Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Microsoft Runtime Error/Virus? [Solved]

Started by Irish614 , Aug 06 2012 04:24 PM

  • This topic is locked This topic is locked
19 replies to this topic

#1 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 August 2012 - 04:24 PM

Today after restarting my computer I kept getting a pop up saying Runtime Error program:C:\Program Files\Internet Content\Filter\mfp.exe <-- McAfee family protection. Every time it does this I am unable to access the internet and everything is slow to load. Here is my HJT scan




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:56:30 PM, on 8/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Randy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625172809.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\mfp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Unknown owner - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AXRKYWFXIQ - Unknown owner - C:\Users\Randy\AppData\Local\Temp\AXRKYWFXIQ.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IRFS - Unknown owner - C:\Users\Randy\AppData\Local\Temp\IRFS.exe (file missing)
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Internet Content Filter Core Service (mfeicfcore) - McAfee, Inc. - C:\Program Files\Internet Content Filter\mfeicfcore.exe
O23 - Service: McAfee Internet Content Filter Update Service (mfeicfupdate) - McAfee, Inc. - C:\Program Files\Internet Content Filter\UpdateService.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SONKWC - Unknown owner - C:\Users\Randy\AppData\Local\Temp\SONKWC.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\Windows\system32\mdmcls32.exe (file missing)
O23 - Service: XQDCGT - Unknown owner - C:\Users\Randy\AppData\Local\Temp\XQDCGT.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Yahoo! NanoClient Service (YNanoService) - Yahoo! Inc. - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe

--
End of file - 14239 bytes


Any idea's as to what it could be? Thank you guys.

    Advertisements

Register to Remove

#2 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 August 2012 - 04:59 PM

Here is the OTL report as well...


