Whatever this is is interfereing with IE9

Author

All Replies

OldAuditor

join:2007-03-24
Oklahoma City, OK

mbam-log-201···-50).txt 2,048 bytes	OTL.Txt 148,064 bytes	Extras.Txt 152,668 bytes
checkup.txt 1,134 bytes	ONline Antiv···Scan.txt 237 bytes

See attached logs. Links to some other web sites that open in a new window and links to PDF files fail. Ran online scanner twice (lost first results). came back with one item identified, but not one of these.

TIA

to forum · permalink · 2012-10-22 15:10:08 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
tom :: TOM-VISTA [administrator]

10/18/2012 3:10:50 PM
mbam-log-2012-10-18 (15-10-50).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 693319
Time elapsed: 2 hour(s), 11 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\tom.BUXTONCPA\Downloads\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:37:29 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor

OTL logfile created on: 10/19/2012 9:49:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom.BUXTONCPA\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.32% Memory free
5.99 Gb Paging File | 3.90 Gb Available in Paging File | 65.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 921.73 Gb Total Space | 795.32 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.00 Gb Free Space | 61.39% Space Free | Partition Type: NTFS
Drive G: | 612.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 74.50 Gb Total Space | 73.92 Gb Free Space | 99.22% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 48.91 Gb Free Space | 48.91% Space Free | Partition Type: NTFS
Drive Z: | 136.58 Gb Total Space | 98.36 Gb Free Space | 72.02% Space Free | Partition Type: NTFS

Computer Name: TOM-VISTA | User Name: tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/10/18 15:34:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom.BUXTONCPA\Desktop\OTL.exe
PRC - [2012/09/24 11:47:37 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/24 11:47:35 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/13 17:18:56 | 000,471,040 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/09/13 17:18:20 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/09/12 10:51:02 | 008,230,664 | ---- | M] (AceBIT GmbH) -- C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012/08/28 08:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/08/24 14:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2012/08/16 19:24:11 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_user_customer.exe
PRC - [2012/08/16 19:24:11 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_system_customer.exe
PRC - [2012/08/16 19:24:11 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_service.exe
PRC - [2012/08/16 19:24:11 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_comm_customer.exe
PRC - [2012/08/16 17:16:04 | 000,419,328 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2012/07/27 07:36:44 | 000,155,136 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2012/06/22 07:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/06/22 07:51:34 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/06/22 07:49:14 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/21 17:29:49 | 006,108,672 | ---- | M] (BIA Information Network) -- C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe
PRC - [2011/11/02 17:51:08 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/10/25 14:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/10/25 14:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/10/12 08:58:02 | 001,163,264 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/22 12:27:10 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2011/07/15 01:03:00 | 000,021,488 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
PRC - [2011/06/12 19:07:30 | 001,358,320 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\Roxio Burn.exe
PRC - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/04/27 03:00:37 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/11 15:44:44 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011/03/02 14:24:59 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/01/12 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/10/22 19:48:08 | 000,382,768 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/10/22 19:47:58 | 000,763,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/10/22 19:45:18 | 001,906,576 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe
PRC - [2010/10/22 19:14:28 | 004,632,864 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DiskDirectorAdvanced\mms.exe
PRC - [2010/07/08 14:20:20 | 000,013,600 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/08 09:58:48 | 000,078,152 | ---- | M] (Cox Business) -- C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/11/10 14:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) -- C:\Windows\csasvc.exe
PRC - [2009/09/30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2009/07/13 20:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008/02/26 19:19:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/02/08 21:39:34 | 000,036,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/09/24 11:47:43 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/24 11:47:39 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/24 11:47:35 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/13 03:21:24 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/13 03:17:57 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 03:17:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:17:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 03:13:42 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
MOD - [2012/06/13 03:12:17 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\fdb5565e4c807a8cd79de9f40c0cd644\System.Web.ni.dll
MOD - [2012/06/13 03:08:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/13 03:06:35 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:04:48 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 03:04:29 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 03:04:14 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 03:04:11 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/09 06:26:48 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ca3393a7f31a31968ff25850e9f3d194\System.Xml.ni.dll
MOD - [2012/05/09 06:26:44 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll
MOD - [2012/05/09 06:26:14 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fa79d708cc3fa75c4672e7647bffa002\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 06:25:17 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e710104d87885107738303d313efb006\WindowsBase.ni.dll
MOD - [2012/05/09 03:39:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/09 03:22:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 03:18:12 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
MOD - [2012/05/09 03:17:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:16:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 03:12:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 03:05:52 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 03:05:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 03:05:36 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 03:05:10 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 03:05:02 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/01/16 17:12:50 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
MOD - [2011/06/12 19:07:44 | 000,674,288 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\RBVirtualFolder.dll
MOD - [2011/06/12 19:07:30 | 001,358,320 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\Roxio Burn.exe
MOD - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2011/06/12 19:07:22 | 000,645,616 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\BBEngineAS.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/10/16 20:01:24 | 000,036,864 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2008/06/17 15:18:26 | 000,024,576 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsCommon.dll
MOD - [2008/06/10 19:10:38 | 000,032,768 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsLaunchApp.dll
MOD - [2008/02/20 18:49:00 | 000,028,672 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2007/12/19 11:24:08 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\saHook.dll
MOD - [2007/12/04 16:02:24 | 000,927,008 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
MOD - [2007/06/26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2007/05/16 09:45:18 | 000,011,776 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SecurityManager.dll
MOD - [2007/05/16 09:45:18 | 000,009,216 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PolicyCommon.dll
MOD - [2005/07/08 12:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\f5bdkedr.dll
MOD - [2003/11/20 22:56:18 | 000,294,912 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIplA6.dll
MOD - [2003/11/20 22:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIpl.dll
MOD - [2003/04/21 15:19:42 | 000,851,968 | ---- | M] () -- C:\Windows\SSDriver\fi5110\fjiplA6.dll
MOD - [2003/04/21 15:19:40 | 000,020,480 | ---- | M] () -- C:\Windows\SSDriver\fi5110\fjipl.dll
MOD - [2003/03/26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
MOD - [1996/12/19 14:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\F5BDKAKU.DLL

