08462336 ____A C:\Users\Shanahan Family\My Documents\My Money.mny
2012-06-18 15:48 - 2007-03-13 21:55 - 08462336 ____A C:\Users\Shanahan Family\Documents\My Money.mny
2012-06-14 08:52 - 2009-07-13 23:45 - 00468216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:31 - 2012-04-10 09:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 22:31 - 2012-04-10 09:47 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-06-13 22:28 - 2012-03-21 18:46 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 13:45 - 2012-06-13 13:45 - 00051356 ____A C:\Users\Shanahan Family\Downloads\WHAT TO PACK IN YOUR CHILD.mht
2012-06-07 09:22 - 2012-05-31 09:37 - 00000000 ____D C:\Users\Shanahan Family\Application Data\HpUpdate
2012-06-07 09:22 - 2012-05-31 09:37 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
2012-06-06 10:43 - 2012-04-18 11:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-02 17:19 - 2012-06-21 19:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 19:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 19:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 17:19 - 2012-06-21 19:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 19:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 19:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 19:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 19:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 17:15 - 2012-06-21 19:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 09:39 - 2012-05-31 09:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-31 09:37 - 2012-05-31 09:37 - 00000000 ____D C:\Windows\Hewlett-Packard
2012-05-31 09:37 - 2012-03-21 18:21 - 00000000 ____D C:\Program Files (x86)\HP
2012-05-25 19:13 - 2012-06-25 15:10 - 00162224 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-05-23 19:33 - 2012-05-23 19:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-23 19:33 - 2012-05-23 19:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-22 23:16 - 2012-05-22 23:16 - 00703564 ____A C:\Users\Shanahan Family\Downloads\Night-Shift.azw
2012-05-22 12:45 - 2012-03-25 10:44 - 00000000 ____D C:\Users\Shanahan Family\Application Data\KidZui
2012-05-22 12:45 - 2012-03-25 10:44 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\KidZui
2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\VirtualStore
2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\VirtualStore
2012-05-22 12:45 - 2012-03-22 00:45 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\VirtualStore
2012-05-21 18:18 - 2012-05-07 21:49 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Smilebox
2012-05-21 18:18 - 2012-05-07 21:49 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Smilebox
2012-05-21 13:20 - 2012-03-22 00:48 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Mozilla
2012-05-21 13:20 - 2012-03-22 00:48 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Mozilla
2012-05-19 12:06 - 2012-05-19 12:06 - 00000000 __SHD C:\Users\Shanahan Family\UserData
2012-05-19 00:53 - 2012-05-19 00:53 - 00000050 ____A C:\Users\Shanahan Family\Desktop\www.stjoevan.org.url
2012-05-17 21:47 - 2012-06-13 22:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-13 22:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-13 22:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-13 22:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-13 22:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-13 22:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-13 22:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-13 22:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-13 22:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-13 22:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-13 22:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-13 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-13 22:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-13 22:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-13 22:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-13 22:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-13 22:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-13 22:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-13 22:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-13 22:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-13 22:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-13 22:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-13 22:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-13 22:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-13 22:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-13 22:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-13 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-13 22:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 14:09 - 2012-05-15 14:09 - 00051712 ____A C:\Users\Shanahan Family\Downloads\2012 Blank LRAT ITAS_Timesheet.xls
2012-05-14 20:32 - 2012-06-13 13:35 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 09:23 - 2009-07-14 00:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-13 00:16 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 00:32 - 2012-05-11 00:32 - 00009996 ____A C:\Users\Shanahan Family\Downloads\Mary Kay Order 051112.htm
2012-05-11 00:32 - 2012-05-11 00:32 - 00000000 ____D C:\Users\Shanahan Family\Downloads\Mary Kay Order 051112_files
2012-05-11 00:27 - 2012-05-11 00:27 - 00032344 ____A C:\Users\Shanahan Family\Downloads\SalesReceipt_76afff (1).xls
2012-05-11 00:25 - 2012-05-11 00:25 - 00032344 ____A C:\Users\Shanahan Family\Downloads\SalesReceipt_76afff.xls
2012-05-10 11:53 - 2012-05-10 11:53 - 00034511 ____A C:\Users\Shanahan Family\Downloads\6.htm
2012-05-10 11:53 - 2012-05-10 11:53 - 00000000 ____D C:\Users\Shanahan Family\Downloads\6_files
2012-05-08 17:53 - 2012-05-08 17:53 - 00024462 ____A C:\Users\Shanahan Family\Downloads\Is your skin ready for Spring.eml
2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Smilebox
2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Smilebox
2012-05-07 23:30 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Smilebox
2012-05-07 23:26 - 2011-07-29 15:48 - 00000000 ____D C:\Users\Shanahan Family\My Documents\My Smilebox Creations
2012-05-07 23:26 - 2011-07-29 15:48 - 00000000 ____D C:\Users\Shanahan Family\Documents\My Smilebox Creations
2012-05-07 21:50 - 2012-05-07 21:50 - 00001926 ____A C:\Users\Shanahan Family\Desktop\Smilebox.lnk
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 __SHD C:\Users\Shanahan Family\PrivacIE
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Conduit
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Conduit
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Conduit
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Program Files (x86)\SmileBox_EN
2012-05-07 21:50 - 2012-05-07 21:50 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-05-07 21:49 - 2012-05-07 21:48 - 00631752 ____A (Smilebox, Inc.) C:\Users\Shanahan Family\Downloads\SmileboxInstaller.exe
2012-05-04 21:29 - 2012-06-25 13:25 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 21:29 - 2012-03-21 18:59 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-04 21:29 - 2012-02-21 18:51 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 06:06 - 2012-06-13 13:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-13 13:35 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-13 13:35 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 13:48 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-05-03 13:45 - 2007-04-16 16:35 - 00000000 ____D C:\Users\Shanahan Family\My Documents\Fax
2012-05-03 13:45 - 2007-04-16 16:35 - 00000000 ____D C:\Users\Shanahan Family\Documents\Fax
2012-05-03 13:40 - 2012-05-03 13:39 - 00000000 ____D C:\Users\Shanahan Family\Application Data\Stamps.com Internet Postage
2012-05-03 13:40 - 2012-05-03 13:39 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\Stamps.com Internet Postage
2012-05-03 13:39 - 2012-05-03 13:39 - 00001008 ____A C:\Users\Public\Desktop\Stamps.com.lnk
2012-05-03 13:39 - 2012-05-03 13:39 - 00001008 ____A C:\Users\All Users\Desktop\Stamps.com.lnk
2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\{C243CCC8-5474-45FC-A546-7FBC284A692E}
2012-05-03 13:39 - 2012-05-03 13:39 - 00000000 ____D C:\Users\All Users\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
2012-05-03 13:39 - 2012-05-03 13:38 - 00000036 ___AH C:\Windows\SysWOW64\f9t.dat
2012-05-03 13:39 - 2012-05-03 13:38 - 00000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Seven Zip
2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Seven Zip
2012-05-03 13:36 - 2012-05-03 13:36 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Seven Zip
2012-05-03 13:35 - 2012-05-03 13:34 - 25909592 ____A (Stamps.com, Inc. ) C:\Users\Shanahan Family\Downloads\stamps.exe
2012-05-01 00:40 - 2012-06-13 13:35 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 22:55 - 2012-06-13 13:35 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-13 13:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-13 13:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-13 13:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:37 - 2012-06-13 13:35 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-13 13:35 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-13 13:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-13 13:35 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-13 13:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-13 13:35 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 10:04 - 2012-04-22 10:04 - 00000000 ____D C:\Users\Shanahan Family\My Backup Files
2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\SoftThinks
2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\SoftThinks
2012-04-22 10:04 - 2012-03-22 00:42 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\SoftThinks
2012-04-21 09:57 - 2012-03-22 11:07 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-18 11:03 - 2012-04-05 11:03 - 00000000 ____D C:\Program Files\Dell Support Center
2012-04-17 10:06 - 2012-04-17 10:06 - 00000000 ___RD C:\Users\Shanahan Family\Desktop\MySyncUPFiles
2012-04-16 19:10 - 2009-01-12 13:04 - 00000000 ____D C:\Users\Shanahan Family\My Documents\DMAT
2012-04-16 19:10 - 2009-01-12 13:04 - 00000000 ____D C:\Users\Shanahan Family\Documents\DMAT
2012-04-16 15:33 - 2012-03-26 09:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-04-16 15:31 - 2012-04-16 15:31 - 00001345 ____A C:\Users\Public\Desktop\First Thousand Words.lnk
2012-04-16 15:31 - 2012-04-16 15:31 - 00001345 ____A C:\Users\All Users\Desktop\First Thousand Words.lnk
2012-04-16 15:31 - 2012-04-16 15:31 - 00000000 ____D C:\Users\All Users\QuickTime
2012-04-16 15:31 - 2012-04-16 15:31 - 00000000 ____D C:\Users\All Users\Application Data\QuickTime
2012-04-16 15:30 - 2012-04-16 15:30 - 00000000 ____D C:\Program Files (x86)\Scholastic
2012-04-16 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Google
2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Google
2012-04-11 22:45 - 2012-03-21 18:10 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Google
2012-04-11 22:34 - 2012-04-11 22:34 - 00037861 ____A C:\Users\Shanahan Family\Application Data\Comma Separated Values (DOS).ADR
2012-04-11 22:34 - 2012-04-11 22:34 - 00037861 ____A C:\Users\Shanahan Family\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-04-11 20:42 - 2012-03-24 09:47 - 00000000 ____D C:\Users\Shanahan Family\Application Data\SoftGrid Client
2012-04-11 20:42 - 2012-03-24 09:47 - 00000000 ____D C:\Users\Shanahan Family\AppData\Roaming\SoftGrid Client
2012-04-11 20:42 - 2012-02-21 19:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-11 12:06 - 2009-07-13 21:34 - 00000545 ____A C:\Windows\win.ini
2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Microsoft Help
2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\Local Settings\Application Data\Microsoft Help
2012-04-10 11:32 - 2012-06-23 12:21 - 00000000 ____D C:\Users\Kids\AppData\Local\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
2012-04-10 11:32 - 2012-04-10 11:32 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\Local Settings\GDIPFONTCACHEV1.DAT
2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-10 10:04 - 2012-03-22 00:43 - 00127328 ____A C:\Users\Shanahan Family\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-10 09:58 - 2012-04-10 09:58 - 00003029 ____A C:\Users\Shanahan Family\Desktop\Microsoft Outlook 2010.lnk
2012-04-10 09:56 - 2012-04-10 09:56 - 03322136 ____A (Microsoft Corporation) C:\Users\Shanahan Family\Downloads\OutlookConnector.exe
2012-04-10 09:56 - 2012-04-10 09:56 - 00000000 ____D C:\Program Files (x86)\MSECache
2012-04-10 09:50 - 2012-04-10 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-10 09:50 - 2012-04-10 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-04-10 09:50 - 2012-02-21 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-10 09:50 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2012-04-10 09:50 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-04-10 09:49 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Microsoft Help
2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\Local Settings\Application Data\Microsoft Help
2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Users\Shanahan Family\AppData\Local\Microsoft Help
2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-10 09:47 - 2012-04-10 09:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-10 09:46 - 2012-04-10 09:46 - 00000000 ___RD C:\MSOCache
2012-04-09 11:28 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-04-07 07:31 - 2012-06-13 13:35 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-13 13:35 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-03-31 08:57 - 2012-03-31 08:57 - 00001170 ____A C:\Users\Default\Desktop\Dell Advantage.lnk
2012-03-31 08:57 - 2012-03-31 08:57 - 00001170 ____A C:\Users\Default User\Desktop\Dell Advantage.lnk
2012-03-31 08:57 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2012-03-30 09:01 - 2012-02-21 19:02 - 00000000 ____D C:\Program Files (x86)\Dell Stage
2012-03-30 06:35 - 2012-05-12 10:37 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
ZeroAccess:
C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}
C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\@
C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\L
C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 11%
Total physical RAM: 6049.09 MB
Available physical RAM: 5332.52 MB
Total Pagefile: 6047.29 MB
Available Pagefile: 5307.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:909.1 GB) (Free:824.15 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:22.37 GB) (Free:9.52 GB) NTFS
4 Drive f: (PENDRIVE) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3826 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 22 GB 40 MB
Partition 3 Primary 909 GB 22 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 22 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 909 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3825 MB 22 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PENDRIVE FAT32 Removable 3825 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-23 20:29
======================= End Of Log ==========================
 
