dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2389
share rss forum feed


randalldb

@cox.net

[Trojan] My Virus troubles

here is my log files for my computer. Ive had 3 virus removed before I came to here. system still runs slow and unstable. Format disk is next I fear. this is my 1st post



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL logfile created on: 11/25/2012 9:29:24 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Randall Bailey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.28% Memory free
5.71 Gb Paging File | 4.12 Gb Available in Paging File | 72.04% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 53.57 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.22 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive G: | 93.16 Gb Total Space | 57.14 Gb Free Space | 61.34% Space Free | Partition Type: NTFS

Computer Name: BARDICK-PC | User Name: Randall Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/25 09:02:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randall Bailey\Downloads\OTL.exe
PRC - [2012/11/23 13:59:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2012/08/31 13:00:52 | 000,078,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Core\mchost.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/12/05 20:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/12/05 20:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/02/04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/16 09:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/16 09:31:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/16 09:26:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/16 09:25:33 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/16 09:23:21 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/16 09:20:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/02/04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
MOD - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/04 01:05:09 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/04 01:04:53 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/04 01:04:52 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/04 00:52:39 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2010/02/04 00:52:33 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2010/02/02 03:30:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.core.dll
MOD - [2010/02/02 03:30:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.common.dll
MOD - [2010/02/02 03:29:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/11/22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/05 20:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/17 15:12:34 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/07/17 15:09:42 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/07/17 15:08:10 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:05:58 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/07/17 15:05:38 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/07/17 15:05:18 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/04/18 10:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/03/12 18:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 19:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {36190541-0C04-4C0F-9F78-A70761A42B1B}
IE - HKLM\..\SearchScopes\{36190541-0C04-4C0F-9F78-A70761A42B1B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm300YYus&ptb=C7DD6F0D-AC6A-4647-BF4E-B5C2604CD684&ind=2011111311&ptnrS=RGxdm300YYus&si=&n=77df1f8f&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{F71A5F20-2EEC-41AE-BE76-5CABF69A135E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sparkpeople.com/myspark [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxphoenix.com/category/230135/news
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: {6B6B6A0D-5922-4B4F-89BE-39E9799AE387}:6.3
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Randall Bailey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Randall Bailey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Randall Bailey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/11/11 20:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/25 04:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/12 16:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/11 20:43:39 | 000,000,000 | ---D | M]