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/10/08 21:28:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/24 11:47:37 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/13 17:18:20 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/28 08:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/08/24 14:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2012/08/16 19:24:11 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2012/06/22 07:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/06/22 07:51:34 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/06/22 07:49:14 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/02 17:51:08 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/10/25 14:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/07/22 12:27:10 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/07/15 01:03:00 | 000,021,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/07/13 07:41:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/07/13 07:41:30 | 001,095,664 | ---- | M] (Rovi Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/11 15:44:44 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2011/03/02 14:24:07 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2011/03/02 14:23:32 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2011/03/02 14:23:32 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2011/03/02 14:23:31 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/10/22 19:47:58 | 000,763,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/10/22 19:45:18 | 001,906,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)
SRV - [2010/10/22 19:14:28 | 004,632,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Acronis\DiskDirectorAdvanced\mms.exe -- (DMS)
SRV - [2010/07/08 14:20:20 | 000,013,600 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/08 09:58:48 | 000,078,152 | ---- | M] (Cox Business) [Auto | Running] -- C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe -- (Cox_Business_CBOBbackup)
SRV - [2010/03/08 11:52:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/10 14:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) [Auto | Running] -- C:\Windows\csasvc.exe -- (CSAPrintService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2009/07/13 20:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/26 19:19:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/11 02:06:44 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2012/09/24 11:47:41 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/13 18:00:10 | 009,106,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/09/13 18:00:10 | 009,106,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/09/13 16:55:00 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/08/17 16:26:40 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2012/06/22 07:58:12 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/06/22 07:55:18 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/06/22 07:53:48 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/06/22 07:52:38 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/06/22 07:51:46 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/06/22 07:51:16 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/06/22 07:50:56 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/06/22 07:50:24 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/05/14 01:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/03/13 20:45:32 | 000,042,592 | ---- | M] (»libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 01:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/07/22 12:56:36 | 000,171,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/07/21 18:29:58 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2011/03/02 14:24:43 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/03/02 14:24:23 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/02/09 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2011/02/09 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2011/02/09 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/20 09:28:38 | 000,719,616 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/08 09:58:44 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Cox_Business_CBOB.sys -- (Cox_Business_CBOBFilter)
DRV - [2009/10/05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/15 03:00:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007/05/10 11:24:38 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:40:04 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = »jtools.smartmoney.com/portf [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = »www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE E7 25 AF 50 AD CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsnffpl.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/15 13:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/20 17:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/24 11:48:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/03 17:39:18 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2012\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickBooksDB18] C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Rovi Corporation)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Password Depot] C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - HKLM..\RunServicesOnce: [RTPRenSvr] C:\Windows\patchw32.dll ()
O4 - Startup: C:\Users\tom.BUXTONCPA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4 Warn Alert.lnk = C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe (BIA Information Network)
O4 - Startup: C:\Users\tom.BUXTONCPA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\tom.BUXTONCPA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: avatar-asp.net ([mtdora] http in Trusted sites)
O15 - HKCU\..Trusted Domains: avatar-asp.net ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: buxtoncpa.com ([mail] https in Local intranet)
O15 - HKCU\..Trusted Domains: cchwebsites.com ([fileshare] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} »aic.lgservice.com/DjvuViewer/DjV···.1.4.cab (DjVuCtl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} »dlm.tools.akamai.com/dlmanager/v···.6.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} »support.dell.com/systemprofiler/···oExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} »www.dell.com/support/troubleshoo···cd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DE1319F8-DE5B-42EB-9407-4067FB8A09FD} »wkforms.com/BuildRelease/wkforms···tall.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = buxtoncpa.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{751F694E-6496-4C86-815C-72DFA87F72ED}: DhcpNameServer = 192.168.2.8
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Remote Support Customer\430\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/19 13:45:17 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/10/19 09:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/19 09:42:58 | 000,000,000 | ---D | C] -- C:\Users\tom.BUXTONCPA\Desktop\Security
[2012/10/18 16:30:53 | 000,029,272 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll
[2012/10/18 15:34:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tom.BUXTONCPA\Desktop\OTL.exe
[2012/10/18 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Malwarebytes
[2012/10/18 15:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/18 15:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/18 15:09:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/18 15:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/18 15:08:20 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\tom.BUXTONCPA\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/18 14:05:10 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\tom.BUXTONCPA\Desktop\TFC.exe
[2012/10/18 10:27:25 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00C
[2012/10/18 10:27:25 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00D
[2012/10/18 10:27:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00B
[2012/10/18 10:27:23 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A
[2012/10/18 10:26:52 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009
[2012/10/18 10:26:52 | 000,295,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008
[2012/10/18 10:26:51 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007
[2012/10/15 16:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\SIW 2011 Home Edition
[2012/10/15 16:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/10/11 11:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\MadCap Software
[2012/10/10 03:01:08 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 03:01:08 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/08 10:50:54 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/08 10:50:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/08 10:50:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/03 17:36:54 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2012/09/28 09:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2012/09/27 17:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012/09/27 17:04:00 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwtvwnd.dll
[2012/09/27 17:04:00 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32.dll
[2012/09/27 17:04:00 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwi2c32.dll
[2012/09/27 17:04:00 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll
[2012/09/27 15:26:03 | 000,139,264 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwecppp.ax
[2012/09/27 15:26:03 | 000,096,256 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwcp.ax
[2012/09/27 15:26:02 | 000,719,616 | ---- | C] (Hauppauge Computer Works, Inc) -- C:\Windows\System32\drivers\hcw18bda.sys
[2012/09/27 15:26:02 | 000,138,752 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcw18prop.ax
[2012/09/27 15:26:02 | 000,104,448 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcw18CCv.ax
[2012/09/26 17:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/09/26 17:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/09/26 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/09/26 17:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/09/24 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\tom.BUXTONCPA\AppData\Local\AVG Secure Search
[2012/09/24 11:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/24 11:47:41 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/24 11:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/24 11:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/24 11:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/09/24 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\tom.BUXTONCPA\AppData\Local\WinZip