My wife informed me that she had Mcafee techs working on this today via remote access
Click to expand...
Since we've been working on this computer please observe forum rules:
Please refrain from running tools or applying updates other than those I suggest.
Click to expand...

======================================================

McAfee has been most likely messed up by the infection so it may be just a matter of reinstalling it BUT do nothing yet.
We have to make sure your computer is clean first.

===================================================

Why did you post two different looking logs?
Which one is the correct log?
 
I've asked my wife to hold off on helping for now. :) I split my log into 2 posts as it would not fit into one due to character limits. I see there is another log posted after my last from someone named "cuquito".
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally and...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    588 bytes · Views: 5
Here are the logs. Both Chrome and IE are unusable now as they pop up "Illegal operation attempted on a registry key that has been marked for deletion".

ComboFix 12-06-28.01 - Shanahan Family 06/28/2012 8:05.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4016 [GMT -7:00]
Running from: c:\users\Shanahan Family\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 15:10 . 2012-06-28 15:10--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-28 15:02 . 2012-06-28 15:0269000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA8B79-0DF2-475A-A601-1AD30AE9D911}\offreg.dll
2012-06-26 07:46 . 2003-12-16 17:0449152----a-w-c:\windows\SysWow64\usbmonit.exe
2012-06-26 07:46 . 2003-05-21 16:27139264----a-w-c:\windows\SysWow64\geneicon.dll
2012-06-26 07:46 . 2003-03-07 18:5236864----a-w-c:\windows\SysWow64\deluidrv.exe
2012-06-26 07:46 . 2002-03-05 17:1032768----a-w-c:\windows\SysWow64\delentry.exe
2012-06-26 07:45 . 2003-12-16 17:1524848----a-w-c:\windows\SysWow64\drivers\geneuide.sys
2012-06-26 06:56 . 2012-06-26 06:56--------d-----w-C:\FRST
2012-06-26 04:19 . 2012-06-25 20:47--------d-----w-c:\users\mcafee test
2012-06-26 04:17 . 2012-06-26 04:174285248----a-w-c:\users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts\McAfeeSetup.exe
2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\program files (x86)\Citrix
2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\users\Shanahan Family\AppData\Local\Citrix
2012-06-25 20:21 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A24A782-8E6D-4047-8E9E-B2FEC9DB8AC7}\gapaengine.dll
2012-06-25 20:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9EA8B79-0DF2-475A-A601-1AD30AE9D911}\mpengine.dll
2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files\Microsoft Security Client
2012-06-25 20:10 . 2012-05-26 00:13162224----a-w-c:\windows\system32\mfevtps.exe
2012-06-25 19:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D80087E-C3DA-41CD-A4C1-5EEDCC7A1F6D}\mpengine.dll
2012-06-25 19:11 . 2012-06-25 20:39--------d-----w-c:\program files (x86)\Common Files\McAfee
2012-06-25 19:11 . 2012-06-25 20:17--------d-----w-c:\program files\Common Files\McAfee
2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files\McAfee
2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files (x86)\McAfee
2012-06-25 18:46 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
2012-06-25 18:46 . 2012-06-26 04:15--------d-----w-c:\programdata\AVAST Software
2012-06-25 18:46 . 2012-06-25 18:46--------d-----w-c:\program files\AVAST Software
2012-06-25 18:37 . 2012-06-25 20:12--------d-----w-c:\programdata\McAfee
2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Oracle
2012-06-25 18:22 . 2012-06-25 18:22955840----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-25 18:22 . 2012-06-25 18:22--------d-----w-c:\program files\Java
2012-06-25 17:55 . 2012-06-28 16:00--------d-----w-c:\windows\system32\wbem\repository
2012-06-25 17:28 . 2012-06-25 17:28--------d-s---w-c:\windows\SysWow64\Microsoft
2012-06-25 16:22 . 2012-06-25 16:22--------d-----w-C:\mfe
2012-06-25 10:01 . 2012-06-25 10:01426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\users\Shanahan Family\AppData\Roaming\Malwarebytes
2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\programdata\Malwarebytes
2012-06-25 03:11 . 2012-06-25 19:44--------d-----w-C:\UBCD4Win
2012-06-25 03:00 . 2012-06-25 03:00--------d-----w-c:\program files (x86)\Windows Resource Kits
2012-06-23 18:48 . 2012-06-23 18:48--------d-----w-c:\users\Shanahan Family\AppData\Roaming\McAfee
2012-06-23 17:21 . 2012-06-23 17:37--------d-----w-c:\users\Kids
2012-06-23 17:06 . 2012-06-23 17:0674184----a-w-c:\windows\system32\drivers\aa4c16f84acedb9.sys
2012-06-22 00:12 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-22 00:12 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-22 00:12 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-22 00:12 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-22 00:12 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-22 00:12 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-22 00:12 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-22 00:12 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-22 00:12 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-13 18:36 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 18:36 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 18:36 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-05-31 14:39 . 2012-05-31 14:39--------d-----w-c:\program files (x86)\Hewlett-Packard
2012-05-31 14:37 . 2012-06-07 14:22--------d-----w-c:\users\Shanahan Family\AppData\Roaming\HpUpdate
2012-05-31 14:37 . 2012-05-31 14:37--------d-----w-c:\windows\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 18:22 . 2012-02-21 23:51839096----a-w-c:\windows\system32\deployJava1.dll
2012-06-25 10:01 . 2012-02-21 23:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:29 . 2012-03-21 23:59772504----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 02:29 . 2012-02-21 23:51687504----a-w-c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-24_17.44.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-23 18:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-25 16:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-23 18:5132768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 16:3432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 16:3416384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 18:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-26 21:4155722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 15:0138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-22 05:44 . 2012-06-28 15:0110006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1000_UserData.bin
+ 2009-07-13 23:38 . 2009-07-13 23:3815360 c:\windows\system32\vga.dll
+ 2009-07-14 00:16 . 2009-07-14 00:1617408 c:\windows\system32\tsddd.dll
+ 2009-07-14 00:16 . 2009-07-14 01:3232256 c:\windows\system32\RDPREFDD.dll
+ 2009-07-13 23:19 . 2009-07-14 01:4557424 c:\windows\system32\PSHED.DLL
+ 2009-07-13 23:19 . 2009-07-14 01:4136864 c:\windows\system32\pcwum.dll
+ 2009-07-13 23:22 . 2009-07-14 01:4832832 c:\windows\system32\mcupdate_AuthenticAMD.dll
+ 2012-02-22 01:23 . 2012-02-22 01:2320352 c:\windows\system32\kdusb.dll
+ 2012-02-22 01:23 . 2012-02-22 01:2317792 c:\windows\system32\kdcom.dll
+ 2012-02-22 01:23 . 2012-02-22 01:2319328 c:\windows\system32\kd1394.dll
+ 2009-07-13 23:37 . 2009-07-14 01:2810240 c:\windows\system32\kbdnecat.dll
+ 2009-07-13 23:37 . 2009-07-14 01:4112288 c:\windows\system32\KBDKOR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:4112800 c:\windows\system32\KBDJPN.DLL
+ 2009-07-13 23:38 . 2009-07-13 23:3814848 c:\windows\system32\framebuf.dll
+ 2009-07-13 23:37 . 2009-07-14 01:2734816 c:\windows\system32\f3ahvoas.dll
+ 2009-07-14 05:30 . 2012-06-25 16:3986016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-06-23 18:4486016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:10 . 2009-07-14 00:1021504 c:\windows\system32\drivers\ws2ifsl.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4516464 c:\windows\system32\drivers\wmilib.sys
+ 2009-07-13 23:31 . 2009-07-13 23:3114336 c:\windows\system32\drivers\wmiacpi.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2341984 c:\windows\system32\drivers\winusb.sys
+ 2009-07-13 23:29 . 2009-07-14 01:4522096 c:\windows\system32\drivers\wimmount.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0912800 c:\windows\system32\drivers\wfplwf.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4542064 c:\windows\system32\drivers\WdfLdr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4521056 c:\windows\system32\drivers\wd.sys
+ 2009-07-13 23:37 . 2009-07-13 23:3742496 c:\windows\system32\drivers\watchdog.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2488576 c:\windows\system32\drivers\wanarp.sys
+ 2009-07-14 00:02 . 2009-07-14 00:0227776 c:\windows\system32\drivers\wacompen.sys
+ 2009-07-14 00:07 . 2009-07-14 00:0717920 c:\windows\system32\drivers\vwifimp.sys
+ 2009-07-14 00:07 . 2009-07-14 00:0759904 c:\windows\system32\drivers\vwififlt.sys
+ 2009-07-14 00:07 . 2009-07-14 00:0724576 c:\windows\system32\drivers\vwifibus.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2371552 c:\windows\system32\drivers\volmgr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4517488 c:\windows\system32\drivers\viaide.sys
+ 2009-07-13 23:38 . 2009-07-13 23:3829184 c:\windows\system32\drivers\vgapnp.sys
+ 2009-07-13 23:38 . 2009-07-13 23:3829184 c:\windows\system32\drivers\vga.sys
+ 2009-07-14 00:01 . 2009-07-14 01:4536432 c:\windows\system32\drivers\vdrvroot.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2330720 c:\windows\system32\drivers\usbuhci.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2391648 c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-07-14 00:35 . 2009-07-14 00:3541984 c:\windows\system32\drivers\usbscan.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2431744 c:\windows\system32\drivers\usbrpm.sys
+ 2009-07-14 00:38 . 2009-07-14 00:3825088 c:\windows\system32\drivers\usbprint.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2325600 c:\windows\system32\drivers\usbohci.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2352736 c:\windows\system32\drivers\usbehci.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2399328 c:\windows\system32\drivers\usbccgp.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2432896 c:\windows\system32\drivers\USBCAMD2.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0919968 c:\windows\system32\drivers\usb8023.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2348640 c:\windows\system32\drivers\umbus.sys
+ 2009-07-13 23:38 . 2009-07-14 01:4564592 c:\windows\system32\drivers\ULIAGPKX.SYS
+ 2009-07-13 23:38 . 2009-07-14 01:4564080 c:\windows\system32\drivers\UAGP35.SYS
+ 2010-11-21 03:23 . 2010-11-21 03:2331232 c:\windows\system32\drivers\TsUsbGD.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2459392 c:\windows\system32\drivers\TsUsbFlt.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2339424 c:\windows\system32\drivers\tssecsrv.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2363360 c:\windows\system32\drivers\termdd.sys
+ 2012-03-22 10:49 . 2012-02-17 04:5723552 c:\windows\system32\drivers\tdtcp.sys
+ 2009-07-14 00:16 . 2009-07-14 00:1615872 c:\windows\system32\drivers\tdpipe.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2426624 c:\windows\system32\drivers\tdi.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2345056 c:\windows\system32\drivers\tcpipreg.sys
+ 2009-07-14 00:01 . 2009-07-14 00:0129184 c:\windows\system32\drivers\tape.sys
+ 2009-07-14 00:00 . 2009-07-14 01:4512496 c:\windows\system32\drivers\swenum.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0668864 c:\windows\system32\drivers\stream.sys
+ 2009-07-13 21:59 . 2009-07-14 01:4524656 c:\windows\system32\drivers\stexstor.sys
+ 2009-07-13 20:27 . 2009-07-14 01:4519008 c:\windows\system32\drivers\spldr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0020992 c:\windows\system32\drivers\smclib.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0993184 c:\windows\system32\drivers\smb.sys
+ 2009-07-13 21:59 . 2009-07-14 01:4580464 c:\windows\system32\drivers\sisraid4.sys
+ 2009-06-10 20:37 . 2009-07-14 01:4543584 c:\windows\system32\drivers\sisraid2.sys
+ 2011-10-01 15:30 . 2011-10-01 15:3022376 c:\windows\system32\drivers\Sftvollh.sys
+ 2011-10-01 15:30 . 2011-10-01 15:3025960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2009-07-14 00:01 . 2009-07-14 00:0116896 c:\windows\system32\drivers\sfloppy.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2314336 c:\windows\system32\drivers\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:0113824 c:\windows\system32\drivers\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:0114336 c:\windows\system32\drivers\sffdisk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0026624 c:\windows\system32\drivers\sermouse.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0094208 c:\windows\system32\drivers\serial.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0023552 c:\windows\system32\drivers\serenum.sys
+ 2009-07-14 02:36 . 2009-06-10 20:3723040 c:\windows\system32\drivers\secdrv.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2429696 c:\windows\system32\drivers\scfilter.sys
+ 2009-07-14 00:08 . 2009-07-14 00:0876800 c:\windows\system32\drivers\rspndr.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1011264 c:\windows\system32\drivers\rootmdm.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0941472 c:\windows\system32\drivers\RNDISMP.sys
+ 2009-07-14 00:17 . 2009-07-14 00:1724064 c:\windows\system32\drivers\rdpbus.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1083968 c:\windows\system32\drivers\rassstp.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1092672 c:\windows\system32\drivers\raspppoe.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1014848 c:\windows\system32\drivers\rasacd.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0946592 c:\windows\system32\drivers\qwavedrv.sys
+ 2012-02-22 00:13 . 2010-03-19 09:0055856 c:\windows\system32\drivers\PxHlpa64.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1960416 c:\windows\system32\drivers\processr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4550768 c:\windows\system32\drivers\pcw.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4548720 c:\windows\system32\drivers\pciidex.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4512352 c:\windows\system32\drivers\pciide.sys
+ 2012-05-12 15:38 . 2012-03-17 07:5875120 c:\windows\system32\drivers\partmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0097280 c:\windows\system32\drivers\parport.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0672832 c:\windows\system32\drivers\ohci1394.sys
+ 2009-07-13 23:21 . 2009-07-13 23:2124576 c:\windows\system32\drivers\nsiproxy.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1944032 c:\windows\system32\drivers\npfs.sys
+ 2012-03-21 03:44 . 2012-03-21 03:4498688 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2009-07-13 21:59 . 2009-07-14 01:4851264 c:\windows\system32\drivers\nfrd960.sys
+ 2009-07-14 00:09 . 2009-07-14 00:0944544 c:\windows\system32\drivers\netbios.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2457856 c:\windows\system32\drivers\ndproxy.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2456832 c:\windows\system32\drivers\ndisuio.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1024064 c:\windows\system32\drivers\ndistapi.sys
+ 2009-07-14 00:08 . 2009-07-14 00:0835328 c:\windows\system32\drivers\ndiscap.sys
+ 2009-07-13 23:23 . 2009-07-14 01:4860496 c:\windows\system32\drivers\mup.sys
+ 2009-07-14 00:02 . 2009-07-14 00:0215360 c:\windows\system32\drivers\MTConfig.sys
+ 2009-07-13 23:31 . 2009-07-14 01:4832320 c:\windows\system32\drivers\mssmbios.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0011136 c:\windows\system32\drivers\mskssrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4815424 c:\windows\system32\drivers\msisadrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1926112 c:\windows\system32\drivers\msfs.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2331104 c:\windows\system32\drivers\msahci.sys
+ 2009-07-14 00:08 . 2009-07-14 00:0877312 c:\windows\system32\drivers\mpsdrv.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2394592 c:\windows\system32\drivers\mountmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0031232 c:\windows\system32\drivers\mouhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4849216 c:\windows\system32\drivers\mouclass.sys