OTL Extras logfile created on: 8/6/2012 6:43:24 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Randy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 46.57% Memory free
6.49 Gb Paging File | 4.63 Gb Available in Paging File | 71.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 131.02 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
Drive D: | 677.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LANANDRANPC | User Name: Randy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0121B359-6F4E-4211-9F37-7CFD4499A128}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{018BFA04-C8C2-4052-AE64-8FC9414A8E4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{02C42E1D-1ADF-4AF8-B2F0-98C48CF67FDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0310D721-7DDC-4B67-9FBA-CF9BDD08DCDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B442D97-8F20-4959-BD09-8F3B98859A26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A56786C-8D00-4B3D-9D2A-585980D3DE78}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2F70941F-2E57-43D5-BE02-F0D8D69C05A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{367952E6-31B7-4A5A-A9BB-77035DC4137E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C3EB99B-2502-4C2E-B560-65EA35CFB62C}" = lport=49633 | protocol=6 | dir=in | name=akamai netsession interface |
"{46C4905C-5CF3-488D-84F8-AE5985AD2F59}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C9DAF6D-8B25-4C62-9BB1-DA33F9930ECE}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{4D1F0E9B-DF27-439E-8B95-65718271BDEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E4E3CAC-CCCD-45A3-B071-0FE8A2DD1CAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5019FA1A-6E09-4F28-B27A-0FDCE9EA3AA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5611B805-DE60-4997-85C0-FBF7E01E35FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C1C2EE2-0E12-4AF9-9EB8-2EFDF36CD96E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F1B5139-AFA4-407D-8FF2-716846BCABB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{660D5065-0C21-4CC9-B2C9-64883ABC305D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{760BDCAE-D24F-4280-A0C5-B42AF4AEEFF3}" = lport=5720 | protocol=6 | dir=in | name=jumi controller |
"{79A554AF-8A25-417C-A4A0-6C61FA173F36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80F7D6E0-7394-42FB-A1D8-703A44E37EA4}" = lport=137 | protocol=17 | dir=in | app=system |
"{89BF9638-BC17-4022-BA23-50E1CD0405A7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{9202468E-C2A6-43D6-AFD4-82B3C0C6AD7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{98B2606E-A17C-4871-92CE-669245B0A635}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA4646D4-EEF5-4C32-BDDF-0206576E3836}" = lport=138 | protocol=17 | dir=in | app=system |
"{B064FE9A-2DB0-4A2E-BECC-4259B1F1DD4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{BC1A7F15-83DD-41F8-9692-6EE4344726E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2E16690-3B5C-42BF-8F62-5405B43F041E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CFC74C5D-3B55-49FC-833D-20DC986A765E}" = lport=139 | protocol=6 | dir=in | app=system |
"{D18DB767-0515-493E-A4AE-FE93A51EE0F6}" = lport=5720 | protocol=17 | dir=in | name=jumi controller |
"{D3A3FF9A-3DFD-4EDA-8D0F-BDF622B49EAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7514E2A-E03B-4DAA-8D54-D6BF89F949BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E1F249B1-1FDF-460A-A8DF-E05A6484A4A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E302B503-D2B2-4472-A482-A10D59B09684}" = rport=138 | protocol=17 | dir=out | app=system |
"{E77CA33C-3942-4B40-BC34-7F9027EF0D88}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{F02F9272-5331-457B-9680-4F3B98D352EF}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088676FF-4A42-4A26-90FF-C198C30E5CAC}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{0A0E713D-5FB2-4719-9016-030353DD5C31}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{0D0C7BF9-7ED4-4E43-BD8E-86ADE85EC44A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{0D282975-9075-4CF5-932B-374092512DC4}" = protocol=17 | dir=in | app=c:\program files\syncrosoft\lcc\lcc.exe |
"{10E49F7C-5219-411D-93E7-B23B030BA009}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{139ECF59-5016-4999-98B1-3D6C6A9AAF8D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
"{13FB5F76-0891-4198-A66C-0C8FBC032253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17942964-743C-4287-9D40-2552B56023E8}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{199D577B-0E3D-4BB7-9108-CCA2D14119F9}" = protocol=17 | dir=in | app=c:\program files\kuma games\kuma.exe |
"{1B7E830B-B5A6-4E5E-8CE5-12A051CDC446}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{1BBC2753-E554-4804-8BBE-C1729B4C72E5}" = protocol=6 | dir=in | app=c:\users\randy\appdata\local\akamai\netsession_win.exe |
"{21FF99AE-1C9D-4D97-8504-2604021BB994}" = protocol=6 | dir=in | app=c:\program files\kuma games\kuma.exe |
"{27E1BDB4-2614-45E0-B9E0-4B99E89CD9A5}" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase le 4\cubase le 4.exe |
"{2866A463-BC80-44A0-9BB1-A53AB09E22C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B1BA5CA-523F-41E9-B79A-5D64152A23C2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2D8F7F82-D2E4-4E98-AC06-3701675229D2}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{2FE9268B-7477-4EF1-800E-CA83B80D754A}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{353E5FB0-C8F5-477C-8F1D-2E6252062A4E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{39351DBB-88D4-4BCC-ACBD-B314AB90A938}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{3E8A492B-5B40-43A0-8B86-517B6DDED72D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F0BDC0A-7CAC-453D-A67C-5BC1991733A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{467447DE-FDA0-4E21-ACFA-5D55A6258804}" = protocol=6 | dir=in | app=c:\program files\syncrosoft\lcc\lcc.exe |
"{497CCDB9-0CC1-436D-90B9-B3E337DCBFC8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{4C130390-A6CF-4485-BA51-15D5DCD6C03C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4C23EE33-7C35-41C5-8D7B-D3FA19C6B557}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4DA5521A-5A7D-438C-8602-C354F39742B0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4E467ECE-B1E2-4FCB-96D8-65DBE2280D09}" = protocol=17 | dir=in | app=c:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe |
"{50801C4B-611D-4F5C-996C-07C4627877B1}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5177FDC5-5B7F-4C39-BA91-99A64379D72F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{554FA318-5BF4-40B4-8CC0-7BE9FC99C08A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{55A21E3B-F401-4ADC-9485-BB28F237177A}" = protocol=58 | dir=in | app=system |
"{567E3016-308A-49B0-8210-9CD4083EC8F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5903ABBF-D54C-4A59-AEB0-46577CC58421}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E376B00-A794-4180-888A-F2C5E4F88726}" = protocol=6 | dir=in | app=c:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe |
"{60B5AA89-1EB0-4D00-9315-F311EB189120}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67D5904F-9D76-4647-A1D7-38506DC80769}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D17F14E-D5B4-405E-A057-2E84DA7E717A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{70647711-9F56-41F9-9CB7-D493EF959D2C}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{73338749-0E6D-4078-B007-3A2A3AD852D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{749F007F-CBE8-45AA-B336-1E7CF2AAF019}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7897DB82-EA5B-4C5A-AAE6-DF7429F5A5A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{7C147658-E56F-4517-AA9A-A9AB8EDBEA70}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{7D83EF0D-ACF5-4089-8607-CF95597AD11C}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7DA49FA9-335D-4425-B014-6FDC517C60DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F6A5811-1F33-4B8B-8507-11362E7C2770}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{80E2C30C-0206-4733-B1EA-49A27DF5BA0D}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{8137568D-3A98-4E77-A485-ED7B35A7D29A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{88FF0740-B405-42FE-81AD-59B32C0C58DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BD35ABC-E245-4D09-BCF3-422C00E5292D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8FA116A6-C4C4-4A42-A990-EDDCF0E2434D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{920C26E1-BCEE-419F-BADE-1FE09AE635B8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{9308C511-B9FC-4E12-BCF2-50F63AA4E7B6}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{A28E8BD7-F6DB-424F-B2A5-62EF7991FFB1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A44F48E2-159B-4F88-B6AF-C4FEE3483E5B}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{A8242FAF-A4AB-4B18-9267-3270E235583D}" = protocol=6 | dir=out | app=system |
"{A90A0327-F1A3-4AD9-8619-78F0B3F00D55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB8B47E5-4BAF-4E38-8D95-0CD049865B62}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{AF4D87EF-C397-4E6E-B322-1495DFC40F41}" = protocol=6 | dir=in | app=c:\program files\vuze\vuze\azureus.exe |
"{B5F4C8FA-9961-456F-9461-6BE1FE15BCB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5FB6098-A23C-4581-9F0A-02ACF767671C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{BB009669-947B-4650-A15D-F0859E56B0E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC6F6364-0163-4643-8CBD-A20A8D96D5AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE33059D-209C-4786-B3E3-3F14126DE7EE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{C0C5A509-6E04-4B9F-B18E-686DA3CC0534}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C9E05153-A614-490A-98CC-35F0FB36E514}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{CBCD93B1-D68C-4E10-8E87-C9FF6D1BD92C}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{CF3BAB42-9B06-4C39-A3B0-A9F50912CCAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D513AB0D-AAA6-48EF-99B0-55FA1D04F07B}" = protocol=17 | dir=in | app=c:\program files\vuze\vuze\azureus.exe |
"{D7807B0D-D885-421F-A488-3D316AF274D4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{DD03B1F5-07A1-45C9-ADB0-D0F2315F960C}" = protocol=17 | dir=in | app=c:\users\randy\appdata\local\akamai\netsession_win.exe |
"{DE12D857-0E5C-4818-ACA9-936EEC954356}" = protocol=17 | dir=in | app=c:\program files\mumble(pr edition)\prmumble(0.5beta).exe |
"{DF9302B9-63C3-4A11-89B5-44812379A19C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
"{DFC6BECC-8E7F-4443-B0E8-0897BC435082}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{E703F382-8F78-4CBA-921D-527D78AB3BA9}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{EB826E0C-2A8C-4586-9707-F3188C476AEB}" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase le 4\cubase le 4.exe |
"{EBD4518F-EBF5-4AFE-948C-A4BC6CEB54F0}" = protocol=6 | dir=in | app=c:\program files\mumble(pr edition)\prmumble(0.5beta).exe |
"{ED748D55-B3CA-4BD6-9FE5-A519B40FBF4B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EE905670-BE94-42C6-9C0D-93C58F755C66}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F4F8D235-BC7A-4FC0-B458-03A4DE881AE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FF2F75A3-5A1A-40F6-883C-E9B73663C9D1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{3FAEE028-F7BA-4E23-B8F1-8553AFD05DD6}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{4695F389-B889-4F42-9C02-BF96B665A68A}C:\program files\mobiola webcamera for iphone\webcamforiphone.exe" = protocol=6 | dir=in | app=c:\program files\mobiola webcamera for iphone\webcamforiphone.exe |
"TCP Query User{5D8033A9-7560-4A57-9557-38A6288FC2E5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6C7EF3E2-A1F5-4878-81B6-54DA1878A365}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{7735BD7C-6754-4A48-82B6-B9FA31BFF7E6}C:\program files\vuze\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\vuze\azureus.exe |
"TCP Query User{931CAB58-C451-4666-9D41-FBF3ACC95D62}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"TCP Query User{ABC01AC9-110E-4CE1-A6E1-E5F4E6783852}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{B139ACD6-5F73-4488-96CE-A117015FCEEE}C:\users\guest\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B2567377-4FEB-411F-9F09-F344CFF19762}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{BC2D2811-7E28-49CB-A47B-E49DB779CD47}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{C0206FC9-C4D8-4487-A9E0-958DEE2E0A15}C:\users\randy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\randy\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C40E8D05-B87F-4D95-87D8-CDC2DBBD1893}C:\users\randy\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\randy\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C8954644-E34E-4FE6-B229-DBE95C72BD7E}C:\users\randy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\randy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D411E007-0C67-45DB-BF23-FF95DB9AFAEC}C:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FE538A16-7D97-4342-BBC1-223B2764C101}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{00CF71E4-56AF-4137-8DB0-52CD1795D1F2}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{032AA791-DAC1-4387-9C02-763408F001D3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{118BC404-B101-4C0E-91DF-D82890357A21}C:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\randy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{250B1364-B89F-42CC-ACEC-F12E777CD685}C:\users\guest\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2D44D956-E5E0-432F-BB36-4E8A2B4A8C98}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{34247E25-8417-4479-8CF8-C463474E75FA}C:\users\randy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\randy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{38A0C8C9-CD20-4159-A3FA-FD893435687D}C:\users\randy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\randy\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5FA6BA71-F696-47B5-B605-5B0DE18CCD7A}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{6497D719-95F7-4D1B-A08D-4E5B52312D5B}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"UDP Query User{7228E488-1561-4FB7-8DBB-8971B870CEE7}C:\users\randy\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\randy\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{89540348-EB75-4821-8F12-72924686752F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{8A48A127-D8CD-4771-B8D5-EE3729EC567C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{B2C8152E-B894-4F47-A961-768ED88FA76F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{D65CDBB2-E71F-487A-AA39-21B19FCF6730}C:\program files\mobiola webcamera for iphone\webcamforiphone.exe" = protocol=17 | dir=in | app=c:\program files\mobiola webcamera for iphone\webcamforiphone.exe |
"UDP Query User{E347EC10-CDF4-4248-85C7-4A30B465D62B}C:\program files\vuze\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{0309F85C-B1CC-DA9F-D184-FE93CCF08E1D}" = Application Profiles
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DF60AEE-A193-03CC-2287-64B91E318D8E}" = Adobe Support Advisor
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{311EEFFE-8354-42D8-B2A0-A0666689F69F}" = Alesis io|2 ASIO Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9442E5DF-A258-CCA0-B1CA-F141B07966C2}" = AMD Drag and Drop Transcoding
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96FA488-2856-437F-8EAC-1FD67F0EE32C}" = McAfee Family Protection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF8EEB05-8E9B-438B-B73B-DF9191DF29DD}" = PR Mumble 1.0.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F960179C-72F7-4516-A71A-C7AE5D18DD84}_is1" = xParanormal Detector version 1.7.0.259
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Support Advisor
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip 8.51
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.3.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDR - Memory Card Recovery(Demo)" = DDR - Memory Card Recovery(Demo) 4.0.1.6
"Dell Dock" = Dell Dock
"Dell Photo Printer 720" = Dell Photo Printer 720
"eLicenser Control" = eLicenser Control
"Fly on Desktop Screensaver_is1" = Fly on Desktop Screensaver 1.2
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Lexmark 2500 Series" = Lexmark 2500 Series
"Live 8.0.1" = Live 8.0.1
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
"Origin" = Origin
"PitchWorks DX" = PitchWorks remove
"PowerISO" = PowerISO
"Project Reality: BF2 (pr)_is1" = Project Reality: BF2
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"Steam App 13140" = America's Army 3
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! NanoClient" = Yahoo! Axis
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2011 3:23:29 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 304: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/14/2011 10:38:38 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/14/2011 10:38:39 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 344: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/14/2011 10:38:39 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/14/2011 10:38:39 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/14/2011 10:38:39 AM | Computer Name = DownstairsPC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/18/2011 2:39:50 PM | Computer Name = DownstairsPC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.202, time
stamp: 0x4e84cf5b Faulting module name: CIDCoreLight.dll, version: 2.0.0.160, time
stamp: 0x4e8cba36 Exception code: 0xc000000d Fault offset: 0x000e05f2 Faulting process
id: 0x1878 Faulting application start time: 0x01cc8dadb66e6849 Faulting application
path: C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDCoreLight.dll
Report
Id: 8f0efed0-f9b8-11e0-b816-001d09842bf7