[2012/09/22 03:00:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 03:00:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 03:00:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 03:00:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 03:00:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 03:00:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 03:00:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 03:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/10/19 09:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 09:49:35 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 09:49:35 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 09:42:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 09:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 09:40:30 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 09:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 09:20:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1454353505-1500814637-1929061755-1001UA.job
[2012/10/18 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/10/18 15:34:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom.BUXTONCPA\Desktop\OTL.exe
[2012/10/18 15:09:12 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 15:08:21 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\tom.BUXTONCPA\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/18 14:43:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/18 14:20:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1454353505-1500814637-1929061755-1001Core.job
[2012/10/18 14:05:11 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\tom.BUXTONCPA\Desktop\TFC.exe
[2012/10/18 13:51:47 | 000,074,489 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Documents\Blank doc.png
[2012/10/18 13:45:51 | 000,000,939 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/10/18 13:45:51 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/18 11:44:58 | 000,000,475 | ---- | M] () -- C:\Windows\CSAAPP.INI
[2012/10/18 10:26:51 | 000,000,656 | ---- | M] () -- C:\Users\Public\Desktop\Creative Solutions Accounting.lnk
[2012/10/16 15:56:37 | 000,600,511 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/10/16 09:26:50 | 000,149,631 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\Ethics Quiz.pdf
[2012/10/12 14:52:48 | 000,000,127 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\G&O Mail.url
[2012/10/12 13:11:57 | 000,000,276 | ---- | M] () -- C:\Windows\PPCArc32.ini
[2012/10/12 11:01:14 | 000,214,776 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\mysterious-elk-shaped.pdf
[2012/10/11 12:11:52 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\PPC's SMART Practice Aids.lnk
[2012/10/08 21:28:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 21:28:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/04 15:41:15 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2011 Lacerte Tax.LNK
[2012/10/01 11:33:37 | 000,000,842 | RHS- | M] () -- C:\Users\tom.BUXTONCPA\ntuser.pol
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/28 16:36:32 | 000,000,982 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\Production Explorer v4.2.lnk
[2012/09/28 16:36:32 | 000,000,294 | ---- | M] () -- C:\Windows\PRODEX.INI
[2012/09/28 15:17:46 | 000,000,180 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\CCH Essentials.url
[2012/09/27 17:05:28 | 000,001,042 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012/09/27 17:05:28 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012/09/27 17:05:22 | 000,000,483 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/09/27 17:05:22 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/09/27 17:05:10 | 000,000,169 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\Program Guide.url
[2012/09/27 17:05:05 | 000,037,639 | ---- | M] () -- C:\Windows\Irremote.ini
[2012/09/27 17:05:05 | 000,000,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012/09/27 17:04:07 | 000,002,647 | ---- | M] () -- C:\Windows\HCWPNP.INI
[2012/09/27 16:24:07 | 000,001,512 | ---- | M] () -- C:\Users\tom.BUXTONCPA\Desktop\Hauppauge.reg
[2012/09/27 15:25:56 | 000,000,601 | ---- | M] () -- C:\Users\Public\Desktop\Install WinTV v7.x CD 2.6.lnk
[2012/09/27 11:37:03 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/09/24 11:47:41 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/24 11:47:06 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/10/18 15:09:12 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 13:51:46 | 000,074,489 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Documents\Blank doc.png
[2012/10/18 13:44:30 | 000,000,939 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/10/18 13:44:30 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/16 09:26:50 | 000,149,631 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Desktop\Ethics Quiz.pdf
[2012/10/12 11:01:14 | 000,214,776 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Desktop\mysterious-elk-shaped.pdf
[2012/10/11 11:09:54 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\PPC's SMART Practice Aids.lnk
[2012/09/27 17:05:28 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
[2012/09/27 17:05:28 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\WinTV 7.lnk
[2012/09/27 17:05:05 | 000,000,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
[2012/09/27 17:04:00 | 000,002,647 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/09/27 16:24:07 | 000,001,512 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Desktop\Hauppauge.reg
[2012/09/27 15:26:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/09/27 15:26:02 | 000,158,332 | ---- | C] () -- C:\Windows\System32\drivers\hcw18enc.rom
[2012/09/27 15:26:02 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\hcw18apu.rom
[2012/09/27 15:26:02 | 000,016,382 | ---- | C] () -- C:\Windows\System32\drivers\hcw18mlC.rom
[2012/09/27 15:26:02 | 000,014,264 | ---- | C] () -- C:\Windows\System32\drivers\hcw18mlB.rom
[2012/09/27 15:25:56 | 000,000,601 | ---- | C] () -- C:\Users\Public\Desktop\Install WinTV v7.x CD 2.6.lnk
[2012/09/27 14:56:46 | 000,001,062 | ---- | C] () -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/24 11:47:06 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/09/13 18:47:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/26 11:24:24 | 000,007,611 | ---- | C] () -- C:\Users\tom.BUXTONCPA\AppData\Local\Resmon.ResmonCfg
[2012/07/16 15:33:31 | 000,000,083 | ---- | C] () -- C:\Users\tom.BUXTONCPA\restartdiamond.bat
[2012/07/16 14:56:34 | 000,007,168 | -H-- | C] () -- C:\Users\tom.BUXTONCPA\MEMORY.suo
[2012/07/16 14:56:34 | 000,000,615 | ---- | C] () -- C:\Users\tom.BUXTONCPA\MEMORY.sln
[2012/07/16 12:36:37 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/06/14 16:30:11 | 000,001,296 | ---- | C] () -- C:\Users\tom.BUXTONCPA\Tom Documents - Shortcut.lnk
[2012/05/23 18:18:16 | 000,060,304 | ---- | C] () -- C:\Users\tom.BUXTONCPA\g2mdlhlpx.exe
[2012/05/23 10:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/04/04 13:16:31 | 000,001,064 | RH-- | C] () -- C:\Users\tom.BUXTONCPA\XrxWm.ini
[2012/04/04 13:16:30 | 000,000,483 | RH-- | C] () -- C:\Users\tom.BUXTONCPA\xwl50xdy.dyc
[2012/03/02 10:25:14 | 000,103,272 | ---- | C] () -- C:\Users\tom.BUXTONCPA\GoToAssistDownloadHelper.exe
[2012/02/25 11:06:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lpng.dll
[2012/02/25 11:06:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\lttls13n.dll
[2012/02/25 11:06:14 | 000,708,608 | ---- | C] () -- C:\Windows\System32\ltcry13n.dll
[2012/02/25 11:06:13 | 001,683,456 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2012/02/25 11:06:11 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2012/02/25 11:06:11 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2012/02/16 17:23:40 | 000,013,035 | ---- | C] () -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012/02/16 17:22:19 | 000,038,503 | ---- | C] () -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/16 17:15:46 | 000,000,842 | RHS- | C] () -- C:\Users\tom.BUXTONCPA\ntuser.pol
[2012/02/14 21:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/14 21:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/15 13:37:31 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/11/02 17:46:44 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/01 11:25:58 | 000,010,496 | -HS- | C] () -- C:\ProgramData\37aht3h42m3ua016pas235j0y427b54wk
[2011/03/25 12:10:50 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/03/02 14:00:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/02 13:57:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/10 13:07:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2009/09/15 15:58:59 | 000,049,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2011/08/03 17:20:03 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/03/02 14:24:00 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/02/17 10:47:33 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\AceBIT
[2012/03/02 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\com.radioio.ioDesktop.CB8A51FDBDF8B5F2BC25A3DD7F59CC4ED6D8CF65.1
[2012/10/19 09:43:16 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Dropbox
[2012/03/30 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Fujitsu
[2012/07/20 17:08:47 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\GetRightToGo
[2012/02/22 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\ICAClient
[2012/02/23 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\InfraRecorder
[2012/06/12 11:47:01 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\JawboneUpdater
[2012/07/16 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Lacerte
[2012/02/17 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Leadertech
[2012/07/16 11:31:32 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\PCDr
[2012/07/25 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\PerfView
[2012/03/30 13:44:46 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\PFU
[2012/02/29 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Practitioners Publishing Company
[2012/03/14 09:26:52 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Registry Mechanic
[2012/07/20 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Simple Star
[2012/03/28 10:37:49 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Thomson Reuters
[2011/04/27 03:28:43 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Trusteer
[2012/02/16 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Windows Small Business Server
[2012/08/09 09:59:08 | 000,000,000 | ---D | M] -- C:\Users\tom.BUXTONCPA\AppData\Roaming\Xerox