+ 2009-07-13 23:38 . 2009-07-13 23:3830208 c:\windows\system32\drivers\monitor.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1040448 c:\windows\system32\drivers\modem.sys
+ 2011-03-13 17:20 . 2012-02-22 20:2975936 c:\windows\system32\drivers\mfenlfk.sys
+ 2012-02-22 00:15 . 2012-02-22 20:2910248 c:\windows\system32\drivers\mfeclnk.sys
+ 2009-06-10 20:37 . 2009-07-14 01:4835392 c:\windows\system32\drivers\megasas.sys
+ 2009-07-14 00:01 . 2009-07-14 00:0122016 c:\windows\system32\drivers\mcd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:4865600 c:\windows\system32\drivers\lsi_sas2.sys
+ 2009-07-14 00:08 . 2009-07-14 00:0860928 c:\windows\system32\drivers\lltdio.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0020992 c:\windows\system32\drivers\ksthunk.sys
+ 2012-03-21 22:52 . 2011-11-17 06:4995600 c:\windows\system32\drivers\ksecdd.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2333280 c:\windows\system32\drivers\kbdhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4850768 c:\windows\system32\drivers\kbdclass.sys
+ 2012-02-22 01:09 . 2010-07-14 01:5769736 c:\windows\system32\drivers\itecir.sys
+ 2009-07-13 23:31 . 2009-07-14 01:4820544 c:\windows\system32\drivers\isapnp.sys
+ 2009-07-14 00:08 . 2009-07-14 00:0817920 c:\windows\system32\drivers\irenum.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2378848 c:\windows\system32\drivers\IPMIDrv.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2482944 c:\windows\system32\drivers\ipfltdrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1962464 c:\windows\system32\drivers\intelppm.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4816960 c:\windows\system32\drivers\intelide.sys
+ 2009-07-13 21:59 . 2009-07-14 01:4844112 c:\windows\system32\drivers\iirsp.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2414720 c:\windows\system32\drivers\hwpolicy.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2378720 c:\windows\system32\drivers\HpSAMD.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2330208 c:\windows\system32\drivers\hidusb.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0632896 c:\windows\system32\drivers\hidparse.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0646592 c:\windows\system32\drivers\hidir.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2376800 c:\windows\system32\drivers\hidclass.sys
+ 2009-07-13 23:31 . 2009-07-13 23:3126624 c:\windows\system32\drivers\hidbatt.sys
+ 2012-02-22 01:10 . 2010-10-19 19:3456344 c:\windows\system32\drivers\HECIx64.sys
+ 2009-07-13 22:53 . 2009-06-10 20:3131232 c:\windows\system32\drivers\hcw85cir.sys
+ 2009-07-13 23:38 . 2009-07-14 01:4765088 c:\windows\system32\drivers\GAGP30KX.SYS
+ 2009-07-13 23:26 . 2009-07-14 01:4755376 c:\windows\system32\drivers\fsdepends.sys
+ 2012-04-11 17:04 . 2012-03-01 06:4623408 c:\windows\system32\drivers\fs_rec.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0024576 c:\windows\system32\drivers\flpydisk.sys
+ 2009-07-13 23:25 . 2009-07-13 23:2534304 c:\windows\system32\drivers\filetrace.sys
+ 2009-07-13 23:34 . 2009-07-14 01:4770224 c:\windows\system32\drivers\fileinfo.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0029696 c:\windows\system32\drivers\fdc.sys
+ 2009-07-13 23:38 . 2009-07-13 23:3898816 c:\windows\system32\drivers\dxg.sys
+ 2009-07-13 23:38 . 2009-07-13 23:3816896 c:\windows\system32\drivers\dxapi.sys
+ 2009-07-13 23:21 . 2009-07-14 01:4355128 c:\windows\system32\drivers\dumpfve.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4728736 c:\windows\system32\drivers\Dumpata.sys
+ 2009-07-14 00:00 . 2009-07-14 00:0043008 c:\windows\system32\drivers\Dot4usb.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2319968 c:\windows\system32\drivers\Dot4Prt.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2327520 c:\windows\system32\drivers\Diskdump.sys
+ 2009-07-13 23:19 . 2009-07-14 01:4773280 c:\windows\system32\drivers\disk.sys
+ 2009-07-13 23:37 . 2009-07-13 23:3740448 c:\windows\system32\drivers\discache.sys
+ 2009-07-14 00:01 . 2009-07-14 01:4724144 c:\windows\system32\drivers\crcdisk.sys
+ 2009-07-14 00:01 . 2009-07-14 01:4739504 c:\windows\system32\drivers\crashdmp.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2338912 c:\windows\system32\drivers\CompositeBus.sys
+ 2009-07-13 23:31 . 2009-07-14 01:5221584 c:\windows\system32\drivers\compbatt.sys
+ 2009-07-13 23:19 . 2009-07-14 01:5217488 c:\windows\system32\drivers\cmdide.sys
+ 2009-07-13 23:31 . 2009-07-13 23:3117664 c:\windows\system32\drivers\CmBatt.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0645568 c:\windows\system32\drivers\circlass.sys
+ 2011-03-13 17:20 . 2012-02-22 20:2965264 c:\windows\system32\drivers\cfwids.sys
+ 2012-02-22 00:13 . 2009-10-20 09:0010224 c:\windows\system32\drivers\cdralw2k.sys
+ 2012-02-22 00:13 . 2009-10-20 09:0010224 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1992160 c:\windows\system32\drivers\cdfs.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2380384 c:\windows\system32\drivers\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:0672192 c:\windows\system32\drivers\bthmodem.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0641984 c:\windows\system32\drivers\bthenum.sys
+ 2011-03-31 20:08 . 2011-03-31 20:0855456 c:\windows\system32\drivers\btath_lwflt.sys
+ 2011-03-31 20:08 . 2011-03-31 20:0836000 c:\windows\system32\drivers\btath_flt.sys
+ 2011-03-31 20:08 . 2011-03-31 20:0828832 c:\windows\system32\drivers\btath_bus.sys
+ 2009-07-14 01:20 . 2009-06-10 20:4114720 c:\windows\system32\drivers\BrUsbSer.sys
+ 2009-07-14 01:20 . 2009-06-10 20:4114976 c:\windows\system32\drivers\BrUsbMdm.sys
+ 2009-07-14 01:20 . 2009-06-10 20:4147104 c:\windows\system32\drivers\BrSerWdm.sys
+ 2009-07-14 01:05 . 2009-07-14 01:0195232 c:\windows\system32\drivers\bridge.sys
+ 2009-07-14 01:19 . 2009-06-10 20:4118432 c:\windows\system32\drivers\BrFiltLo.sys
+ 2012-03-21 22:52 . 2011-02-23 04:5590624 c:\windows\system32\drivers\bowser.sys
+ 2009-07-13 23:35 . 2009-07-13 23:3545056 c:\windows\system32\drivers\blbdrive.sys
+ 2009-07-13 23:31 . 2009-07-14 01:5228240 c:\windows\system32\drivers\battc.sys
+ 2009-07-13 23:19 . 2009-07-14 01:5224128 c:\windows\system32\drivers\atapi.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1023040 c:\windows\system32\drivers\asyncmac.sys
+ 2009-07-13 21:59 . 2009-07-14 01:5297856 c:\windows\system32\drivers\arcsas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:5287632 c:\windows\system32\drivers\arc.sys
+ 2010-11-21 03:24 . 2010-11-21 03:2461440 c:\windows\system32\drivers\appid.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2327008 c:\windows\system32\drivers\amdxata.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1960928 c:\windows\system32\drivers\amdppm.sys
+ 2009-07-13 23:19 . 2009-07-13 23:1964512 c:\windows\system32\drivers\amdk8.sys
+ 2009-07-13 23:19 . 2009-07-14 01:5215440 c:\windows\system32\drivers\amdide.sys
+ 2009-07-13 23:19 . 2009-07-14 01:5215440 c:\windows\system32\drivers\aliide.sys
+ 2009-07-13 23:38 . 2009-07-14 01:5261008 c:\windows\system32\drivers\AGP440.sys
+ 2009-07-14 00:10 . 2009-07-14 00:1060416 c:\windows\system32\drivers\agilevpn.sys
+ 2010-11-21 03:23 . 2010-11-21 03:2312800 c:\windows\system32\drivers\acpipmi.sys
+ 2009-07-14 00:06 . 2009-07-14 00:0668096 c:\windows\system32\drivers\1394bus.sys
+ 2012-02-22 01:23 . 2012-02-22 01:2343520 c:\windows\system32\csrsrv.dll
- 2012-03-22 05:45 . 2012-06-24 17:3049152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-22 05:45 . 2012-06-27 23:3049152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-22 05:45 . 2012-06-24 17:3032768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-22 05:45 . 2012-06-27 23:3032768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-24 17:3016384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 23:3016384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:19 . 2009-07-14 01:5223120 c:\windows\system32\BOOTVID.DLL
+ 2009-07-14 04:46 . 2012-06-28 15:0395344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-26 04:21 . 2012-06-25 19:202958 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1004_UserData.bin
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDYCL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYCC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYBA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDYAK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDWOL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDVNTC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUZB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDUSX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUSA.DLL
+ 2010-11-21 03:23 . 2010-11-21 03:237168 c:\windows\system32\KBDUS.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDURDU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDUR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDUKX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUK.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDUGHR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDUGHR.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDTURME.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDTUQ.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDTUF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDTIPRC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTH0.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDTAT.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDTAJIK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSYR2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSYR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSW09.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSW.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDSP.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSORST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSORS1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSOREX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDSN1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDSMSNO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDSMSFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDSL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDSL.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDSG.DLL
+ 2010-11-21 03:23 . 2010-11-21 03:237680 c:\windows\system32\KBDSF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDRU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDRU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDROST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDROPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDRO.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDPO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDPL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDPL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDPASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDNSO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDNO1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDNO.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDNEPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\kbdnecnt.dll
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdnec95.dll
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdnec.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDNE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMONMO.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDMON.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMLT48.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMLT47.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDMAORI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMACST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDMAC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDLV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLT2.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDLT1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDLT.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\kbdlk41a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDLAO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDLA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDKYR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDKHMR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDKAZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDIULAT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDIT142.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDIT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDIR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDINUK2.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINTEL.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINTAM.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINPUN.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINORI.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINMAR.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINMAL.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINKAN.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINHIN.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINGUJ.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINEN.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINDEV.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237680 c:\windows\system32\KBDINBEN.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINBE2.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINBE1.DLL
+ 2012-02-22 01:23 . 2012-02-22 01:237168 c:\windows\system32\KBDINASA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDIC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDIBO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdibm02.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDHU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:289728 c:\windows\system32\KBDHEPT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHELA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHELA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDHEB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHE319.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDHE220.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDHE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDHAU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDGRLND.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247680 c:\windows\system32\KBDGR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDGR.DLL
+ 2010-11-21 03:23 . 2010-11-21 03:238192 c:\windows\system32\KBDGKL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbdgeoqw.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbdgeoer.dll
+ 2010-11-21 03:24 . 2010-11-21 03:246656 c:\windows\system32\KBDGEO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDGAE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDFI1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDFC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDFA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDEST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDES.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDDV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDIV2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDIV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDDA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCZ2.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:248192 c:\windows\system32\KBDCZ1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\KBDCR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288704 c:\windows\system32\KBDCAN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDCA.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBULG.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBR.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBLR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBHC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBGPH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBGPH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDBENE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDBE.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:247168 c:\windows\system32\KBDBASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDAZEL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDAZE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbdax2.dll
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDARMW.DLL
 