Error - 10/19/2011 2:29:56 PM | Computer Name = DownstairsPC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a24 Start
Time: 01cc8dadabebabd3 Termination Time: 1488 Application Path: C:\Users\Randy\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 48b78f99-fa80-11e0-b816-001d09842bf7

Error - 10/19/2011 2:31:38 PM | Computer Name = DownstairsPC | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.33.18.5 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 151c Start
Time: 01cc8e8d1ef5ab07 Termination Time: 10 Application Path: C:\Program Files\Safari\Safari.exe

Report
Id:

Error - 10/25/2011 4:19:17 PM | Computer Name = DownstairsPC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 6/13/2012 1:44:07 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 1:44:06 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 1:44:13 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 1:44:08 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:44:46 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:46 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:44:50 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:49 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:44:52 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:51 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:44:54 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:53 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:44:56 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:55 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/13/2012 2:45:03 PM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 2:44:57 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 6/25/2012 10:56:20 AM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 10:56:20 AM - Error connecting to the internet. 10:56:20 AM - Unable
to contact server..

Error - 6/25/2012 10:56:32 AM | Computer Name = LanandRanPC | Source = MCUpdate | ID = 0
Description = 10:56:25 AM - Error connecting to the internet. 10:56:25 AM - Unable
to contact server..

[ System Events ]
Error - 8/6/2012 2:24:25 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 8/6/2012 2:36:36 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7034
Description = The McAfee Internet Content Filter Core Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 8/6/2012 4:43:42 PM | Computer Name = LanandRanPC | Source = Microsoft-Windows-Eventlog | ID = 23
Description = The event logging service encountered an error (res=8) while initializing
logging resources for channel Setup.

Error - 8/6/2012 4:44:44 PM | Computer Name = LanandRanPC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 8/6/2012 4:44:54 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService
service to connect.

Error - 8/6/2012 4:44:54 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 8/6/2012 4:44:55 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7000
Description = The WinSock Extention Manager service failed to start due to the following
error: %%2

Error - 8/6/2012 4:45:05 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 8/6/2012 4:52:40 PM | Computer Name = LanandRanPC | Source = Service Control Manager | ID = 7034
Description = The McAfee Internet Content Filter Core Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 8/6/2012 6:20:30 PM | Computer Name = LanandRanPC | Source = PCTCore | ID = 327960
Description =


< End of report >

#3 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 August 2012 - 05:00 PM

OTL logfile created on: 8/6/2012 6:43:24 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Randy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 46.57% Memory free
6.49 Gb Paging File | 4.63 Gb Available in Paging File | 71.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 131.02 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
Drive D: | 677.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LANANDRANPC | User Name: Randy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Randy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Randy\Desktop\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\Internet Content Filter\UpdateService.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe (Yahoo! Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
PRC - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\lxddcoms.exe ( )
PRC - C:\Windows\System32\dlbccoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\bf7d10e4d0c7e8d056d4af499b212ea6\MenuSkinning.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\da3e4cc9ecb88a679e989fc60e135c31\VistaBridgeLibrary.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\57020a601b57c3f199e1edd4b6cb3812\DellDock.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\6d0afe561a83931c1c08b1ee3727c47f\MyDock.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe ()
MOD - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
MOD - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\lxdddatr.dll ()
MOD - C:\Program Files\Lexmark 2500 Series\lxddscw.dll ()
MOD - C:\Program Files\Kuma Games\kgsystray\_socket.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\pyexpat.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\zlib.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\python24.dll ()
MOD - C:\Program Files\Kuma Games\kgsystray\_ssl.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\winxpgui.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\win32gui.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\win32api.pyd ()
MOD - C:\Program Files\Kuma Games\kgsystray\pywintypes24.dll ()


========== Win32 Services (SafeList) ==========

SRV - (XQDCGT) -- C:\Users\Randy\AppData\Local\Temp\XQDCGT.exe File not found
SRV - (WinSock Extention Manager) -- C:\Windows\system32\mdmcls32.exe File not found
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
SRV - (SONKWC) -- C:\Users\Randy\AppData\Local\Temp\SONKWC.exe File not found
SRV - (IRFS) -- C:\Users\Randy\AppData\Local\Temp\IRFS.exe File not found
SRV - (AXRKYWFXIQ) -- C:\Users\Randy\AppData\Local\Temp\AXRKYWFXIQ.exe File not found
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (mfeicfcore) -- C:\Program Files\Internet Content Filter\mfeicfcore.exe (McAfee, Inc.)
SRV - (mfeicfupdate) -- C:\Program Files\Internet Content Filter\UpdateService.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (YNanoService) -- C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe (Yahoo! Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (lxddCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\Windows\System32\lxddcoms.exe ( )
SRV - (dlbc_device) -- C:\Windows\System32\dlbccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SynasUSB) -- system32\drivers\SynasUSB.sys File not found
DRV - (Ser2pl) -- system32\DRIVERS\ser2pl.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File not found
DRV - (pctEFA) -- system32\drivers\pctEFA.sys File not found
DRV - (pctDS) -- system32\drivers\pctDS.sys File not found
DRV - (PCTCore) -- system32\drivers\PCTCore.sys File not found
DRV - (PCTBD) -- System32\Drivers\PCTBD.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (mfeapfk01) -- File not found
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (mobiolavs) -- C:\Windows\System32\drivers\mobiolavs.sys (SHAPE Services GmbH)
DRV - (MOBIOLA_Wave) -- C:\Windows\System32\drivers\mobiolawave.sys (SHAPE Services)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {3774EA88-0609-4FBF-A89A-65C4AC0EB76B}
IE - HKLM\..\SearchScopes\{3774EA88-0609-4FBF-A89A-65C4AC0EB76B}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{25299B65-8512-44AC-8219-43970B475714}: "URL" = http://www.softpedia...m={searchTerms}
IE - HKCU\..\SearchScopes\{2B9023C9-340F-430E-88DD-EFB7DCBC7F1C}: "URL" = http://search.callin...=...;cl=ie&p=go
IE - HKCU\..\SearchScopes\{338E9CFD-12C9-4538-A174-CF2CB836E767}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{34F97EA1-E4FA-4654-8C6D-360BA7E4FA6F}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{3774EA88-0609-4FBF-A89A-65C4AC0EB76B}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.oovoostar...m...&country=US
IE - HKCU\..\SearchScopes\{4327F6B1-ECF4-48CD-95E6-494744EE5248}: "URL" = http://games.softped...m={searchTerms}
IE - HKCU\..\SearchScopes\{4883C6AF-CCDA-4451-8C25-D74D191DAB36}: "URL" = http://webscripts.so...m={searchTerms}
IE - HKCU\..\SearchScopes\{5B4657D2-9C62-4A9B-AA8D-69537B3713A2}: "URL" = http://news.softpedi...m={searchTerms}
IE - HKCU\..\SearchScopes\{6F021A3E-D287-4AEE-AC13-6FF1F8653CE6}: "URL" = http://search.yahoo....amp;fr=chr-yie9
IE - HKCU\..\SearchScopes\{C5639BE7-5B5C-416E-B694-5240ABEB7975}: "URL" = http://search.yahoo....amp;fr=chr-yie9
IE - HKCU\..\SearchScopes\{CF6F5007-5281-488A-919D-D9E8B6691D5A}: "URL" = http://drivers.softp...m={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "CallingID Safe Search"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: thumbnailexpander@extensions.danwendorf.com:1.0
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: bym@savetheworld.org:1.9.1
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.37
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:2.0.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E10A6337-382E-4FE6-96DE-936ADC34DD04}:1.4.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/08/14 19:24:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Randy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Randy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Randy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Randy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/06 16:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/05 13:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/05 13:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2012/05/18 14:13:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2012/05/18 14:13:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox

[2012/06/19 19:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\Mozilla\Extensions
[2012/07/19 13:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions
[2011/08/25 11:42:59 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/16 13:38:17 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/06/02 02:41:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/04/18 12:38:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/20 13:47:45 | 000,000,000 | ---D | M] ("Thumbnail Expander") -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\thumbnailexpander@extensions.danwendorf.com
[2010/01/20 13:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\thumbnailexpander@extensions.danwendorf.com\chrome
[2010/01/20 13:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\extensions\thumbnailexpander@extensions.danwendorf.com\defaults
[2011/04/16 11:45:29 | 000,002,014 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\searchplugins\bing-zugo.xml
[2012/02/10 11:42:34 | 000,001,754 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\searchplugins\CallingID.xml
[2012/04/24 16:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/05 12:14:24 | 000,000,000 | ---D | M] (Celebrity Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/11/17 23:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/11/17 23:56:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/06 16:48:28 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/03/05 18:19:48 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\RANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTQZQN3U.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/06/10 14:45:33 | 000,048,903 | ---- | M] () (No name found) -- C:\USERS\RANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTQZQN3U.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI
[2012/07/19 13:52:32 | 000,282,356 | ---- | M] () (No name found) -- C:\USERS\RANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTQZQN3U.DEFAULT\EXTENSIONS\AZHANG@CLOUDACL.COM.XPI
[2011/04/03 12:02:27 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\RANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTQZQN3U.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/04/24 16:16:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/22 15:05:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/24 16:16:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/10 11:42:33 | 000,001,754 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/04/24 16:16:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Randy\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npdivx32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Randy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Randy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FB Photo Zoom = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\
CHR - Extension: Gmail = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120625172809.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [JumiController] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/05/18 16:52:21 | 004,386,816 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/18 16:52:21 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/05/18 16:47:10 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O33 - MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2006/05/18 16:52:21 | 004,386,816 | R--- | M] ()
O33 - MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 18:40:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2012/08/06 18:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/08/06 18:14:51 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/08/06 18:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/08/06 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/06 18:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/06 18:14:11 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\TestApp
[2012/08/06 18:14:02 | 004,122,616 | ---- | C] (PC Tools) -- C:\Users\Randy\Desktop\sdsetup_aff.exe
[2012/08/06 16:53:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Randy\Desktop\HijackThis.exe
[2012/08/06 16:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/06 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\libimobiledevice
[2012/08/06 02:49:26 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\ClearCydiaListCache
[2012/08/06 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\absinthe-win-2-1.0.4
[2012/08/05 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\redsn0w
[2012/08/05 23:34:08 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\Pwnage
[2012/08/05 16:15:00 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Mumble
[2012/08/05 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PR Mumble
[2012/08/05 16:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\PR Mumble
[2012/08/04 00:07:33 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{ADA75D68-8B27-4C64-8F0A-528BD96059D8}
[2012/08/04 00:07:22 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{45705BAA-5F1F-45DC-BCEA-9D948178161F}
[2012/08/03 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Mumble(PR Edition)
[2012/08/03 13:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble (PR Edition)
[2012/08/03 13:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble(PR Edition)
[2012/08/03 13:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
[2012/08/03 12:41:57 | 2067,515,943 | ---- | C] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1_50.exe
[2012/08/03 12:41:48 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\GFInstaller
[2012/08/03 12:41:42 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\TempDIR
[2012/08/03 00:39:27 | 562,044,991 | ---- | C] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1.41.exe
[2012/08/02 02:09:02 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{712ABEBC-2239-4911-83B5-08F8981AC86A}
[2012/08/02 02:08:52 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{67D804DB-6C71-4880-AD72-796CBB31CD7D}
[2012/08/01 16:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2012/08/01 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Randy\Documents\Battlefield 2
[2012/08/01 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012/08/01 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{9360BA91-BA5F-4D34-927C-ABABA64F1A53}
[2012/08/01 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\{ADE29D9F-5630-4596-9DC9-494A5F3D1BFD}
[2012/07/15 18:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/12 09:43:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 09:43:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 09:43:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 09:43:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/12 09:43:27 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 09:43:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 09:43:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/12 09:38:26 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 14:09:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 14:09:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 14:09:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/08/03 13:40:32 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Randy\PremiereElements_9_LS15.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 18:40:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2012/08/06 18:30:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000UA.job
[2012/08/06 18:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 18:20:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 18:15:13 | 001,552,537 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/08/06 18:14:00 | 004,122,616 | ---- | M] (PC Tools) -- C:\Users\Randy\Desktop\sdsetup_aff.exe
[2012/08/06 18:09:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 16:53:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Randy\Desktop\HijackThis.exe
[2012/08/06 16:52:12 | 000,018,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:52:12 | 000,018,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:49:12 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/08/06 16:44:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 16:44:44 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 02:47:51 | 000,013,509 | ---- | M] () -- C:\Users\Randy\Desktop\ClearCydiaListCache.zip
[2012/08/06 02:06:31 | 000,281,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/08/06 02:06:31 | 000,281,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/08/05 19:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000Core.job
[2012/08/05 16:17:24 | 000,002,379 | ---- | M] () -- C:\Users\Randy\Documents\PR_MumbleAutomaticCertificateBackup.p12
[2012/08/05 16:14:55 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\PR Mumble.lnk
[2012/08/05 16:13:32 | 012,632,532 | ---- | M] () -- C:\Users\Randy\Desktop\PR_Mumble_1.0.0_Beta_4.msi
[2012/08/03 13:37:42 | 000,139,152 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/08/03 13:37:42 | 000,139,152 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\PnkBstrK.sys
[2012/08/03 13:35:20 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2012/08/03 13:33:54 | 000,002,403 | ---- | M] () -- C:\Users\Randy\Desktop\Project Reality BF2 Manual.lnk
[2012/08/03 13:33:54 | 000,002,227 | ---- | M] () -- C:\Users\Randy\Desktop\Project Reality BF2 v0.973.lnk
[2012/08/03 13:10:59 | 2067,515,943 | ---- | M] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1_50.exe
[2012/08/03 12:41:36 | 000,100,176 | ---- | M] () -- C:\Users\Randy\Desktop\BF2_Patch_1.50.exe
[2012/08/03 01:32:09 | 562,044,991 | ---- | M] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1.41.exe
[2012/08/02 16:26:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/02 16:26:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 16:12:06 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
[2012/08/01 16:12:06 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2012/08/01 02:12:34 | 000,571,240 | ---- | M] () -- C:\Users\Randy\Documents\Randy Morris Resume PDF.pdf
[2012/07/24 14:04:27 | 000,001,863 | ---- | M] () -- C:\Users\Randy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/24 14:04:27 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/07/20 13:17:40 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/20 13:17:40 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/12 14:11:56 | 003,728,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/06 18:14:55 | 001,552,537 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/08/06 02:47:55 | 000,013,509 | ---- | C] () -- C:\Users\Randy\Desktop\ClearCydiaListCache.zip
[2012/08/05 16:17:24 | 000,002,379 | ---- | C] () -- C:\Users\Randy\Documents\PR_MumbleAutomaticCertificateBackup.p12
[2012/08/05 16:14:55 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\PR Mumble.lnk
[2012/08/05 16:13:23 | 012,632,532 | ---- | C] () -- C:\Users\Randy\Desktop\PR_Mumble_1.0.0_Beta_4.msi
[2012/08/03 13:35:20 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/08/03 13:33:54 | 000,002,403 | ---- | C] () -- C:\Users\Randy\Desktop\Project Reality BF2 Manual.lnk
[2012/08/03 13:33:54 | 000,002,227 | ---- | C] () -- C:\Users\Randy\Desktop\Project Reality BF2 v0.973.lnk
[2012/08/03 12:41:38 | 000,100,176 | ---- | C] () -- C:\Users\Randy\Desktop\BF2_Patch_1.50.exe
[2012/08/01 16:12:06 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
[2012/08/01 16:12:06 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2012/08/01 02:12:33 | 000,571,240 | ---- | C] () -- C:\Users\Randy\Documents\Randy Morris Resume PDF.pdf
[2012/07/24 14:04:27 | 000,001,863 | ---- | C] () -- C:\Users\Randy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/24 14:04:27 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/07/24 14:04:10 | 000,001,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/06/11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/06/05 15:46:52 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/06/05 15:46:23 | 000,281,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/06/05 15:46:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/05/17 00:45:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012/05/17 00:21:36 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2012/05/17 00:20:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2012/05/10 11:45:39 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2012/05/10 11:45:39 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2012/05/10 11:45:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2012/05/10 11:45:39 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2012/05/10 11:45:38 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2012/05/10 11:45:38 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2012/05/10 11:45:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2012/05/10 11:45:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2012/05/10 11:45:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2012/05/10 11:45:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2012/05/10 11:45:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2012/05/10 11:45:37 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2012/05/10 11:45:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2012/05/10 11:45:37 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2012/05/10 11:45:37 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2012/05/10 11:45:37 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[2012/05/10 11:45:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2012/05/10 11:33:13 | 000,000,494 | ---- | C] () -- C:\Windows\System32\lxddplc.ini
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/02/14 22:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/14 22:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/01/24 11:41:15 | 000,000,102 | ---- | C] () -- C:\ProgramData\Facebook Video Downloader set
[2012/01/18 01:59:35 | 000,000,000 | ---- | C] () -- C:\Users\Randy\AppData\Local\{CF4D534B-DD90-48A5-9BFF-4057AB3D6CD3}
[2012/01/10 17:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/11/30 17:46:35 | 000,000,148 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/11/30 17:45:47 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
[2011/11/30 17:45:47 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
[2011/11/30 17:45:46 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2011/11/30 17:45:46 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2011/11/30 17:45:46 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[2011/11/30 17:45:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2011/11/30 17:45:46 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2011/11/30 17:45:46 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2011/11/30 17:45:46 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2011/11/30 17:45:46 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2011/11/30 17:45:46 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2011/11/30 17:45:46 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2011/11/30 17:45:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2011/11/30 17:45:46 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
[2011/11/30 17:45:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2011/11/30 17:45:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2011/11/30 17:45:45 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2011/11/30 17:45:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2011/11/30 17:45:45 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2011/11/30 17:45:45 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2011/11/30 17:45:45 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2011/11/30 17:45:07 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2011/11/30 17:45:06 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2011/11/23 13:38:58 | 000,007,606 | ---- | C] () -- C:\Users\Randy\AppData\Local\Resmon.ResmonCfg
[2011/11/17 19:21:29 | 000,000,130 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\wklnhst.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/13 01:23:12 | 000,006,656 | ---- | C] () -- C:\Users\Randy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 13:21:43 | 1316,066,539 | ---- | C] () -- C:\Users\Randy\PremiereElements_9_LS15.7z
[2010/09/05 13:41:29 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/05 13:41:29 | 000,000,088 | RHS- | C] () -- C:\ProgramData\00EA1342E9.sys
[2010/03/26 12:48:59 | 000,139,152 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\PnkBstrK.sys
[2010/02/04 21:49:18 | 000,000,158 | ---- | C] () -- C:\ProgramData\lxdd
[2010/01/10 14:44:27 | 000,000,632 | RHS- | C] () -- C:\Users\Randy\ntuser.pol