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Documents\Rochelle oil 002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Documents\My ScanSnap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Desktop\SWANDA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Desktop\MT DORA STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Desktop\MPAN Course Completion.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom.BUXTONCPA\Desktop\AVG:Roxio EMC Stream
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:40:40 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor

to forum · permalink · 2012-10-23 10:42:08 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099624CE-61C9-4EED-B24A-7EF7DD6A492A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0FAB4E31-BB99-4123-9D2F-D4BE7B7C9B9C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{161D8923-DCC0-441E-BF80-F068F9DB5808}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21984D06-0D1E-42FD-8729-FA65ECB282CA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2B69ABF0-F542-4CF0-90AB-FF7924B22A5E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{30B8ACBB-5CDD-4E36-AEBD-6868D060F0F5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39AE6A36-5F14-4A2C-9104-37EFC9E9343E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A5FCD2B-2A75-4DC5-B618-B38019B81DAB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3B09C1C9-9AD4-4818-828B-2F6620E91C79}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{407982A2-ECBD-4C08-B918-C4B294F8EBDF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4548208B-6458-4315-9FCC-22A5D2C78F38}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{466C03B5-D179-42C4-9F68-B325D3FDC663}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{475677F0-2D4F-488E-9EF1-0C2C26E47916}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{55402A10-6D3A-4188-AD39-ED8F026F6336}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{63434899-E07C-4E86-8AF3-5C1963733A17}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{671CA28D-D772-470E-9E93-8A8D17C7F105}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{684D3D52-B286-4EEE-BE49-71A76774AD8C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{68546AB2-BE20-48C5-8F39-68A12B59FBBC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6A609C0F-F2E7-4C8E-A3DE-C311BB9F295C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FBACDE4-93F4-4EB2-AAA1-5F614F5D0853}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8170CD13-B9DD-4DED-BA3F-C9FDF19DA761}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82DAAFC5-64A5-4322-AAC5-C162C4369B63}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8795DC53-D821-44C2-95FE-E1DC86F69908}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{9612FB26-1B77-45B3-9D83-021741082200}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9660F76D-B448-410C-9135-97EC57DAA559}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A8934FE-AD56-4CEA-9DC7-9CE90E18E37B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A0C8D969-AFCA-4898-BC54-B9BC8574A355}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A3BFA293-8EF7-43F9-B2E3-0E5DE28081C4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6494EBA-73BD-4603-90FE-A3672CD1F826}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B624BF9B-5F2A-4B60-88ED-CCED730BBC77}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA6D091D-E33F-4351-8104-6C4A6D1AB808}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BECAC791-3056-4B7B-9110-45B07040089E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFF3A0F6-8159-4C07-BC94-A6D31C41CB0E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C3C08C93-7F84-463B-B254-E1D823B0566C}" = lport=58338 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{C4A0A8CA-AE93-4DCE-955A-8E080A4D0579}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8A639E-2E02-423D-A1DD-5105EE72507E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D2CF5E9E-5E13-4FC3-98FF-2461FFCA3855}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D2F92C78-FB7D-4B27-8353-1811C0961900}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D4862AE8-EFBD-413B-9C87-EC164970B1FE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DE19DC64-61DD-41AF-ACA6-B53203929750}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E4CC57EB-CCAF-4432-A84E-4DC1DBB87A0C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E4F94A39-FDAD-44C1-866D-9818D8811BB0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EF1338AF-CAC1-4BFE-AC66-A2B630A209C2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F658737A-EBA9-4822-A206-32153F226BD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FF3E9353-76BE-48C2-BC3F-CB21746A0D95}" = lport=58338 | protocol=6 | dir=in | name=pando p2p tcp listening port |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0147B178-1C87-4DAC-ADEF-EFC9CD746146}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0776580C-D988-4B33-A382-E5A60B0A2F86}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0A136F6C-A63C-48BB-9DFE-1E7D45BBBEB6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A2F35E7-06BF-4BC9-B748-CF06A755BBCF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BB70EBA-401E-4271-AB30-C069EC9F5FBF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EE2E612-86D9-4185-A2A6-52560512E15D}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{119CEC62-A141-471B-A4D1-8840177142D0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{159E8294-F99B-4985-83C1-EEB0890F2020}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{186AB660-BFB4-4106-B5D3-7A60FF5A0886}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{18E69C88-0E59-4E5C-B2F4-7EE257C0CEE5}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{1D40F50C-F8DA-4568-92EF-E7CD8EF88E2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1F545631-7D9E-4B52-8BEE-3D48765073C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7D644A-942C-45CD-B854-9FF4A67618F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20CDDA13-6566-4391-AC89-93AC1C03A14C}" = protocol=17 | dir=in | app=c:\program files\acronis\diskdirectoradvanced\mms.exe |
"{23263C2E-E4BA-4B72-AFC7-D3F7D5D9D263}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E745895-309D-4F2C-9719-826B4071B35C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F924C52-1692-46AC-B2B8-C0A3BBDAAB5D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3158060C-A310-41BD-BA95-5C995A617B87}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{318E0BD4-6B24-4898-BF10-E979D146D28B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{325547D9-2A94-4195-9AB3-D43874AD7DA6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32CBA682-B142-4B02-9027-D7BFFD2C3E3C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36C31F25-2AA3-45C1-8CA7-4CA67C5D45B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{377CB75C-9EFC-4452-9DF4-0247592CB375}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{39DE5CEB-7A0B-4A21-BFC2-EAF5F89650E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3BB86C0D-F96E-4047-8E1D-9157915E98B5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42BE7D96-C61E-4C70-869E-214E9235D2BA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{430789CF-2FF3-40D2-89D5-C8B1AB9AFA5C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{434C52C3-8AE5-40F9-AF1E-7C33AEB4F910}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C05E08C-87FE-4A11-BF35-80AE98E5B436}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5FD36603-3170-4FA8-B764-DFBA0FC90620}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{642B572A-E982-4C7C-8A0D-7F45CA9A4996}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{69664C2E-E07E-46BC-8221-8C8588C195DD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