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDARME.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\KBDAL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:286656 c:\windows\system32\KBDA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\KBDA1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd106n.dll
+ 2009-07-13 23:37 . 2009-07-14 01:288192 c:\windows\system32\kbd106.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd103.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd101c.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd101b.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287168 c:\windows\system32\kbd101a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:287680 c:\windows\system32\kbd101.dll
+ 2012-02-22 01:23 . 2012-02-22 01:237936 c:\windows\system32\drivers\usbd.sys
+ 2009-07-14 00:06 . 2009-07-14 00:069728 c:\windows\system32\drivers\umpass.sys
+ 2009-07-14 00:16 . 2009-07-14 00:168192 c:\windows\system32\drivers\RDPREFMP.sys
+ 2009-07-14 00:16 . 2009-07-14 00:167680 c:\windows\system32\drivers\RDPENCDD.sys
+ 2009-07-14 00:16 . 2009-07-14 00:167680 c:\windows\system32\drivers\RDPCDD.sys
+ 2009-07-13 23:19 . 2009-07-13 23:196144 c:\windows\system32\drivers\null.sys
+ 2009-07-14 00:00 . 2009-07-14 00:008064 c:\windows\system32\drivers\mstee.sys
+ 2009-07-14 00:00 . 2009-07-14 00:006784 c:\windows\system32\drivers\mspqm.sys
+ 2009-07-14 00:00 . 2009-07-14 00:007168 c:\windows\system32\drivers\mspclock.sys
+ 2009-07-14 00:06 . 2009-07-14 00:068192 c:\windows\system32\drivers\mshidkmdf.sys
+ 2009-07-13 23:31 . 2009-07-13 23:319728 c:\windows\system32\drivers\errdev.sys
+ 2009-07-14 00:06 . 2009-07-14 00:065632 c:\windows\system32\drivers\drmkaud.sys
+ 2009-07-14 01:20 . 2009-06-10 20:418704 c:\windows\system32\drivers\BrFiltUp.sys
+ 2009-07-14 00:00 . 2009-07-14 00:006656 c:\windows\system32\drivers\beep.sys
+ 2012-02-22 00:06 . 2012-06-28 14:531972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-22 00:06 . 2012-06-24 17:231972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-06-24 17:24 . 2012-06-24 17:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-24 17:24 . 2012-06-24 17:242048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-25 10:01 . 2012-06-25 10:01686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-06-25 10:01 . 2012-06-25 10:01465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-06-25 10:01 . 2012-06-25 10:01257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-25 18:25 . 2012-05-05 02:29227720 c:\windows\SysWOW64\javaws.exe
+ 2012-06-25 18:25 . 2012-06-25 18:25174064 c:\windows\SysWOW64\javaw.exe
+ 2012-06-25 18:25 . 2012-06-25 18:25174064 c:\windows\SysWOW64\java.exe
+ 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-06-26 04:09 . 2012-06-26 04:09262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2012-02-22 01:23 . 2012-02-22 01:23605552 c:\windows\system32\winload.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24147456 c:\windows\system32\RDPENCDD.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24274944 c:\windows\system32\rdpdd.dll
+ 2009-07-14 02:36 . 2012-06-28 15:05665138 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-28 15:05122906 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24299392 c:\windows\system32\mcupdate_GenuineIntel.dll
+ 2012-06-25 10:01 . 2012-06-25 10:01417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
+ 2012-06-25 10:01 . 2012-06-25 10:01512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2012-06-25 18:22 . 2012-06-25 18:22268720 c:\windows\system32\javaws.exe
+ 2012-06-25 18:22 . 2012-06-25 18:22189360 c:\windows\system32\javaw.exe
+ 2012-06-25 18:22 . 2012-06-25 18:22188840 c:\windows\system32\java.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24263040 c:\windows\system32\hal.dll
+ 2009-07-14 05:30 . 2012-06-25 16:39143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-23 18:44143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-25 16:39143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-06-23 18:44143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-11-21 03:23 . 2010-11-21 03:23172544 c:\windows\system32\drivers\WUDFRd.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23112128 c:\windows\system32\drivers\WUDFPf.sys
+ 2012-02-21 23:58 . 2006-11-01 18:51151656 c:\windows\system32\drivers\WimFltr.sys
+ 2009-07-13 23:22 . 2009-07-14 01:45654928 c:\windows\system32\drivers\Wdf01000.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45161872 c:\windows\system32\drivers\vsmraid.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23295808 c:\windows\system32\drivers\volsnap.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24363392 c:\windows\system32\drivers\volmgrx.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38129024 c:\windows\system32\drivers\videoprt.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23215936 c:\windows\system32\drivers\vhdmp.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23184960 c:\windows\system32\drivers\usbvideo.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23325120 c:\windows\system32\drivers\usbport.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23343040 c:\windows\system32\drivers\usbhub.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06100352 c:\windows\system32\drivers\usbcir.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23328192 c:\windows\system32\drivers\udfs.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24125440 c:\windows\system32\drivers\tunnel.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24119296 c:\windows\system32\drivers\tdx.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23189824 c:\windows\system32\drivers\storport.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23168448 c:\windows\system32\drivers\srvnet.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23410112 c:\windows\system32\drivers\srv2.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23467456 c:\windows\system32\drivers\srv.sys
+ 2009-06-10 20:48 . 2009-06-10 20:48426496 c:\windows\system32\drivers\spsys.sys
+ 2011-10-01 15:30 . 2011-10-01 15:30268648 c:\windows\system32\drivers\Sftplaylh.sys
+ 2011-10-01 15:30 . 2011-10-01 15:30764264 c:\windows\system32\drivers\Sftfslh.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24171392 c:\windows\system32\drivers\scsiport.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23103808 c:\windows\system32\drivers\sbp2port.sys
+ 2012-02-22 01:09 . 2011-03-16 02:09311400 c:\windows\system32\drivers\RtsUVStor.sys
+ 2012-02-22 01:09 . 2010-12-29 05:45412776 c:\windows\system32\drivers\Rt64win7.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24146432 c:\windows\system32\drivers\rmcast.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06158720 c:\windows\system32\drivers\rfcomm.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24213888 c:\windows\system32\drivers\rdyboost.sys
+ 2012-06-13 18:35 . 2012-04-28 03:55210944 c:\windows\system32\drivers\rdpwd.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24309248 c:\windows\system32\drivers\rdbss.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24111104 c:\windows\system32\drivers\raspptp.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24129536 c:\windows\system32\drivers\rasl2tp.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45128592 c:\windows\system32\drivers\ql40xx.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06230400 c:\windows\system32\drivers\portcls.sys
+ 2009-07-13 23:51 . 2009-07-14 01:01651264 c:\windows\system32\drivers\PEAuth.sys
+ 2009-07-13 23:31 . 2009-07-14 01:45220752 c:\windows\system32\drivers\pcmcia.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23184704 c:\windows\system32\drivers\pci.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24131584 c:\windows\system32\drivers\pacer.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07318976 c:\windows\system32\drivers\nwifi.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23166272 c:\windows\system32\drivers\nvstor.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23148352 c:\windows\system32\drivers\nvraid.sys
+ 2009-07-13 23:38 . 2009-07-14 01:48122960 c:\windows\system32\drivers\NV_AGP.SYS
+ 2010-11-21 03:24 . 2010-11-21 03:24376192 c:\windows\system32\drivers\netio.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23261632 c:\windows\system32\drivers\netbt.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24164352 c:\windows\system32\drivers\ndiswan.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23951680 c:\windows\system32\drivers\ndis.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24366976 c:\windows\system32\drivers\msrpc.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23273792 c:\windows\system32\drivers\msiscsi.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23140672 c:\windows\system32\drivers\msdsm.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23128000 c:\windows\system32\drivers\mrxsmb20.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23288768 c:\windows\system32\drivers\mrxsmb10.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23158208 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24140800 c:\windows\system32\drivers\mrxdav.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23155008 c:\windows\system32\drivers\mpio.sys
+ 2012-03-21 03:44 . 2012-03-21 03:44203888 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-13 17:20 . 2012-02-22 20:29100912 c:\windows\system32\drivers\mferkdet.sys