========== LOP Check ==========

[2012/04/19 15:08:37 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Ableton
[2010/01/21 16:16:12 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\acccore
[2012/01/01 14:31:31 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\AnvSoft
[2012/08/05 02:14:05 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Azureus
[2012/06/04 19:13:11 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Camfrog
[2011/08/14 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\DassaultSystemes
[2012/06/12 16:38:50 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Dropbox
[2012/06/17 16:19:46 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\eXtremeSenses
[2012/06/05 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\GetRightToGo
[2011/05/19 14:30:55 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Leadertech
[2012/05/10 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Lexmark Productivity Studio
[2012/08/06 02:07:50 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mumble
[2012/08/05 16:12:53 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mumble(PR Edition)
[2012/06/12 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\ooVoo Details
[2010/01/21 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\OpenOffice.org
[2012/06/12 16:38:54 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Origin
[2011/02/23 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.
1
[2012/08/06 00:25:57 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\redsn0w
[2010/09/29 23:21:30 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Sammsoft
[2011/11/22 15:36:20 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\SecondLife
[2010/12/12 00:35:20 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Softland
[2012/06/12 16:38:54 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Sony
[2011/08/05 03:59:09 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Spotify
[2011/02/23 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/13 13:52:04 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Steinberg
[2011/09/03 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Stereoscopic Player
[2010/04/01 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\StreamTorrent
[2012/06/05 13:01:28 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\SystemRequirementsLab
[2011/11/17 19:22:14 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Template
[2012/08/06 18:14:11 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\TestApp
[2010/12/25 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\TomTom
[2010/09/05 14:08:03 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Ulead Systems
[2011/04/18 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Windows Live Writer
[2011/11/11 11:31:36 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/12/20 12:39:18 | 000,000,210 | -H-- | M] () -- C:\Boot.BAK
[2010/01/10 17:00:33 | 000,000,354 | RHS- | M] () -- C:\Boot.ini.saved
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/01/10 17:00:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2008/01/25 01:36:32 | 000,035,125 | ---- | M] () -- C:\caavsetupLog.txt
[2012/06/25 14:59:08 | 000,001,020 | ---- | M] () -- C:\caEntitlementLog.txt
[2012/06/25 17:26:04 | 001,659,405 | ---- | M] () -- C:\caisslog.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/01/17 21:23:56 | 000,007,267 | RH-- | M] () -- C:\dell.sdr
[2009/10/16 04:59:01 | 000,000,135 | ---- | M] () -- C:\error.log
[2008/04/11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2009/09/03 20:42:12 | 000,039,490 | ---- | M] () -- C:\EyeCandyLog.txt
[2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/08/06 16:44:44 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/24 18:00:29 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2011/02/15 15:40:49 | 000,001,889 | -H-- | M] () -- C:\IPH.PH
[2009/02/14 13:18:08 | 000,020,330 | ---- | M] () -- C:\isp.txt
[2012/05/21 10:26:48 | 000,000,837 | ---- | M] () -- C:\Jumi.Log
[2012/05/23 18:29:24 | 000,020,206 | -H-- | M] () -- C:\Jumi.Log.Run
[2012/08/06 16:45:11 | 000,822,064 | ---- | M] () -- C:\lxdd.log
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2003/07/16 12:33:36 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2003/07/16 12:33:46 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2012/08/06 16:44:48 | 3487,748,096 | -HS- | M] () -- C:\pagefile.sys
[2008/04/30 19:59:31 | 000,007,858 | ---- | M] () -- C:\rapport.txt
[2008/01/17 21:49:58 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2006/12/05 20:52:06 | 000,000,505 | ---- | M] () -- C:\unPDVDDX.iss
[2009/02/28 00:34:16 | 000,000,086 | ---- | M] () -- C:\unPDVDDX.log
[2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/31 23:11:52 | 000,102,400 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\dlbcpp5c.dll
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/06/22 19:08:30 | 000,090,112 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMPRTPRC.DLL
[2007/02/27 05:16:26 | 000,103,936 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\lxdddrpp.dll
[2009/07/13 21:16:00 | 000,090,624 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LXKPTPRC.DLL
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/01 18:23:27 | 000,000,221 | -HS- | M] () -- C:\Users\Randy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/08/03 01:32:09 | 562,044,991 | ---- | M] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1.41.exe
[2012/08/03 12:41:36 | 000,100,176 | ---- | M] () -- C:\Users\Randy\Desktop\BF2_Patch_1.50.exe
[2012/08/03 13:10:59 | 2067,515,943 | ---- | M] (Macrovision Corporation) -- C:\Users\Randy\Desktop\BF2_Patch_1_50.exe
[2012/08/06 16:53:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Randy\Desktop\HijackThis.exe
[2012/08/06 18:40:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2012/08/06 18:14:00 | 004,122,616 | ---- | M] (PC Tools) -- C:\Users\Randy\Desktop\sdsetup_aff.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-12 13:43:54