6A3B51C9-ED93-4ABC-A126-E9DD27407843}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7084B32A-5AC3-486E-BB72-E48FF6EE15EA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{70DD8D79-FA5F-4572-BD2E-DB062D176579}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75EEBADE-8B4D-4615-B25F-BADC1C3FD093}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{784D35C9-7F4F-4F12-8E28-0D578C502C3B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EADC334-C698-49F8-A3EB-5D9A7433C79E}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{7FC49FD3-7C0C-475C-95A7-5E7E8AC39725}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{83898A76-FED8-4256-9168-7577EA291187}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84E77145-DFF3-4F5B-B5F0-F03998C2437B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{891166D4-154C-4EF2-9269-5A63AD67AE9C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E095C8E-A45A-4036-9991-92FE689461DA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9397652D-4026-4E12-A145-E8975C349571}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AF1B851-CC4B-4D97-A265-978E90276672}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9B4C64DB-A2A0-4FFB-95AF-0BFCBC5F2AA7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B5CA8A4-7561-4978-A231-BC55D4E326DB}" = protocol=6 | dir=in | app=c:\users\tom.buxtoncpa\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BCA083E-18A0-4E0B-B75E-CF1FF94EF689}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2FDEBB7-15E0-48FD-BF5D-DEF208CE8659}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4116A9C-AB0D-4E15-9217-50A3B680EA08}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"{A6621B87-C5E7-4238-AED1-4C0DB52238BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A91FCD80-3333-4C7E-B089-68F138F4C207}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A9801C6B-23AA-46F5-9626-DF4DEEB31245}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A988CA6E-CC85-4128-B947-7803A667BD85}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AABE0592-7637-48EF-9F53-EBA71C9B158E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AACB15C4-4918-4DB6-8ABF-B768C5822E60}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC408D71-C645-4B64-A564-55A8C496D43F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4D0EAD5-6F3A-4454-B622-D34CA820A064}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B854C558-6DFB-453B-BACF-DE8ED0A4CAD4}" = protocol=17 | dir=in | app=c:\users\tom.buxtoncpa\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF2CF488-79B9-42DD-A178-864E397ED9A5}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{BFC987B3-9880-4D16-A99A-68056B3E6E42}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C4CD3ADB-445A-4729-8ABD-4363C03D9CEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CAC379B4-7E1A-4246-ABCE-54D5274B2A1A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE3E4ACA-CB0C-49DE-9341-FDD6FAEFA516}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D08C3907-479C-4501-94B1-251671F72C8D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D219DD51-87A2-488F-94C3-5D92CE9CD8AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D351C298-1ABF-48D5-AF86-CF25F70796C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5D98E63-E037-43A7-A3ED-AE035D66AFA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D6EA7299-CD4D-4D7F-A9BB-CDBCCF50F209}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBC9584D-2059-4121-8566-5407F95BD7EA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DBDADE6A-21C9-4664-AA95-33758BEBF1F8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DEF30255-DB8E-4268-96D1-24C41A02859A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E19588C1-2C46-4E06-B14D-2CEA8F557959}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E43EDE79-C5DD-40F2-B37C-11E64C8F3A3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E49AE489-E85C-4D75-8FA2-162C3701EDE9}" = protocol=6 | dir=in | app=c:\program files\acronis\diskdirectoradvanced\mms.exe |
"{E8C2CE8F-E415-42BE-A2C2-1C99872BFE09}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8E222DD-797D-480D-9A48-10EE13467B8A}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"{E8F93CF9-F6E6-4539-9E8D-ACC5AE556DB0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EABA3F45-FC56-49FE-932C-ADCC5421EF5B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB689C3A-5894-49F3-B9A4-512D505D3392}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECAB84C2-976A-493E-9AB7-7A86DA45A4C9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE195B67-1BB0-48C4-B3CF-FA90FF5D0BCB}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{F271B548-B5BD-49DC-8E10-A559AC5B6704}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3D275E8-20C9-48B6-B390-B4B587702F65}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3DD201E-31D9-44CC-BED0-83CA80A39559}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{F4D38DC2-6DCD-4FE4-B7BD-9C6A85BAFD58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F7884125-81E4-4EE3-9249-4946CB236BED}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7BC7C19-820A-48D5-BE5A-105FCB07448A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{337F4307-55AD-49C0-9947-F3AF728CA9F9}C:\program files\diskeeper corporation\disk performance analyzer for networks\dpan.exe" = protocol=6 | dir=in | app=c:\program files\diskeeper corporation\disk performance analyzer for networks\dpan.exe |
"TCP Query User{7AEA0B00-A2E2-4C48-9BA3-045F81266B3F}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"TCP Query User{7BC8C0C9-F356-43A1-B740-AE2F3593C53D}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"TCP Query User{B76F08F6-7F87-418E-A0D8-E464BD6FE843}C:\program files\common files\4 warn alert\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\4 warn alert\trueweather.exe |
"TCP Query User{BFB81320-CA38-4633-81AF-2783FD24A74A}C:\program files\common files\4 warn alert\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\4 warn alert\trueweather.exe |
"TCP Query User{DC6D7009-36E7-43E0-8E9C-32B891D56ACD}C:\program files\palmone\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palmone\hotsync.exe |
"TCP Query User{EA4676BF-6B81-4152-99C3-8061A6111E38}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{404CAB9B-27C2-4C05-8C85-7320895DB0F6}C:\program files\common files\4 warn alert\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\4 warn alert\trueweather.exe |
"UDP Query User{61E62512-B144-4703-B83A-025CFB9CF50C}C:\program files\diskeeper corporation\disk performance analyzer for networks\dpan.exe" = protocol=17 | dir=in | app=c:\program files\diskeeper corporation\disk performance analyzer for networks\dpan.exe |
"UDP Query User{7CD320B7-D8FB-4D50-845C-52E590E9D81F}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"UDP Query User{86965DF3-1AA6-4E0B-8AE9-BFB37D489218}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{99C83AED-7BE2-494A-B2B2-BEEB3D2955D3}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"UDP Query User{BCA50576-F0F0-4523-810C-00499E543B1A}C:\program files\palmone\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palmone\hotsync.exe |
"UDP Query User{C5D074CD-7C96-4823-99D9-562E88E737C7}C:\program files\common files\4 warn alert\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\4 warn alert\trueweather.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0563FC52-C57F-4C4C-BAE4-FB9716FF80FB}" = PPC Workpapers Employee Benefit Plans (6-12)
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{06D616BB-D397-6BCF-DEAD-DBEAD9AA69C1}" = CCC Help Russian
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{0886254D-ACC4-43FD-91FB-E96CF9AB91C1}" = Document eSort Components