+ 2012-02-22 20:29 . 2012-02-22 20:29647208 c:\windows\system32\drivers\mfehidk.sys
+ 2011-03-13 17:20 . 2012-02-22 20:29487296 c:\windows\system32\drivers\mfefirek.sys
+ 2011-03-13 17:20 . 2012-02-22 20:29160792 c:\windows\system32\drivers\mfeapfk.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48284736 c:\windows\system32\drivers\MegaSR.sys
+ 2009-07-13 23:26 . 2009-07-13 23:26113152 c:\windows\system32\drivers\luafv.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48115776 c:\windows\system32\drivers\lsi_scsi.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48106560 c:\windows\system32\drivers\lsi_sas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48114752 c:\windows\system32\drivers\lsi_fc.sys
+ 2012-03-21 22:52 . 2011-11-17 06:49152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24243712 c:\windows\system32\drivers\ks.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09120320 c:\windows\system32\drivers\irda.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10116224 c:\windows\system32\drivers\ipnat.sys
+ 2012-02-22 01:09 . 2010-02-27 01:32158976 c:\windows\system32\drivers\Impcd.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23410496 c:\windows\system32\drivers\iaStorV.sys
+ 2012-02-22 01:09 . 2010-11-06 02:45438808 c:\windows\system32\drivers\iaStor.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19105472 c:\windows\system32\drivers\i8042prt.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23753664 c:\windows\system32\drivers\http.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06100864 c:\windows\system32\drivers\hidbth.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23122368 c:\windows\system32\drivers\hdaudbus.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24288640 c:\windows\system32\drivers\FWPKCLNT.SYS
+ 2010-11-21 03:24 . 2010-11-21 03:24223248 c:\windows\system32\drivers\fvevol.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24289664 c:\windows\system32\drivers\fltMgr.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23204800 c:\windows\system32\drivers\fastfat.sys
+ 2008-09-25 02:36 . 2008-09-25 02:36238848 c:\windows\system32\drivers\facap.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23195072 c:\windows\system32\drivers\exfat.sys
+ 2009-06-10 20:36 . 2009-07-14 01:47530496 c:\windows\system32\drivers\elxstor.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24258048 c:\windows\system32\drivers\dxgmms1.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24982912 c:\windows\system32\drivers\dxgkrnl.sys
+ 2009-07-14 00:06 . 2009-07-14 01:01116224 c:\windows\system32\drivers\drmk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00145920 c:\windows\system32\drivers\Dot4.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24102400 c:\windows\system32\drivers\dfsc.sys
+ 2012-02-22 00:05 . 2011-01-20 17:20176096 c:\windows\system32\drivers\CtClsFlt.sys
+ 2012-02-22 00:05 . 2009-05-28 16:49224768 c:\windows\system32\drivers\CtAudDrv.sys
+ 2012-03-21 22:52 . 2011-11-17 06:44459232 c:\windows\system32\drivers\cng.sys
+ 2010-11-21 03:24 . 2010-11-21 03:24179072 c:\windows\system32\drivers\Classpnp.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23147456 c:\windows\system32\drivers\cdrom.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34468480 c:\windows\system32\drivers\bxvbda.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23552960 c:\windows\system32\drivers\bthport.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07118784 c:\windows\system32\drivers\bthpan.sys
+ 2012-02-22 01:09 . 2011-03-31 22:08281248 c:\windows\system32\drivers\btfilter.sys
+ 2011-03-31 20:08 . 2011-03-31 20:08154272 c:\windows\system32\drivers\btath_rcp.sys
+ 2011-03-31 20:08 . 2011-03-31 20:08201376 c:\windows\system32\drivers\btath_hcrp.sys
+ 2011-03-31 20:08 . 2011-03-31 20:08298656 c:\windows\system32\drivers\btath_a2dp.sys
+ 2009-07-14 01:19 . 2009-07-14 01:19286720 c:\windows\system32\drivers\BrSerId.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34270848 c:\windows\system32\drivers\b57nd60a.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23155520 c:\windows\system32\drivers\ataport.sys
+ 2009-06-10 20:37 . 2009-07-14 01:52194128 c:\windows\system32\drivers\amdsbs.sys
+ 2012-02-22 01:23 . 2012-02-22 01:23107904 c:\windows\system32\drivers\amdsata.sys
+ 2012-03-21 22:52 . 2011-12-28 03:59498688 c:\windows\system32\drivers\afd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52182864 c:\windows\system32\drivers\adpu320.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52339536 c:\windows\system32\drivers\adpahci.sys
+ 2009-06-10 20:36 . 2009-07-14 01:52491088 c:\windows\system32\drivers\adp94xx.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23334208 c:\windows\system32\drivers\acpi.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23229888 c:\windows\system32\drivers\1394ohci.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52367696 c:\windows\system32\clfs.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23780008 c:\windows\system32\ci.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24144384 c:\windows\system32\cdd.dll
+ 2012-02-22 01:23 . 2012-02-22 01:23367616 c:\windows\system32\atmfd.dll
+ 2009-07-14 05:01 . 2012-06-28 14:53428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-24 01:48428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-25 16:30 . 2012-06-25 19:15429604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1004-12288.dat
+ 2012-06-25 18:25 . 2012-06-25 18:25179200 c:\windows\Installer\e14e2.msi
+ 2012-06-25 18:25 . 2012-06-25 18:25461312 c:\windows\Installer\e14dd.msi
+ 2012-06-25 18:22 . 2012-06-25 18:22891392 c:\windows\Installer\e1251.msi
+ 2012-06-25 03:00 . 2012-06-25 03:00379392 c:\windows\Installer\2102681.msi
+ 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-25 20:20 . 2012-06-25 20:20123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-25 18:59 . 2012-06-25 20:20109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-06-13 18:35 . 2012-05-15 01:323146752 c:\windows\system32\win32k.sys
+ 2012-06-13 18:35 . 2012-05-04 11:065559664 c:\windows\system32\ntoskrnl.exe
+ 2012-05-12 15:37 . 2012-03-30 11:351918320 c:\windows\system32\drivers\tcpip.sys
+ 2012-02-22 01:09 . 2011-05-30 21:052885224 c:\windows\system32\drivers\RTKVHD64.sys
+ 2009-06-10 20:37 . 2009-07-14 01:451524816 c:\windows\system32\drivers\ql2300.sys
+ 2012-02-22 01:23 . 2012-02-22 01:231659776 c:\windows\system32\drivers\ntfs.sys
+ 2009-06-10 20:34 . 2009-06-10 20:343286016 c:\windows\system32\drivers\evbda.sys
+ 2012-02-22 01:09 . 2011-02-24 13:562700288 c:\windows\system32\drivers\athrx.sys
+ 2012-02-22 00:47 . 2012-06-28 14:531879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-25 16:30 . 2012-06-25 20:061127032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1004-8192.dat
- 2012-03-22 05:56 . 2012-06-23 19:086417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
+ 2012-03-22 05:56 . 2012-06-28 14:536417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
+ 2012-03-22 05:56 . 2012-06-25 20:392426688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-12288.dat
+ 2012-03-27 02:21 . 2012-03-27 02:217622656 c:\windows\Installer\b7034.msi
+ 2012-06-26 22:20 . 2012-06-26 22:207937024 c:\windows\Installer\22c79b.msi
+ 2012-02-22 01:09 . 2011-05-21 21:2112229664 c:\windows\system32\drivers\igdkmd64.sys
+ 2012-06-25 18:24 . 2012-06-25 18:2417379328 c:\windows\Installer\e14d9.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\SmileBox_EN\prxtbSmil.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-16 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-02-16 135168]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-03-31 77984]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-26 162224]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-31 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-31 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-31 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 281248]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 DCDhcpService;DCDhcpService;c:\program files (x86)\Atheros Direct Connect\DCDhcpService.exe [2011-03-31 100352]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MFEHIDK
*NewlyCreated* - MPFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 10:01]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
- c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
- c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
.
2012-06-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"DCHostUI"="c:\program files (x86)\Atheros Direct Connect\P2PUIMain.exe" [2011-03-31 366592]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-28 08:12:03
ComboFix-quarantined-files.txt 2012-06-28 15:12
ComboFix2.txt 2012-06-24 21:54
ComboFix3.txt 2012-06-24 18:03
ComboFix4.txt 2012-06-24 17:46
.
Pre-Run: 884,291,596,288 bytes free
Post-Run: 889,176,846,336 bytes free
.
- - End Of File - - 9674EA65C1C5276B11DA693DC1EB65EE
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-28 08:59:11 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
aa4c16f84acedb9 service deleted successfully.
cdaxeesa service deleted successfully.
jvaolvfd service deleted successfully.
oecehykg service deleted successfully.
uxlgtwoh service deleted successfully.
zzdmfitz service deleted successfully.
C:\Users\Shanahan Family\AppData\Local\{edf1b219-dc05-5e7e-b7e0-d544193d56d8} moved successfully.
C:\Users\Shanahan Family\0i763f66bz.exe not found.
==== End of Fixlog ====
 