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 August 2012 - 10:18 AM

Hi Irish614,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
SRV - (XQDCGT) -- C:\Users\Randy\AppData\Local\Temp\XQDCGT.exe File not found
SRV - (WinSock Extention Manager) -- C:\Windows\system32\mdmcls32.exe File not found
SRV - (SONKWC) -- C:\Users\Randy\AppData\Local\Temp\SONKWC.exe File not found
SRV - (IRFS) -- C:\Users\Randy\AppData\Local\Temp\IRFS.exe File not found
SRV - (AXRKYWFXIQ) -- C:\Users\Randy\AppData\Local\Temp\AXRKYWFXIQ.exe File not found
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKCU..\Run: [JumiController] File not found
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2006/05/18 16:52:21 | 004,386,816 | R--- | M] ()
O33 - MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 August 2012 - 10:43 AM

Here is the log All processes killed ========== PROCESSES ========== ========== OTL ========== Service XQDCGT stopped successfully! Service XQDCGT deleted successfully! File C:\Users\Randy\AppData\Local\Temp\XQDCGT.exe File not found not found. Service WinSock Extention Manager stopped successfully! Service WinSock Extention Manager deleted successfully! File C:\Windows\system32\mdmcls32.exe File not found not found. Service SONKWC stopped successfully! Service SONKWC deleted successfully! File C:\Users\Randy\AppData\Local\Temp\SONKWC.exe File not found not found. Service IRFS stopped successfully! Service IRFS deleted successfully! File C:\Users\Randy\AppData\Local\Temp\IRFS.exe File not found not found. Service AXRKYWFXIQ stopped successfully! Service AXRKYWFXIQ deleted successfully! File C:\Users\Randy\AppData\Local\Temp\AXRKYWFXIQ.exe File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JumiController deleted successfully. Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} C:\ProgramData\webex\ieatgpc.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f44535c-fe2b-11de-bd9f-806e6f6e6963}\ not found. File move failed. D:\Autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e11cda-06bb-11df-89d0-001d09842bf7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e11cda-06bb-11df-89d0-001d09842bf7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e11cda-06bb-11df-89d0-001d09842bf7}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d25b9b30-fe1b-11de-86f4-001d09842bf7}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe -a not found. ADS C:\ProgramData\TEMP:430C6D84 deleted successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Casey ->Temp folder emptied: 3972936 bytes ->Temporary Internet Files folder emptied: 2208238 bytes ->FireFox cache emptied: 215294952 bytes ->Flash cache emptied: 59368 bytes User: Default ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 5183320 bytes ->Temporary Internet Files folder emptied: 446656911 bytes ->Java cache emptied: 13062 bytes ->FireFox cache emptied: 447248599 bytes ->Flash cache emptied: 59298 bytes User: Lee ->Temp folder emptied: 899581 bytes ->Temporary Internet Files folder emptied: 10982127 bytes ->Java cache emptied: 6438765 bytes ->FireFox cache emptied: 38221725 bytes ->Flash cache emptied: 456 bytes User: Public User: Randy ->Temp folder emptied: 517754473 bytes ->Temporary Internet Files folder emptied: 916197788 bytes ->Java cache emptied: 3112300 bytes ->FireFox cache emptied: 61153079 bytes ->Google Chrome cache emptied: 88602784 bytes ->Apple Safari cache emptied: 176759808 bytes ->Flash cache emptied: 1319212 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 585728 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1722694631 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4,449.00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08072012_122455 Files\Folders moved on Reboot... File move failed. D:\Autorun.exe scheduled to be moved on reboot. PendingFileRenameOperations files... [2006/05/18 16:52:21 | 004,386,816 | R--- | M] () D:\Autorun.exe : MD5=E94EEACF2AE681AFA221132DD95C925C Registry entries deleted on Reboot... Still takes me about 5 minutes to be able to get an internet connection after a reboot. Something is disabling my virus program because I am always having to re-enable it when I reboot. Thanks so much for your help so far!

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 August 2012 - 10:49 AM

That was just some misc. junk removal.