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B9A0FB1-BE47-480A-A417-E511995F1D49}" = PPC Practice Aids Audits of Nonprofit Organizations (11-11)
"{0D12E51B-490F-99B7-E4B6-FF7EF0530061}" = AMD Drag and Drop Transcoding
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80F163-E0D5-4119-B557-7B18DCC7375C}" = Financial Statement Designer 2010
"{0F2D592F-9FE2-4F4E-B61E-280C6569624D}" = PPC Workpapers Employee Benefit Plans (5-11)
"{0F652923-E887-40AA-9CC3-7CD514A8B93D}" = WellSight Log Viewer 6
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D6D5E1-5425-4BD1-BAFB-C26C053DC0AF}" = Infragisticsv62Install
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17DC6852-9048-393B-1A89-203B36675653}" = CCC Help German
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1887C996-A7AB-AE63-4283-02C5D68407A9}" = AMD Accelerated Video Transcoding
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196FD072-CA44-40DF-A453-A3A9B08DC30E}" = IntelliForms
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E22296-D4A5-4C71-9BBD-597A3CBAB9A8}" = QB Desktop Repair Utility
"{1A56D463-7C74-4C0B-8EF2-3FA00EF08388}" = ProLine Tax Import
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1EC58056-481C-B7C8-A105-5C77BF3EAA16}" = CCC Help Swedish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
"{219A4576-8F4E-4509-899F-2AEC460F989A}" = PPC Workpapers Nonpublic Companies (7-11)
"{223A47E6-3DC9-4906-BC19-67C3A1D850E3}" = PPC Practice Aids Audits of Employee Benefit Plans (11-11)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{234DE7F7-1E8B-4F02-8ED7-645AFCB189A4}" = perform plus III
"{241A7E6A-BCC4-4647-B4A4-6C1360ABC88F}" = eReader
"{24829404-42BC-491F-ADC9-5B405B5AB5F7}" = PPCMultiSelector_Installer
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28D30BC0-EE51-8C94-80B3-04BE1A26B088}" = CCC Help Turkish
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{29546C4F-DB1C-0033-8DB4-65CED0CE571B}" = ccc-utility
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EF0AC8B-D2AA-4034-AA32-167370E7D119}" = PPC Practice Aids Audits of Employee Benefit Plans (2-11)
"{2F46EDE0-BA53-0AC8-45D4-B0C674BBDCB7}" = Catalyst Control Center
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{302763FD-5CEA-4DFF-80C8-9B41414C4822}" = Roxio CinePlayer
"{3032BC7D-E713-452D-AAF7-F5ED073226C8}" = Windows Small Business Server 2011 Standard ClientAgent
"{32043548-93E1-4CB2-8489-32FA10AD74DB}" = PPC Practice Aids Audits of Nonpublic Companies (11-11)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354A5968-3D6D-4EF4-A719-0E820B5EA099}" = PPC Practice Aids Construction Contractors (6-09)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{383395CC-4865-4D6E-A3BB-8192CB8501AB}" = PPC Practice Aids Audits of Nonpublic Companies (4-12)
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{44E46185-638A-4F84-C902-74ACF30932A7}" = CCC Help Spanish
"{456BFD3C-5F77-4443-B489-13CC5053B0EC}" = PPC Practice Aids Audits of Employee Benefit Plans (2-09)
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46DBC4CF-5FC1-4E56-B60C-A6704C68A2A5}" = NetworkTrayTool
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB43DE0-CF91-C9D5-3F6C-A869CC44D742}" = CCC Help Czech
"{4AD22C1C-769B-44BB-8428-915703EA5B40}" = Microsoft SQL Server 2005 Express Edition (TOCTTARGPPC05)
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{528E82EA-A194-4A9D-371E-59BACC7D7DE4}" = CCC Help Dutch
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{538FB3F5-22D6-A671-4396-1426582E332A}" = Catalyst Control Center Localization All
"{53920718-25F0-CBA8-D694-BDC793C2B219}" = CCC Help Chinese Traditional
"{53B91797-7CC8-41AA-999E-C33DAEC63A1A}" = Acronis Disk Director 11 Advanced Agent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{540C5568-983A-B7BC-3005-C42736DA00AB}" = CCC Help English
"{543A636A-E53F-416F-8AB5-8BFE7B698C69}" = Crystal Reports9
"{56206A74-F8C4-7705-DE77-315A0ADCB41F}" = CCC Help Japanese
"{57E0E3A9-F4EF-1540-CADA-EB5E33B3B922}" = CCC Help Korean
"{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer
"{59F2265B-308F-4C78-A4FC-19E754526362}" = PPC Workpapers Nonpublic Companies (7-12)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C01E990-F14D-4E3C-A009-29F3640F034B}" = Infragisticsv62Install
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{60F063BE-732B-3E02-9574-63F81F057A8B}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63A39662-1FDD-43A8-8C4D-57E89DD147BB}" = PPC Practice Aids Audits of Employee Benefit Plans (3-12)
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66815B84-05B8-4FA3-AACA-3E7C434F78B8}_is1" = Password Depot 5
"{682079CF-A054-4654-AEFE-B690AF109BCC}" = ScanSnap
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}" = Intuit Runtime Components 6.0.16
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{6E65E954-8C25-797C-5382-B9B83F262105}" = Catalyst Control Center InstallProxy
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{705292ED-22B2-4BCF-8DD4-F9B393844D7D}" = Infragisticsv62Install 2010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{735D1A97-3711-7F70-406E-D714EBD9E852}" = ioDesktop
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77091BC5-B357-166C-CFDF-2AC2C72ED29E}" = CCC Help Italian
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7BDA361E-EC5C-47A1-7259-FAA045AAEA55}" = Cox Business Online Backup
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FEE267E-003F-43B0-95D2-534D4213D4BA}" = Lacerte Runtime Components
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{81486D8D-B592-491D-8C50-00194ADB163C}" = PPC Workpapers Nonprofit Organizations (7-10)
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{86E183C0-50C7-4C33-918F-AAA0792922DC}" = Infragisticsv62Install 2009
"{89C1C750-3291-482C-8F28-D2B28BB33C4D}" = PPC Practice Aids Audits of Employee Benefit Plans (2-10)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8CD17A26-E1A6-4D8C-80AC-5D4959034C08}" = Advantage Client Engine SDK v10.10
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{8EF18153-2F5C-4511-9C05-2BF39F5A241A}" = Acronis Disk Director 11 Advanced Bootable Media Builder
"{8F9EFA84-F725-4FDF-B24C-9EA0D366E580}" = PPC Workpapers Nonpublic Companies (6-09)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{902DBBC3-CCF2-E030-CDBA-55F4024C7813}" = CCC Help Finnish
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FFEEFB-3A9A-463B-9F7B-F9170CED89E1}" = PPC e-Practice Aids Audits of Nonpublic Companies (1-07)
"{910A8023-DE71-431A-B8F2-B174DF34D36C}" = PPC Workpapers Nonprofit Organizations (7-12)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F62345-0E7D-4CD2-B1CC-4F851016B239}" = PPC Practice Aids Audits of Nonpublic Companies (2-10)
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{962C0EF9-28A6-48B5-AE5D-F8F8B4B1C5F6}" = Classic Shell
"{98EFB4DE-21A0-4F68-A3C5-48445978FB96}" = PPC e-Workpapers Small Business Audits (5-06)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2E7210-5CE7-4D53-B6AE-CD6900527ACA}" = PPC Practice Aids Construction Contractors (6-12)
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9AF55FD8-C50A-4827-B4C1-70A980DD5862}" = PPC e-Practice Aids Construction Contractors (6-08)
"{9BA86818-CB1E-4A62-BF4D-27AB45229C13}" = PPC Workpapers Nonprofit Organizations (7-11)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D104AC8-D050-9D64-8E8E-04CF56C98A43}" = CCC Help Portuguese
"{9D57629F-48F4-478C-884A-F40896DACAAB}" = PPC Workpapers Nonpublic Companies (7-10)
"{A07A0EEC-9EBC-4416-B74A-BABB48CBFD26}" = Roxio Creator 2012
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2012
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48298AF-741F-4C95-B0E0-ED56534A4DF4}" = PPC SMART Practice Aids - Risk Assessment