Both Chrome and IE are unusable now as they pop up "Illegal operation attempted on a registry key that has been marked for deletion".
Click to expand...
That's because you don't read my instructions carefully:
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Click to expand...

===================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\aa4c16f84acedb9.sys

Rootkit::
c:\windows\system32\drivers\aa4c16f84acedb9.sys

Driver::
aa4c16f84acedb9

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
"That's because you don't read my instructions carefully:"
Guilty as charged. Saw it after I made my last post. Here is the combofix log. Thanks for your continued help.

ComboFix 12-06-28.03 - Shanahan Family 06/29/2012 7:22.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4028 [GMT -7:00]
Running from: c:\users\Shanahan Family\Downloads\ComboFix.exe
Command switches used :: c:\users\Shanahan Family\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\aa4c16f84acedb9.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\aa4c16f84acedb9.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AA4C16F84ACEDB9
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 14:27 . 2012-06-29 14:27--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-29 14:18 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F2A8CD1-3ED5-4AE4-A7D0-34077D761585}\mpengine.dll
2012-06-26 07:46 . 2003-12-16 17:0449152----a-w-c:\windows\SysWow64\usbmonit.exe
2012-06-26 07:46 . 2003-05-21 16:27139264----a-w-c:\windows\SysWow64\geneicon.dll
2012-06-26 07:46 . 2003-03-07 18:5236864----a-w-c:\windows\SysWow64\deluidrv.exe
2012-06-26 07:46 . 2002-03-05 17:1032768----a-w-c:\windows\SysWow64\delentry.exe
2012-06-26 07:45 . 2003-12-16 17:1524848----a-w-c:\windows\SysWow64\drivers\geneuide.sys
2012-06-26 06:56 . 2012-06-26 06:56--------d-----w-C:\FRST
2012-06-26 04:19 . 2012-06-25 20:47--------d-----w-c:\users\mcafee test
2012-06-26 04:17 . 2012-06-26 04:174285248----a-w-c:\users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts\McAfeeSetup.exe
2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\program files (x86)\Citrix
2012-06-26 04:05 . 2012-06-26 04:05--------d-----w-c:\users\Shanahan Family\AppData\Local\Citrix
2012-06-25 20:21 . 2012-02-09 21:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A24A782-8E6D-4047-8E9E-B2FEC9DB8AC7}\gapaengine.dll
2012-06-25 20:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-25 20:20 . 2012-06-25 20:20--------d-----w-c:\program files\Microsoft Security Client
2012-06-25 20:10 . 2012-05-26 00:13162224----a-w-c:\windows\system32\mfevtps.exe
2012-06-25 19:21 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D80087E-C3DA-41CD-A4C1-5EEDCC7A1F6D}\mpengine.dll
2012-06-25 19:11 . 2012-06-25 20:39--------d-----w-c:\program files (x86)\Common Files\McAfee
2012-06-25 19:11 . 2012-06-25 20:17--------d-----w-c:\program files\Common Files\McAfee
2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files\McAfee
2012-06-25 19:11 . 2012-06-25 19:11--------d-----w-c:\program files (x86)\McAfee
2012-06-25 18:46 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
2012-06-25 18:46 . 2012-06-26 04:15--------d-----w-c:\programdata\AVAST Software
2012-06-25 18:46 . 2012-06-25 18:46--------d-----w-c:\program files\AVAST Software
2012-06-25 18:37 . 2012-06-25 20:12--------d-----w-c:\programdata\McAfee
2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-25 18:25 . 2012-06-25 18:25--------d-----w-c:\program files (x86)\Oracle
2012-06-25 18:22 . 2012-06-25 18:22955840----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-25 18:22 . 2012-06-25 18:22--------d-----w-c:\program files\Java
2012-06-25 17:55 . 2012-06-29 14:28--------d-----w-c:\windows\system32\wbem\repository
2012-06-25 17:28 . 2012-06-25 17:28--------d-s---w-c:\windows\SysWow64\Microsoft
2012-06-25 16:22 . 2012-06-25 16:22--------d-----w-C:\mfe
2012-06-25 10:01 . 2012-06-25 10:01426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\users\Shanahan Family\AppData\Roaming\Malwarebytes
2012-06-25 08:38 . 2012-06-25 08:38--------d-----w-c:\programdata\Malwarebytes
2012-06-25 03:11 . 2012-06-25 19:44--------d-----w-C:\UBCD4Win
2012-06-25 03:00 . 2012-06-25 03:00--------d-----w-c:\program files (x86)\Windows Resource Kits
2012-06-23 18:48 . 2012-06-23 18:48--------d-----w-c:\users\Shanahan Family\AppData\Roaming\McAfee
2012-06-23 17:21 . 2012-06-23 17:37--------d-----w-c:\users\Kids
2012-06-22 00:12 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-22 00:12 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-22 00:12 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-22 00:12 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-22 00:12 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-22 00:12 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-22 00:12 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-22 00:12 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-22 00:12 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-13 18:36 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 18:36 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 18:36 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-05-31 14:39 . 2012-05-31 14:39--------d-----w-c:\program files (x86)\Hewlett-Packard
2012-05-31 14:37 . 2012-06-07 14:22--------d-----w-c:\users\Shanahan Family\AppData\Roaming\HpUpdate
2012-05-31 14:37 . 2012-05-31 14:37--------d-----w-c:\windows\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 18:22 . 2012-02-21 23:51839096----a-w-c:\windows\system32\deployJava1.dll
2012-06-25 10:01 . 2012-02-21 23:3470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:29 . 2012-03-21 23:59772504----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 02:29 . 2012-02-21 23:51687504----a-w-c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-28_15.10.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-29 14:0955786 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-28 15:0138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 21:4138712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-22 05:44 . 2012-06-28 21:4110148 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011651653-2396366161-2558129995-1000_UserData.bin
- 2012-02-22 00:06 . 2012-06-28 14:531972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-02-22 00:06 . 2012-06-29 14:271972 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 14:28 . 2012-06-29 14:282048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 16:00 . 2012-06-28 16:002048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 14:28 . 2012-06-29 14:282048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-29 14:12665138 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-28 15:05665138 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-29 14:12122906 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-28 15:05122906 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2012-06-28 14:53428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-29 14:27428836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-22 00:47 . 2012-06-29 14:271879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-22 00:47 . 2012-06-28 14:531879744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-22 05:56 . 2012-06-28 14:536417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
+ 2012-03-22 05:56 . 2012-06-29 14:276417548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011651653-2396366161-2558129995-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\SmileBox_EN\prxtbSmil.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Atheros Direct Connect\DCDhcpService.exe [2011-03-31 100352]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-16 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-02-16 135168]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-03-31 77984]
S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-26 162224]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-31 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-31 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-31 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-31 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-31 281248]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-14 69736]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 10:01]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 16:07]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
- c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
- c:\users\Shanahan Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 23:10]
.
2012-06-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"DCHostUI"="c:\program files (x86)\Atheros Direct Connect\P2PUIMain.exe" [2011-03-31 366592]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF25567.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.smilebox.com?a=6PQwIFBVex
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-06-29 07:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 14:33
ComboFix2.txt 2012-06-28 15:12
ComboFix3.txt 2012-06-24 21:54
ComboFix4.txt 2012-06-24 18:03
ComboFix5.txt 2012-06-29 14:22
.
Pre-Run: 888,742,449,152 bytes free
Post-Run: 888,115,298,304 bytes free
.
- - End Of File - - D9260216237E176BDAF081B163B8536D
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I've been getting fewer errors and windows genuine issues. I appreciate your help very much. Here are the latest logs.