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 August 2012 - 11:27 AM

ComboFix 12-08-07.03 - Randy 08/07/2012 13:14:37.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.2207 [GMT -4:00] Running from: c:\users\Randy\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SSFF\chrome\content\plugin.xul c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd c:\program files\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt c:\program files\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt c:\program files\Dealio Toolbar\SSFF\install.rdf c:\programdata\00EA1342E9.sys c:\users\Randy\AppData\Local\TempDIR c:\users\Randy\AppData\Local\TempDIR\GFInstaller\AppName.txt c:\users\Randy\AppData\Local\TempDIR\GFInstaller\Channel.txt c:\users\Randy\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt c:\users\Randy\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 16:24 . 2012-08-07 16:24 -------- d-----w- C:\_OTL 2012-08-06 23:15 . 2012-08-06 23:15 -------- d-----w- c:\program files\iPod 2012-08-06 22:18 . 2012-08-07 00:54 -------- d-----w- c:\program files\PC Tools 2012-08-06 22:14 . 2012-08-07 00:54 -------- d-----w- c:\program files\Common Files\PC Tools 2012-08-06 22:14 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-08-06 22:14 . 2012-08-06 22:30 -------- d-----w- c:\programdata\PC Tools 2012-08-06 22:14 . 2012-08-06 22:14 -------- d-----w- c:\users\Randy\AppData\Roaming\TestApp 2012-08-06 17:07 . 2012-08-06 23:22 -------- d-----w- c:\users\Randy\AppData\Local\libimobiledevice 2012-08-06 03:35 . 2012-08-06 04:25 -------- d-----w- c:\users\Randy\AppData\Roaming\redsn0w 2012-08-05 20:15 . 2012-08-07 01:33 -------- d-----w- c:\users\Randy\AppData\Roaming\Mumble 2012-08-05 20:14 . 2012-08-05 20:14 -------- d-----w- c:\program files\PR Mumble 2012-08-03 17:35 . 2012-08-03 17:35 794408 ----a-w- c:\windows\system32\pbsvc.exe 2012-08-03 17:34 . 2012-08-03 17:34 -------- d-----w- c:\program files\Mumble(PR Edition) 2012-08-03 16:41 . 2012-08-03 16:41 -------- d-----w- c:\users\Randy\AppData\Local\GFInstaller 2012-08-01 20:11 . 2012-08-01 20:11 -------- d-----w- c:\program files\GameSpy Arcade 2012-08-01 19:24 . 2004-10-22 06:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-08-01 19:24 . 2004-10-22 06:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-08-01 19:24 . 2004-10-22 06:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-08-01 19:24 . 2004-10-22 06:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-08-01 19:24 . 2004-10-22 06:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-08-01 19:24 . 2004-10-22 06:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-08-01 19:23 . 2012-08-01 19:23 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-08-01 19:23 . 2012-08-01 19:23 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\program files\AMD APP 2012-07-12 13:38 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-07 01:11 . 2012-06-05 19:46 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-08-07 01:11 . 2012-06-05 19:46 281152 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-08-07 01:11 . 2010-03-26 16:50 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-08-06 04:46 . 2012-06-05 19:46 281152 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-08-03 17:37 . 2010-03-26 16:48 139152 ----a-w- c:\users\Randy\AppData\Roaming\PnkBstrK.sys 2012-08-02 20:26 . 2012-04-02 16:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 20:26 . 2011-06-08 17:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-25 15:57 . 2012-05-21 19:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-25 15:57 . 2012-05-21 19:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-25 15:56 . 2012-05-21 19:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-21 13:10 . 2012-06-25 19:06 1748280 ----a-w- c:\windows\system32\seinst.dll 2012-06-21 13:10 . 2012-06-25 19:06 1704760 ----a-w- c:\windows\sediag.exe 2012-06-21 13:08 . 2012-06-25 19:04 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-21 13:08 . 2012-06-25 19:04 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-21 13:08 . 2012-06-25 19:04 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-21 13:08 . 2012-06-25 18:56 166320 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-21 13:08 . 2012-02-22 17:29 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-21 13:08 . 2012-02-22 17:29 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-14 15:33 . 2012-05-18 17:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-06-14 15:33 . 2012-05-18 17:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-14 15:33 . 2012-05-18 17:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-11 17:50 . 2012-06-11 17:50 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\system32\amdocl.dll 2012-06-05 20:02 . 2012-06-05 19:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-06-02 22:19 . 2012-06-08 23:08 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:08 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:08 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-08 23:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-08 23:08 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-08 23:08 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 23:07 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-06-08 23:07 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 03:41 . 2012-06-22 07:33 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{269DC80F-66A3-4E74-A3FE-4954869955C7}\mpengine.dll 2012-05-18 17:35 . 2012-05-18 17:35 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-05-17 04:21 . 2012-05-17 04:21 2892 ----a-w- c:\windows\system32\audcon.sys 2012-05-17 04:02 . 2010-09-05 17:41 5018 --sha-w- c:\programdata\KGyGaAvL.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-04-24 20:16 . 2011-04-05 18:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{035FDC10-9F1D-430E-87DA-573FFBF5608D}] 2012-05-23 14:27 510296 ----a-w- c:\program files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{035FDC10-9F1D-430E-87DA-573FFBF5608D}"= "c:\program files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll" [2012-05-23 510296] . [HKEY_CLASSES_ROOT\clsid\{035fdc10-9f1d-430e-87da-573ffbf5608d}] [HKEY_CLASSES_ROOT\YNanoClient.IE.1] [HKEY_CLASSES_ROOT\TypeLib\{B5590E3C-C53C-4464-99BA-8AEF95C750ED}] [HKEY_CLASSES_ROOT\YNanoClient.IE] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] "Akamai NetSession Interface"="c:\users\Randy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816] "ICF"="c:\program files\Internet Content Filter\mfp.exe" [2012-06-21 3224888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] . c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Users^Randy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Randy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk] path=c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-05-26 10:32 4327744 ----a-w- c:\users\Randy\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] 2009-04-27 17:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] 2009-04-27 17:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 17:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher] 2011-08-24 21:30 651832 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] 2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] 2010-05-17 21:03 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-06-05 17:55 1242448 ----a-w- c:\program files\Steam\Steam.exe . R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [x] R2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files\Internet Content Filter\mfeicfcore.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [x] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files\Internet Content Filter\UpdateService.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 YNanoService;Yahoo! NanoClient Service;c:\program files\Yahoo!\YNanoClient\cpn0\YNanoService.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [x] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeapfk01 *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper Akamai REG_MULTI_SZ Akamai bthaudiosvc REG_MULTI_SZ HFGService . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:26] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 16:18] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 16:18] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000Core.job - c:\users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 22:28] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000UA.job - c:\users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 22:28] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62 FF - ProfilePath - c:\users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\ FF - prefs.js: browser.search.selectedEngine - CallingID Safe Search FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-boincmgr - c:\program files\BOINC\boincmgr.exe MSConfigStartUp-boinctray - c:\program files\BOINC\boinctray.exe MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe AddRemove-{25175695-4B20-4298-9F34-C2C57CD277B3} - c:\program files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Randy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2503622982-935460401-2799342668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2503622982-935460401-2799342668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-07 13:26:06 ComboFix-quarantined-files.txt 2012-08-07 17:26 . Pre-Run: 144,885,907,456 bytes free Post-Run: 145,955,631,104 bytes free . - - End Of File - - 836FAB690BA5DC593EE363BAA7F1C02B

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 August 2012 - 12:55 PM

Good. That looks better.

Let's get an online scan.

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 August 2012 - 06:39 PM

Sorry for the delay, here is what it found... C:\desktop\readme.bat probably a variant of Win32/Agent.LCAXMYN trojan

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 August 2012 - 09:49 PM

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
C:\desktop\readme.bat
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

So... how are things running now?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#11 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 August 2012 - 11:38 PM