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52046A0-E59F-4312-85A7-7ABDB0F2EC18}" = PPC Practice Aids Audits of Nonprofit Organizations (3-12)
"{A5F6F320-2542-333D-AC13-4B66078257C5}" = CCC Help French
"{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}" = QuickBooks SDK 11.0
"{A660ADDD-33F7-431A-8712-AC2330A6EFDC}" = iDatix - iSynergy Viewer
"{A6C7C0DC-42CF-4500-8AD6-FC6680C5D65A}" = PPC Practice Aids Compilation and Review Engagements (8-11)
"{A748A983-311C-4D65-B570-E7764492803E}" = Password Depot 4
"{A7E3C9FE-A5CE-B00A-49F8-64BC03B6ABF8}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing
"{AA5AD5C2-2C06-F079-493F-5497B6070A31}" = CCC Help Polish
"{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}" = Roxio Creator 2012
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADFB324E-315F-46D0-A39E-692150B76F9F}" = DESI Labeling System
"{AFDDB79D-3FB6-4E82-832C-728F73FAC327}" = Acronis Disk Director 11 Advanced Management Console
"{B17D4CC1-88DF-417C-A96A-E16986EBDFDE}" = UGInstaller
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B52E8E66-2ADD-879C-D86B-4330BAE08A1C}" = AMD Catalyst Install Manager
"{B63749A3-C067-4573-AE35-D32F8890A3D3}" = PPC e-Practice Aids Audits of Employee Benefit Plans (2-08)
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B7979C15-E2A5-4738-B1FF-386640E8FB4A}" = Microsoft Outlook Web Access Administration Tool
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C0B3D8E5-34A5-415E-B740-413B2577E6C7}" = PPC Practice Aids Audits of Nonpublic Companies (3-11)
"{C14EA6F2-1959-479E-BFFA-A977963CCDF2}" = PPC SMART Practice Aids - Internal Control
"{C3AC6EC6-2A34-472B-AF3B-4D968AA798FA}" = PPC Practice Aids Audits of Nonpublic Companies (1-09)
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C6CA8738-C61A-4606-93F4-FF880CE65068}" = PPC e-Workpapers Employee Benefit Plans (6-08)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8F1A777-BFC1-4DF5-908B-4055C5973F66}" = PPC Practice Aids Construction Contractors (11-11)
"{C9BF9DF7-B9DD-4F8B-8678-6D80F8CFEEA5}" = PPC Workpapers Employee Benefit Plans (5-10)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}" = WinZip 16.5
"{CDE9C04A-7F8B-40A8-A4A5-875E228254A6}" = Roxio Creator Content 2012
"{CE2A7D92-D766-30A9-B195-C4772EE2695F}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{CE4FAE68-434C-BA43-8B9A-DA215B220479}" = CCC Help Thai
"{CE86D656-C887-4EF1-B2D7-2A1075435964}" = Face Filter
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}" = Microsoft Visual Studio 2005 Standard Edition - ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4737341-1524-6784-8AC1-F79DC79B96CB}" = CCC Help Chinese Standard
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.2
"{D70F7CD3-65D5-4C3F-B906-866760F47F08}" = Checkpoint Tools for PPC
"{D90AD053-6F8D-4658-9EB8-D57C8BE39092}" = QBFC 7.0
"{D910F446-B7A0-F472-1B89-A9085F4AFFBD}" = CCC Help Norwegian
"{DA0F94DA-826F-5B54-7300-D0CB50E0CBB9}" = AMD Media Foundation Decoders
"{DAFAE47A-2598-4633-8696-17A053333B42}" = ProSystem fx Practice/Project 8.1
"{DB9EC33B-1E8E-47FF-A87A-0927F8F1C4FC}" = PPC e-Practice Aids Audits of Nonpublic Companies (1-08)
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DBD1A3A5-15E2-42C8-8EC7-5FF49FCF7B9B}" = PPC Workpapers Employee Benefit Plans (6-09)
"{DCECEA3F-26D5-4A7D-9E43-D76380F16B99}" = VB101SamplesAll
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LACERTEDB)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E288EA43-3A9B-BEAB-8147-11BE15709D42}" = CCC Help Hungarian
"{E2A067AA-D675-5AB0-E1B5-3E701ED8DE5C}" = CCC Help Danish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E56C360C-E52B-41EC-AEF2-5435CA643F30}" = Disk Performance Analyzer for Networks
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E9156B7F-09B9-4719-9DC3-DFAF0AD8D705}" = Microsoft Outlook Configuration Analyzer Tool 2.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{ED8A571D-3301-406E-86BA-B5A7BDD634AB}" = PPC Practice Aids Construction Contractors (6-11)
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F08A6ECB-A8F2-D822-24CE-307AF4AFE64F}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1F8116F-21D2-46E3-9769-7F7F17DC3A90}" = PPC e-Workpapers Nonpublic Companies (6-08)
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DCBB84-F75E-4534-81A0-BFDF7CA76748}" = PPC Practice Aids Audits of Nonprofit Organizations (2-11)
"{F58D378C-9248-4CD9-AF2C-1CB24602C214}" = Mobile Application Development Toolkit
"{F5A5A2B3-5192-831C-AAF3-06FB8F577A13}" = ATI AVIVO Codecs
"{F6130A03-30EE-D4AD-63C8-E90F422C76C5}" = HydraVision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7A8377A-3062-43B8-94F4-4E30EA43A9E9}" = Windows Small Business Server 2011 Standard WMI Provider
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9BBAFC-651C-4176-9C9C-0844FB76DFA0}" = System DLLS
"{FB250000-0001-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE5875F0-F3C4-4E71-94F0-1A2E5BEA0DE9}" = PPC Practice Aids Audits of Nonpublic Companies (11-09)
"{FF791869-5CF0-4CAE-A4C7-716111AAA49B}" = PPC Practice Aids Construction Contractors (6-10)
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"2005 Lacerte Tax" = 2005 Lacerte Tax
"2006 Lacerte Tax" = 2006 Lacerte Tax
"2007 Lacerte Tax" = 2007 Lacerte Tax
"2008 Lacerte Tax" = 2008 Lacerte Tax
"2009 Lacerte Tax" = 2009 Lacerte Tax
"2010 Lacerte Tax" = 2010 Lacerte Tax
"2011 Lacerte Tax" = 2011 Lacerte Tax
"4 Warn Alert" = 4 Warn Alert
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Astraware Astraware Sudoku for Pocket PC" = Astraware Sudoku for Pocket PC
"Astraware Dynomite for Pocket PC" = Dynomite for Pocket PC
"ATB for Windows 3.04" = ATB for Windows 3.04
"Atomic Clock Sync" = Atomic Clock Sync
"AVG Secure Search" = AVG Security Toolbar
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.radioio.ioDesktop.CB8A51FDBDF8B5F2BC25A3DD7F59CC4ED6D8CF65.1" = ioDesktop
"Creative Solutions Accounting" = Creative Solutions Accounting
"Creative Solutions Accounting Workstation" = Creative Solutions Accounting - Workstation
"Crystal Reports9" = Crystal Reports9
"DESI Labeling System 3.2.2.1" = DESI Labeling System
"DivX Setup.divx.com" = DivX Setup
"DjVu" = LizardTech DjVu Control (autoinstall)
"Fixed Assets CS" = Fixed Assets CS
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.430
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HP Smart Web Printing" = HP Smart Web Printing
"InfraRecorder" = InfraRecorder
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{A660ADDD-33F7-431A-8712-AC2330A6EFDC}" = iDatix - iSynergy Viewer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{DAFAE47A-2598-4633-8696-17A053333B42}" = ProSystem fx Practice
"IntelliForms" = IntelliForms
"Invoice Duplicator 10" = Invoice Duplicator 10
"Jawbone Updater" = Jawbone Updater
"Lacerte to Drake Conversion" = Lacerte to Drake Conversion 11.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU" = Microsoft Visual Studio 2005 Academic Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MSC" = McAfee SecurityCenter
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oil & Gas Disbursement and JIB Manager Integrated Edition_is1" = Oil & Gas Disbursement and JIB Manager Integrated Edition 3.0
"Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17
"PC-Doctor for Windows" = Dell Support Center
"PDF-XChange 3_is1" = PDF-XChange 3
"PPC Library" = PPC Library
"Production Explorer" = Production Explorer v4.2
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Roxio PhotoShow" = Roxio PhotoShow
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.32
"Spb Brain Evolution" = Spb Brain Evolution
"TValue 5" = TValue 5
"WinLiveSuite" = Windows Live Essentials
"WinZip Companion for Outlook" = WinZip Companion for Outlook