OTL Extras logfile created on: 6/29/2012 5:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Shanahan Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 71.87% Memory free
11.81 Gb Paging File | 9.78 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.10 Gb Total Space | 827.22 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

Computer Name: SHANAHANFAMILY | User Name: Shanahan Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150A96F0-848B-41DC-83A6-A6EF41DE4197}" = lport=137 | protocol=17 | dir=in | app=system |
"{2476E43D-083A-40E2-A717-CFF0E5F6A0EB}" = lport=138 | protocol=17 | dir=in | app=system |
"{3251EAB1-F1DF-4252-ACD5-B77FF460E3DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{334AA962-337D-447F-857A-C3EB94214A15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3358F6A8-4723-44C4-A916-475E5068D52C}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\atheros direct connect\dcdhcpservice.exe |
"{407FBD00-18DA-467D-9B71-11C80C543D8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{40D1949D-A1BF-49F3-877B-1F1106806D57}" = rport=138 | protocol=17 | dir=out | app=system |
"{513EFFAC-CE9D-4C4C-A8C4-82E1DD257C59}" = rport=139 | protocol=6 | dir=out | app=system |
"{5BC3D478-E3C2-497A-9B4B-CED7E7C18BCF}" = rport=445 | protocol=6 | dir=out | app=system |
"{610516C9-7276-4F16-94A3-C50B03164057}" = rport=137 | protocol=17 | dir=out | app=system |
"{633DDC2F-5B94-4F71-B4F3-589115764B1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DB43DF2-9782-4A81-B700-210C7D4758B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F2E8790-CC10-4A53-B9D5-31E2D543C9B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{747B48C5-E49F-4B0C-B407-241BBB4F7657}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{77A1EB8B-373D-401D-AB86-87083B71C7C3}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{799DB799-86C3-4FA7-B536-7FAADD39A6DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D90E878-6F0D-45CE-B84E-EEF90D97F723}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98FD79F1-C484-4A8E-BD6F-3D699FF0CD0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9DBF4F-4B02-4D56-98A1-10A49E55E5C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9EB21919-D68F-425F-BAAB-6BA5CAA51311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBEAB57-91F8-4E41-B0B7-B84920AB5EF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC91DB61-C347-4D7A-9A18-9F405BC15094}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BD81FF62-7071-4243-B355-79AE9A72054E}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{C540F3D1-B6F0-4B80-ABF3-5EF33862EC93}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C7E4057F-F899-4E01-9AC4-B48BB7433E4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE3ACD89-AF43-46B7-82FA-AA775B979070}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{E07A1B5D-4EEB-40BD-BB6F-91B0534480BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF7F1280-D43D-4306-9DC7-1FCACE486B8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F1BDBFDF-7810-4669-A87D-987C2D5764D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F2502483-790C-4693-8547-B203A258CBBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4215BE7-5321-4988-A7B4-72B69634C8B8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\atheros direct connect\p2puimain.exe |
"{F8ABF72C-29B9-4C53-98FF-2E65D129CD33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CC2E13-305D-4CB0-B7CC-D0C39B8AFBB0}" = protocol=6 | dir=out | app=system |
"{13198905-B5A2-4282-B860-474BF84BFA1F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{13A768BE-4A9C-459F-92D4-F18735F88F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D35D9C1-782E-4EDA-A131-E622B9965B2A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{26504917-EFB5-4595-A387-64004F8BB473}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2732215F-7065-4BA1-ACA6-1D90DE10C82A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34463F48-B181-41F0-ADC7-ACD0ABC7DA45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AEFD812-AB03-44DC-995F-76881B1AA36D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3FBE87FB-BBAD-4514-8916-FCC32DF48083}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{4B6AF952-DBA6-4D96-B2B1-1CE1DB57902E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C250883-9FB2-4020-A477-466242E8B412}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{4C54F63D-0595-4BAF-A29C-C96E519ABCD9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{55DE1E8D-42BC-4BC4-9C2C-2A8A00B3640C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5CE1BBB0-3161-4B3E-B390-9242DA951AC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5EC8346F-9032-4254-BD15-88D58424F14F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{60FD7954-727B-4486-99A2-0F3E7DD7380B}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{66EB612D-AEE4-4B54-9A48-4DC8111AAB3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69E16514-7382-4D12-AAA6-D529A5859330}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6B6A2C73-9004-4E21-BC6D-8EE95AF88152}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{6C174992-043E-4C07-9FDA-AD9A4F78BA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6E8A8F58-FAC1-43E1-AECE-67C5A35CAB9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{71CF650D-C05D-4E8B-9290-34C33096F66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{724B53C5-E190-4F22-88F0-6743414B7B64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{742AC8CE-6CDC-4E0C-B5F4-1B8F04A2C982}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75634515-C850-4661-A041-6986B9B7D2EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81F8244B-A17E-4345-A955-5E6693BAFA80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{830C4108-7448-464F-96B7-F8C901D1CD15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E91C81D-B7A0-4CF8-81CC-29639ABCAC29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9C2467AB-ADE8-4DA0-B118-B986FDF3806B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9D40CB9B-3F97-4CCF-BD4E-24F1A425E9F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{A26182E5-4D31-4D37-B587-91F8CC8FA193}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{ABFCF521-8C97-4BD0-86EE-75AF7EC5F280}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{AC815D19-638E-4A15-8765-7D1F56C8DCC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ACD52996-7F7E-4F9B-B189-6FD6A0AD311C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AE90309A-FCF0-41F5-8602-7B7FE3BBA578}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B11C25CA-06D0-4F74-8E8E-F808293080B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B646BB79-F0FF-4C46-BCA9-FBCA1460A61A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7533C09-05CB-4D5F-BB3F-8BF572AAE611}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BD8EC7B0-C590-40D4-A9A5-A59754D7A996}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C007F636-5113-4DE1-A2C9-FBDDFEE79968}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C04BC3DA-446C-4F92-BE60-C4597FA6B379}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C21A22DE-3BA1-4C1A-99D8-7030FA3CACE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{C997860E-3DF3-4F39-B802-2A347BEB1BD7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CB40359B-D547-4283-BB3C-533B314B113C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DB73A6C8-A513-49DA-B1ED-50D9563CC067}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE94D6D2-7927-4B0A-B114-1D681464AD5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{E21544C2-07EC-4579-B1FB-EBB2E06B5EFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E42EE399-FEFD-47FC-B27C-A5CB05A012CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E56BDF8A-6AE3-491A-8E75-CA2262DF293F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E655DBA5-0DE6-496E-A27C-1C4E2383C483}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E97F8D8E-7F63-411B-972C-9BA30A530370}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EACDF057-9392-4F13-BE08-F6F0BC591BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC2E2677-84E9-4153-B786-8A48F8DE9975}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3F4E0E1-0F31-42DA-86E3-FBC971900DC6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F5C85B74-4D19-4C81-BBF1-77AA7CDB1BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F6C7774C-589E-4EE0-8887-3EDE81472203}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F8E38D01-679D-4ABB-9FC3-3463AC28ED2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB401562-76DC-4CCC-999E-862DEB6074CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{FBF8D21C-F365-406C-815B-8283ED8BD488}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FD3B124D-3A92-4288-9120-E1BF5D9C5F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FE2A986B-B1EC-4390-9B70-7069B6D4308D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Dell Support Center" = Dell Support Center
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Atheros Direct Connect
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell Bluetooth Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55586382-6704-4237-AAA7-85FF9C055022}" = Dell KM632 Wireless Keyboard Caps Lock Indicator
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FB3428E-23AA-4CA1-BA9D-E6D5F3F692E4}" = Dell Touch Software Suite Games
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFA1FCA1-626E-403C-9BCA-968FECB62C4D}" = CIR Registry
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0789AE7-70D4-454A-90D1-5BA5728E254A}" = StickyNotes
"{B0F29C6D-C7A9-40AC-9658-921961818E2B}" = DELLOSD
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Dell Webcam Central" = Dell Webcam Central
"First Thousand Words" = First Thousand Words
"GENEUIDE" = USB Storage Driver
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kidzui" = Kidzui
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PremElem90" = Adobe Premiere Elements 9
"SmileBox_EN Toolbar" = SmileBox EN Toolbar
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/23/2012 2:53:51 PM | Computer Name = ShanahanFamily | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bd026 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xc06d007f Fault offset: 0x000000000000cacd
Faulting
process id: 0x534 Faulting application start time: 0x01cd517186a53ec3 Faulting application
path: C:\Program Files\Windows Media Player\wmpnscfg.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: c5553fa1-bd64-11e1-85ab-7ce9d37ca4a2

Error - 6/23/2012 2:58:51 PM | Computer Name = ShanahanFamily | Source = WinMgmt | ID = 10
Description =

Error - 6/23/2012 8:59:24 PM | Computer Name = ShanahanFamily | Source = WinMgmt | ID = 10
Description =

Error - 6/23/2012 9:25:49 PM | Computer Name = ShanahanFamily | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 6/23/2012 9:29:48 PM | Computer Name = ShanahanFamily | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/23/2012 9:30:36 PM | Computer Name = ShanahanFamily | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 6/23/2012 9:31:31 PM | Computer Name = ShanahanFamily | Source = Software Protection Platform Service | ID = 1001
Description = The Software Protection service failed to start. 0xD0000022 6.1.7601.17514

Error - 6/23/2012 9:31:41 PM | Computer Name = ShanahanFamily | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE21, HealthStatus: 0x0000000000030000

Error - 6/23/2012 9:31:45 PM | Computer Name = ShanahanFamily | Source = Software Protection Platform Service | ID = 1001
Description = The Software Protection service failed to start. 0xD0000022 6.1.7601.17514

Error - 6/23/2012 9:35:47 PM | Computer Name = ShanahanFamily | Source = VSS | ID = 12289
Description =

[ System Events ]
Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 6/25/2012 4:41:28 AM | Computer Name = ShanahanFamily | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.