The computer is a lot faster I have noticed. Thank you for that. After running the combofix the way you said it restarted and here's the results ComboFix 12-08-07.05 - Randy 08/08/2012 1:06.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.2509 [GMT -4:00] Running from: c:\users\Randy\Desktop\ComboFix.exe Command switches used :: c:\users\Randy\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\desktop\readme.bat" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\desktop\readme.bat c:\users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\searchplugins\bing-zugo.xml . Infected copy of c:\windows\system32\user32.dll was found and disinfected Restored copy from - c:\windows\erdnt\cache\user32.dll . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 05:16 . 2012-08-08 05:19 -------- d-----w- c:\users\Randy\AppData\Local\temp 2012-08-08 05:16 . 2012-08-08 05:16 -------- d-----w- c:\users\Lee\AppData\Local\temp 2012-08-08 05:16 . 2012-08-08 05:16 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-08-08 05:16 . 2012-08-08 05:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-08 05:16 . 2012-08-08 05:16 -------- d-----w- c:\users\Casey\AppData\Local\temp 2012-08-07 20:34 . 2012-08-07 20:34 -------- d-----w- c:\program files\ESET 2012-08-07 16:24 . 2012-08-07 16:24 -------- d-----w- C:\_OTL 2012-08-06 23:15 . 2012-08-06 23:15 -------- d-----w- c:\program files\iPod 2012-08-06 22:18 . 2012-08-07 00:54 -------- d-----w- c:\program files\PC Tools 2012-08-06 22:14 . 2012-08-07 00:54 -------- d-----w- c:\program files\Common Files\PC Tools 2012-08-06 22:14 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-08-06 22:14 . 2012-08-06 22:30 -------- d-----w- c:\programdata\PC Tools 2012-08-06 22:14 . 2012-08-06 22:14 -------- d-----w- c:\users\Randy\AppData\Roaming\TestApp 2012-08-06 17:07 . 2012-08-06 23:22 -------- d-----w- c:\users\Randy\AppData\Local\libimobiledevice 2012-08-06 03:35 . 2012-08-06 04:25 -------- d-----w- c:\users\Randy\AppData\Roaming\redsn0w 2012-08-05 20:15 . 2012-08-08 04:21 -------- d-----w- c:\users\Randy\AppData\Roaming\Mumble 2012-08-05 20:14 . 2012-08-05 20:14 -------- d-----w- c:\program files\PR Mumble 2012-08-03 17:35 . 2012-08-03 17:35 794408 ----a-w- c:\windows\system32\pbsvc.exe 2012-08-03 17:34 . 2012-08-03 17:34 -------- d-----w- c:\program files\Mumble(PR Edition) 2012-08-03 16:41 . 2012-08-03 16:41 -------- d-----w- c:\users\Randy\AppData\Local\GFInstaller 2012-08-01 20:11 . 2012-08-01 20:11 -------- d-----w- c:\program files\GameSpy Arcade 2012-08-01 19:24 . 2004-10-22 06:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-08-01 19:24 . 2004-10-22 06:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-08-01 19:24 . 2004-10-22 06:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-08-01 19:24 . 2004-10-22 06:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-08-01 19:24 . 2004-10-22 06:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-08-01 19:24 . 2004-10-22 06:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-08-01 19:23 . 2012-08-01 19:23 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-08-01 19:23 . 2012-08-01 19:23 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\program files\AMD APP 2012-07-12 13:38 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-08 04:58 . 2012-06-05 19:46 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-08-08 04:58 . 2012-06-05 19:46 281152 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-08-08 04:58 . 2010-03-26 16:50 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-08-08 04:22 . 2012-06-05 19:46 281152 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-08-03 17:37 . 2010-03-26 16:48 139152 ----a-w- c:\users\Randy\AppData\Roaming\PnkBstrK.sys 2012-08-02 20:26 . 2012-04-02 16:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 20:26 . 2011-06-08 17:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-25 15:57 . 2012-05-21 19:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-25 15:57 . 2012-05-21 19:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-25 15:56 . 2012-05-21 19:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-21 13:10 . 2012-06-25 19:06 1748280 ----a-w- c:\windows\system32\seinst.dll 2012-06-21 13:10 . 2012-06-25 19:06 1704760 ----a-w- c:\windows\sediag.exe 2012-06-21 13:08 . 2012-06-25 19:04 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-21 13:08 . 2012-06-25 19:04 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-21 13:08 . 2012-06-25 19:04 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-21 13:08 . 2012-06-25 18:56 166320 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-21 13:08 . 2012-02-22 17:29 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-21 13:08 . 2012-02-22 17:29 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-14 15:33 . 2012-05-18 17:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-06-14 15:33 . 2012-05-18 17:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-14 15:33 . 2012-05-18 17:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-11 17:50 . 2012-06-11 17:50 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\system32\amdocl.dll 2012-06-05 20:02 . 2012-06-05 19:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-06-02 22:19 . 2012-06-08 23:08 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:08 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:08 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-08 23:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-08 23:08 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-08 23:08 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 23:07 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-06-08 23:07 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 03:41 . 2012-06-22 07:33 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{269DC80F-66A3-4E74-A3FE-4954869955C7}\mpengine.dll 2012-05-18 17:35 . 2012-05-18 17:35 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-05-17 04:21 . 2012-05-17 04:21 2892 ----a-w- c:\windows\system32\audcon.sys 2012-05-17 04:02 . 2010-09-05 17:41 5018 --sha-w- c:\programdata\KGyGaAvL.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-04-24 20:16 . 2011-04-05 18:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{035FDC10-9F1D-430E-87DA-573FFBF5608D}] 2012-05-23 14:27 510296 ----a-w- c:\program files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{035FDC10-9F1D-430E-87DA-573FFBF5608D}"= "c:\program files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll" [2012-05-23 510296] . [HKEY_CLASSES_ROOT\clsid\{035fdc10-9f1d-430e-87da-573ffbf5608d}] [HKEY_CLASSES_ROOT\YNanoClient.IE.1] [HKEY_CLASSES_ROOT\TypeLib\{B5590E3C-C53C-4464-99BA-8AEF95C750ED}] [HKEY_CLASSES_ROOT\YNanoClient.IE] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] "Akamai NetSession Interface"="c:\users\Randy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816] "ICF"="c:\program files\Internet Content Filter\mfp.exe" [2012-06-21 3224888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] . c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Users^Randy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Randy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk] path=c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-05-26 10:32 4327744 ----a-w- c:\users\Randy\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] 2009-04-27 17:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] 2009-04-27 17:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 17:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher] 2011-08-24 21:30 651832 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] 2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] 2010-05-17 21:03 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-06-05 17:55 1242448 ----a-w- c:\program files\Steam\Steam.exe . R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [x] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files\Internet Content Filter\mfeicfcore.exe [x] S2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files\Internet Content Filter\UpdateService.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 YNanoService;Yahoo! NanoClient Service;c:\program files\Yahoo!\YNanoClient\cpn0\YNanoService.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [x] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeapfk01 *Deregistered* - mfeapfk02 *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper Akamai REG_MULTI_SZ Akamai bthaudiosvc REG_MULTI_SZ HFGService . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:26] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 16:18] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 16:18] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000Core.job - c:\users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 22:28] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2503622982-935460401-2799342668-1000UA.job - c:\users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 22:28] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4FC77671-C77C-410E-9D53-FA073A5D8F70}: NameServer = 209.18.47.61,209.18.47.62 FF - ProfilePath - c:\users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\htqzqn3u.default\ FF - prefs.js: browser.search.selectedEngine - CallingID Safe Search FF - prefs.js: browser.startup.homepage - yahoo.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2503622982-935460401-2799342668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2503622982-935460401-2799342668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5380) c:\users\Randy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-08-08 01:25:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-08 05:25 ComboFix2.txt 2012-08-07 17:26 . Pre-Run: 143,361,728,512 bytes free Post-Run: 146,270,609,408 bytes free . - - End Of File - - 6B3184F2CF93D1E957D295830764D6D9 I restarted my computer after I got the log and got the same Runtime error as I was getting before. Also no internet for a couple minutes. Do you know what would be causing this? It just started happening the last couple of days. I took a screen cap of the exact runtime error and have attached it to this reply.

Attached Thumbnails

  • Microsoft_runtime_error.jpg

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 August 2012 - 11:53 PM

The file that is throwing the error is part of McAfee.

Let's run a couple more scans and see what we can see.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

And...

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 August 2012 - 11:59 PM

I am trying everything I can to get online at the moment. Ever since the last combo fix I have been unable to access the Internet on my pc. Right now I am on my cellphone. Should I try safe mode with networking?

#14 Irish614

Irish614

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 August 2012 - 12:47 AM

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.08.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Randy :: LANANDRANPC [administrator] 8/8/2012 2:35:32 AM mbam-log-2012-08-08 (02-35-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256363 Time elapsed: 8 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Farbar Service Scanner Version: 06-08-2012 Ran by Randy (administrator) on 08-08-2012 at 02:46:36 Running from "C:\Users\Randy\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Finally was able to get internet somehow.

#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 August 2012 - 07:53 AM

Hmm... nothing we did should have effected your ability to access the internet... and your internet is reporting that it is fine.

Hopefully you are still connected.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·