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.0.0.799

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/18/2012 4:03:51 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = VSS | ID = 8194
Description =

Error - 10/18/2012 5:43:37 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = VSS | ID = 8193
Description =

Error - 10/19/2012 1:30:43 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Acronis\BootableComponents\WinPE\Files\systeminfo.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 1:31:21 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 1:31:53 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Acronis\BootableComponents\WinPE\Files\TrueImage.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 1:32:01 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 1:32:03 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Acronis\BootableComponents\WinPE\Files\mms.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 1:34:54 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Jawbone\driver_cleaner\x64\USBDeview.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="Win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/19/2012 10:41:10 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = VSS | ID = 8193
Description =

Error - 10/19/2012 10:41:10 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 10/18/2012 2:30:56 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = DCOM | ID = 10010
Description =

Error - 10/18/2012 3:05:29 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/18/2012 4:03:37 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 10/18/2012 4:03:37 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
to start due to the following error: %%2

Error - 10/18/2012 4:03:42 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Null

Error - 10/18/2012 4:06:43 PM | Computer Name = Tom-Vista.buxtoncpa.local | Source = DCOM | ID = 10010
Description =

Error - 10/19/2012 10:40:56 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 10/19/2012 10:40:57 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
to start due to the following error: %%2

Error - 10/19/2012 10:41:04 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Null

Error - 10/19/2012 10:44:15 AM | Computer Name = Tom-Vista.buxtoncpa.local | Source = DCOM | ID = 10010
Description =

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:42:43 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 35
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
[color=red]Java version out of Date![/color]
Adobe Reader 8 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Online Backup Cox_Business_CBOBbackup.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
[u]````````````````````End of Log``````````````````````[/u]
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:43:08 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to OldAuditor

C:\Users\tom.BUXTONCPA\Desktop\Downloads\SJW\siw-setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\tom.BUXTONCPA\Favorites\Downloads\WINZIP\winzip155.exe Win32/OpenCandy application deleted - quarantined

to forum · permalink · 2012-10-23 10:43:31 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-23 10:58:37 ·

OldAuditor

join:2007-03-24
Oklahoma City, OK

TDSS_2.txt 155,741 bytes

Here is the log, including running processes. I looked at the detections. Most I recognize.

to forum · permalink · 2012-10-23 16:09:03 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to OldAuditor
Do you have the same problem in Firefox, or is it just IE9?

to forum · permalink · 2012-10-23 20:27:51 ·

OldAuditor

join:2007-03-24
Oklahoma City, OK

IE9 is the only browser I have.

to forum · permalink · 2012-10-23 21:38:54 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor
The logs are all clean with no sign of malware. The detect by MBAM is a warning re bundled content, but 7Zip itself is ok.

You are aware of the programs detected by TDSS iIller and none are known by me to be dangerous.

I asked re Firefox since the OTL log showed registry entries from Firefox.

You can try disabling add-ons in IE9 selectively, and see if the issue comes from any of them.

Also check your search providers to make sure they are all desired.

There is nothing more here I can do. I would suggest posting in the Microsoft Answers forums (»answers.microsoft.com/en-us). Be sure to link to this thread so they can review the logs.

Cleanup instructions are in the following post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-24 11:35:42 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to OldAuditor
Cleaning Up:

Delete TFC:

Delete the TFC icon on your Desktop

Delete OTL:

Double click the OTL icon on your Desktop
Press the 'Cleanup' button

Delete Security Check:

Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:

We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit

If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:

If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-10-24 11:35:59 ·

OldAuditor

join:2007-03-24
Oklahoma City, OK

Thank you for you efforts. Will try some other ideas.

Thanks.

to forum · permalink · 2012-10-24 14:26:19 ·

Broadband Tech > Security > Security Cleanup > Whatever this is is interfereing with IE9

Whatever this is is interfereing with IE9