< End of report >
 
OTL logfile created on: 6/29/2012 5:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Shanahan Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 71.87% Memory free
11.81 Gb Paging File | 9.78 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.10 Gb Total Space | 827.22 Gb Free Space | 90.99% Space Free | Partition Type: NTFS

Computer Name: SHANAHANFAMILY | User Name: Shanahan Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 17:09:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Shanahan Family\Downloads\OTL.exe
PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/31 16:06:32 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/09/22 09:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 09:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 09:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 09:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/06/02 13:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
PRC - [2011/06/02 11:11:20 | 000,725,504 | ---- | M] (DELL COMPUTER INC.) -- C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
PRC - [2011/05/27 16:33:46 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
PRC - [2011/04/13 09:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/04/01 16:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
PRC - [2011/03/31 08:59:16 | 000,100,352 | ---- | M] (Atheros Communication Inc.) -- C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe
PRC - [2011/03/31 08:56:48 | 000,583,168 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files (x86)\Atheros Direct Connect\DCWpaSupplicant.exe
PRC - [2011/02/16 04:22:42 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2011/01/12 18:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
PRC - [2010/12/20 13:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 13:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/06 14:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
PRC - [2010/12/01 14:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 12:36:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 06:54:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 06:54:25 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 06:54:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 06:54:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 06:54:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/16 09:31:05 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/16 09:31:01 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/14 07:30:03 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/14 07:30:02 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/14 07:30:00 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/14 07:30:00 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/13 15:27:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/13 12:11:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 12:10:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 12:10:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 12:10:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 12:10:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 12:10:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
MOD - [2011/12/31 16:06:32 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2011/09/22 09:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/02 13:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/12 18:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
MOD - [2010/12/06 14:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/25 03:01:42 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/09/22 09:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/27 16:33:46 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe -- (Dell WMI Service)
SRV - [2011/03/31 13:08:18 | 000,077,984 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/03/31 08:59:16 | 000,100,352 | ---- | M] (Atheros Communication Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011/02/16 04:22:42 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/12/20 13:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 13:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/01 14:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/10 12:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/21 18:23:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/21 18:23:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/21 14:21:58 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/31 15:08:30 | 000,281,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/31 13:08:30 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/31 13:08:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/31 13:08:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/31 13:08:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/31 13:08:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/31 13:08:30 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/15 19:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/02/24 06:56:44 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/20 10:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/28 22:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/13 18:57:06 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.smilebox.com?a=6PQwIFBVex
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{20B3B36E-C552-4615-A6E1-E35C1488E501}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6PQwIFBVex
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/03/22 09:14:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/03/22 09:14:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shanahan Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shanahan Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/21 16:23:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/21 16:23:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shanahan Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Angry Birds = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Calendar = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Angry Birds Seasons = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfgpgljcapdjhcnmecmgihadngabijc\1.1_0\
CHR - Extension: Modern Black = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcjolgglolbcnhaleejjlhjgeokalilc\1.5_0\
CHR - Extension: Gmail = C:\Users\Shanahan Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/29 07:30:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [DCHostUI] C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe (Atheros Communication)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StickyNotesWidget] c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9617A1D-E405-4F40-AE53-680196DD5D5C}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA0F4E18-98EA-46C9-A4C3-E8D426408D8A}:
 
DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 17:07:00 | 000,000,000 | R--D | C] -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/29 07:33:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/29 07:30:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/26 00:46:00 | 000,139,264 | ---- | C] (Genesys) -- C:\Windows\SysWow64\geneicon.dll
[2012/06/26 00:46:00 | 000,049,152 | ---- | C] (General) -- C:\Windows\SysWow64\usbmonit.exe
[2012/06/26 00:45:58 | 000,024,848 | ---- | C] (General) -- C:\Windows\SysWow64\drivers\geneuide.sys
[2012/06/25 23:56:12 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/25 21:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/06/25 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Local\Citrix
[2012/06/25 13:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/25 13:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/25 13:10:41 | 000,162,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/06/25 12:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/06/25 12:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/06/25 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/06/25 11:46:41 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/25 11:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/25 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/25 11:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/25 11:30:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 11:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/25 11:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/25 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/25 10:28:19 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/06/25 09:22:10 | 000,000,000 | ---D | C] -- C:\mfe
[2012/06/25 01:38:24 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\Malwarebytes
[2012/06/25 01:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 20:11:05 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2012/06/24 20:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2012/06/24 10:40:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/24 10:40:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/24 10:40:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/24 10:40:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/24 10:40:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/23 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\McAfee
[2012/05/31 07:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/05/31 07:37:12 | 000,000,000 | ---D | C] -- C:\Users\Shanahan Family\AppData\Roaming\HpUpdate
[2012/05/31 07:37:10 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2008/08/12 14:41:49 | 007,670,000 | ---- | C] (Qwest ) -- C:\Users\Shanahan Family\QuickCareSetup2.exe

========== Files - Modified Within 30 Days ==========

[2012/06/29 17:13:53 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 17:13:53 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 17:10:55 | 000,786,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/29 17:10:55 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/29 17:10:55 | 000,122,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/29 17:06:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 17:06:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 17:06:30 | 462,229,503 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 07:30:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/29 07:20:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
[2012/06/29 07:17:14 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 07:53:32 | 008,126,464 | ---- | M] () -- C:\Users\Shanahan Family\Documents\My Money.mny
[2012/06/25 21:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
[2012/06/25 13:20:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/25 13:20:45 | 000,800,080 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 11:59:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 11:40:23 | 000,000,632 | RHS- | M] () -- C:\Users\Shanahan Family\ntuser.pol
[2012/06/14 06:52:30 | 000,468,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2012/06/26 00:46:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\deluidrv.exe
[2012/06/26 00:46:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\delentry.exe
[2012/06/26 00:46:00 | 000,000,956 | ---- | C] () -- C:\Windows\SysWow64\iconcfg.ini
[2012/06/25 13:20:47 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/25 12:15:37 | 000,002,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/06/25 12:15:37 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/06/25 12:00:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/25 11:46:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/25 03:01:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 10:40:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/24 10:40:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/24 10:40:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/24 10:40:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/24 10:40:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/23 11:47:50 | 000,002,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/06/23 10:14:07 | 000,000,632 | RHS- | C] () -- C:\Users\Shanahan Family\ntuser.pol
[2012/05/03 11:38:27 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2012/04/11 20:34:34 | 000,037,861 | ---- | C] () -- C:\Users\Shanahan Family\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/21 16:20:29 | 000,165,053 | ---- | C] () -- C:\Windows\hpoins13.dat
[2012/03/21 16:20:29 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2012/02/21 18:09:45 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 18:09:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 18:09:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/21 18:09:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/21 18:09:42 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/02/10 09:10:51 | 000,800,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2006/08/24 14:30:10 | 000,000,010 | ---- | C] () -- C:\Users\Shanahan Family\usb

========== LOP Check ==========

[2012/06/23 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Fingertapps
[2012/06/23 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\KidZui
[2012/03/21 22:45:55 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Fingertapps
[2012/05/22 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\KidZui
[2012/03/22 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\PCDr
[2012/05/21 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Smilebox
[2012/04/11 18:42:33 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\SoftGrid Client
[2012/05/03 11:40:13 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\Stamps.com Internet Postage
[2012/03/24 07:47:53 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\TP
[2012/03/26 09:50:46 | 000,000,000 | ---D | M] -- C:\Users\Shanahan Family\AppData\Roaming\webex
[2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/28 08:26:30 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/03/21 10:37:43 | 000,042,279 | ---- | M] () -- C:\aaw7boot.log
[2009/07/25 11:01:51 | 000,001,502 | ---- | M] () -- C:\ASLog.txt
[2011/03/27 00:08:41 | 000,003,238 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2012/06/29 07:33:29 | 000,027,314 | ---- | M] () -- C:\ComboFix.txt
[2006/08/16 22:36:28 | 000,006,442 | RH-- | M] () -- C:\dell (1).sdr
[2012/02/21 18:25:59 | 000,034,402 | RH-- | M] () -- C:\dell.sdr
[2007/10/27 16:18:32 | 000,061,713 | ---- | M] () -- C:\dlcf.log
[2008/02/20 18:35:49 | 000,000,042 | ---- | M] () -- C:\END
[2012/06/29 17:06:30 | 462,229,503 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/25 09:42:12 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/12/15 09:53:55 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2006/08/16 22:56:48 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2012/06/16 21:10:06 | 000,000,400 | ---- | M] () -- C:\log.txt
[2012/06/29 17:06:31 | 2047,963,135 | -HS- | M] () -- C:\pagefile.sys
[2007/09/05 20:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/09/29 23:11:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/09/29 23:13:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/10/07 23:23:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/10/07 23:36:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/11/13 12:28:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/02/09 21:34:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/05/03 21:38:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/15 11:14:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/09/05 20:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/09/29 23:11:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/09/29 23:13:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/10/07 23:23:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/10/07 23:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/11/13 12:28:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/02/09 21:34:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/05/03 21:38:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/15 11:14:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2006/08/16 22:56:54 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/11/01 13:09:01 | 000,024,576 | ---- | M] () -- C:\t3sg.e
[2011/03/16 22:03:37 | 000,000,747 | ---- | M] () -- C:\updatedatfix.log
[2009/01/09 00:48:34 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2010/07/05 12:16:41 | 000,497,356 | ---- | M] () -- C:\vcredist_x86 (1).log
[2012/02/21 17:03:23 | 001,376,146 | ---- | M] () -- C:\vcredist_x86.log
[2008/10/15 19:52:13 | 000,102,874 | ---- | M] () -- C:\VETlog.dmp
[2008/10/15 19:52:13 | 000,002,171 | ---- | M] () -- C:\VETlog.txt
[2006/08/25 09:40:42 | 000,230,724 | ---- | M] () -- C:\VolEdit.ini.log

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012/06/25 11:17:21 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/24 13:51:38 | 000,000,119 | -HS- | M] () -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/03/21 15:55:38 | 000,000,221 | -HS- | M] () -- C:\Users\Shanahan Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/29 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 17:06:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 17:17:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 21:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000Core.job
[2012/06/29 07:20:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1011651653-2396366161-2558129995-1000UA.job
[2012/06/06 08:43:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/29 17:06:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/28 08:26:30 | 000,032,656 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/29 17:10:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/08/12 14:49:24 | 007,670,000 | ---- | M] (Qwest ) -- C:\Users\Shanahan Family\QuickCareSetup2.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/24 13:51:37 | 000,000,122 | -HS- | M] () -- C:\Users\Shanahan Family\Favorites\Desktop (1).ini
[2012/03/21 16:54:45 | 000,000,402 | -HS- | M] () -- C:\Users\Shanahan Family\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/03/21 16:24:57 | 000,001,135 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< End of report >
 
I've been getting fewer errors and windows genuine issues
Click to expand...
If you're still having some issues I need more details.

===============================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-1011651653-2396366161-2558129995-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The last errors I saw was a corrupt file warning of OTL while it was running the 1st time but not this second time with the fix. I was also having to reset the clock every other day but that has seemed to stop as of today/yesterday. I also have a label at the lower right corner of my screen in the background that says "Test Mode Windows 7 Build 7601. Everything is running smoothly this morning!

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1011651653-2396366161-2558129995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1628833 bytes
->Flash cache emptied: 57216 bytes

User: mcafee test

User: Public
->Temp folder emptied: 0 bytes

User: Shanahan Family
->Temp folder emptied: 309583 bytes
->Temporary Internet Files folder emptied: 71171635 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 509555444 bytes
->Flash cache emptied: 199271 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 556.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kids

User: mcafee test

User: Public

User: Shanahan Family
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: mcafee test

User: Public

User: Shanahan Family
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06302012_070700

Files\Folders moved on Reboot...
C:\Users\Shanahan Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Shanahan Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Virtual Technician
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.1
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 25-06-2012 01
Ran by Shanahan Family (administrator) on 30-06-2012 at 07:15:36
Running from "C:\Users\Shanahan Family\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M
A
Spanish soccer league wants Google to remove IPTV pirate apps from users' phones
Replies
5
Views
412
3ogdy
3ogdy
Daniel Sims
European Union set to revise cookie law, admits cookie banners are annoying
2
Replies
31
Views
721
opckieran
O

Latest posts

Back