[2011/12/18 09:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Extensions
[2012/11/21 12:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions
[2012/11/12 16:09:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/11 03:49:11 | 000,000,000 | ---D | M] (UPnPDescriptionDocument Class extension for Firefox) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions\{6B6B6A0D-5922-4B4F-89BE-39E9799AE387}
[2012/11/12 16:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/11 20:43:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/25 04:14:30 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Randall Bailey\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Gmail = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120624200152.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Randall Bailey\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: directv.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fax.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: srpnet.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F10C57-CF82-47A4-A2B5-684C2EA32BCA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D892DBAB-43CA-4A32-AE2B-9845BE228544}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Randall Bailey\Pictures\Colorado\IMGA0390.JPG
O24 - Desktop BackupWallPaper: C:\Users\Randall Bailey\Pictures\Colorado\IMGA0390.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{735d1864-5bd5-11de-be58-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{735d1864-5bd5-11de-be58-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE
O33 - MountPoints2\{86929e47-1754-11e1-89e4-001f167bac78}\Shell - "" = AutoRun
O33 - MountPoints2\{86929e47-1754-11e1-89e4-001f167bac78}\Shell\AutoRun\command - "" = G:\TAOPhotoTransfer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/25 04:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/25 03:21:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Randall Bailey\Desktop\TFC.exe
[2012/11/24 03:36:28 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{68CE577F-0842-4F83-97C1-89A87AAD2A34}
[2012/11/23 13:59:37 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/23 13:59:37 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/23 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Malwarebytes
[2012/11/23 09:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/23 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/23 09:35:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/23 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/23 09:19:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/23 09:12:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/11/22 20:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/11/22 20:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/11/22 19:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/22 09:08:16 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{40BF40AC-D74E-453D-A5CE-912615748D45}
[2012/11/21 18:22:41 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{84909EA9-C209-401D-9EA3-F32BB22FCF80}
[2012/11/20 05:16:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/19 19:02:52 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{0329BE1F-163A-4DDB-8687-9D6648F207D4}
[2012/11/18 18:25:56 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{D63123B9-44B0-4A43-A961-E36914AB257B}
[2012/11/18 06:25:29 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{F68B4FA1-2EB4-4AF6-94F6-1157480523E7}
[2012/11/17 13:09:48 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 13:09:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 13:09:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 13:09:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 13:09:18 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Seven Zip
[2012/11/17 06:52:01 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\McAfee
[2012/11/16 04:40:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/16 04:40:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/16 04:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/16 04:40:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/16 04:40:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/16 04:40:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/16 04:40:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/16 04:40:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/15 12:26:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 12:25:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/11 03:53:04 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Macromedia
[2012/11/11 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Mozilla Firefox
[2012/11/10 05:38:53 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{B0BDCDD7-8B27-4255-86F0-7BDD58CBBFA6}
[2012/11/09 03:28:54 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{AC5A06D3-004E-4C7A-983F-46E0CFDFA13A}
[2012/11/08 17:37:55 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Spotify
[2012/11/08 17:36:46 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Spotify
[2012/11/08 03:36:39 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\WildTangent
[2012/11/08 03:36:00 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\BVRP Software
[2012/11/05 19:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/05 19:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/05 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{47F513B7-0FAF-417B-A86F-BCAA38EB2494}
[2012/11/05 05:08:12 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{DDA3F7A5-6BB8-422A-B7DA-58BB3DF7B044}
[2012/11/04 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{38DD0FC4-EF83-4AED-B863-87F3EAED9F4A}
[2012/11/04 08:21:03 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\ABBYY
[2012/11/04 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2012/11/04 08:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2012/11/04 05:07:47 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{1C01B6E9-621B-4156-BFBD-686A3F2A956C}
[2012/11/03 17:07:34 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{CBB3D626-6D39-46BE-9BE3-9342CB4B3F0E}
[2012/11/03 05:07:22 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{3DCAB480-AAC2-4AC1-A888-C0135BD71E71}
[2012/11/02 17:06:54 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{DEA8A3F8-24AB-4D7C-BECB-8823708C7500}
[2012/11/02 03:57:20 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{F4AAC95F-73EA-4816-A459-AFC8F8F15604}
[2012/10/31 16:10:25 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{EBFDE835-0EB2-4846-B939-626293F5FD9B}
[2012/10/30 16:16:13 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{BA62C8EF-75A7-4BD0-AD5D-A5D2514BDF0D}
[2012/10/30 04:15:48 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{75C69AB7-6C69-4859-AC13-623448543046}
[2012/10/29 16:15:28 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{4855CBF8-FA22-449E-982E-1185A20715A4}
[2012/10/28 11:16:53 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Skype
[2012/10/28 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/28 11:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/10/28 11:16:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/10/28 11:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/10/28 04:46:44 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{B86086CB-FD82-48AC-A208-4E33418CFB1C}
[2012/10/27 16:46:28 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{800D4EE6-47C6-4DF3-98EC-611B099B9AB7}
[2012/10/27 04:46:15 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{2ADD4C5B-9475-48D4-B8BB-ADEB97479A04}
[2012/10/26 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{8FCC8198-6F6F-4E83-8D17-11E7377BDCD2}
[2011/11/16 07:58:28 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Randall Bailey\AppData\Local\log4cxx.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/25 09:32:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 09:30:44 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
[2012/11/25 09:02:28 | 000,000,514 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/11/25 08:49:06 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
[2012/11/25 08:11:45 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 08:11:45 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 04:10:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 04:09:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 03:22:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Randall Bailey\Desktop\TFC.exe
[2012/11/25 03:12:04 | 000,000,567 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\MBRCheck - Shortcut.lnk
[2012/11/24 16:30:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
[2012/11/24 14:49:04 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
[2012/11/24 06:54:23 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 06:54:23 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 13:59:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/23 13:59:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/23 09:35:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 09:32:44 | 000,000,577 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\tdsskiller - Shortcut.lnk
[2012/11/23 00:34:04 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/23 00:34:04 | 000,001,955 | ---- | M] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/22 15:25:52 | 289,624,380 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/20 19:52:07 | 000,577,646 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\shawna license.pdf
[2012/11/20 19:42:01 | 001,697,444 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\megan wagy.pdf
[2012/11/18 09:19:21 | 000,001,028 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/17 13:08:18 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 13:08:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 13:08:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 13:08:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 13:08:10 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 13:08:09 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/17 07:46:23 | 000,011,968 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\MVTHealthCheck_Deviation.html
[2012/11/17 06:52:00 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/11/16 09:15:09 | 000,346,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/12 16:57:25 | 000,000,870 | ---- | M] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/12 16:57:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/12 16:39:44 | 000,013,824 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/10 17:04:27 | 000,000,680 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\d3d9caps.dat
[2012/11/09 04:06:28 | 000,083,986 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\{33090943-95A0-CABB-A565-2F2049631B24}.dat
[2012/11/05 19:31:03 | 001,192,082 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;31;03 PM.PDF
[2012/11/05 19:26:44 | 001,147,321 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;26;44 PM.PDF
[2012/11/04 08:19:32 | 000,075,233 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2012/11/03 07:52:37 | 000,009,905 | ---- | M] () -- C:\Users\Randall Bailey\Documents\YARDSALE2.odg
[2012/11/03 07:39:06 | 000,013,523 | ---- | M] () -- C:\Users\Randall Bailey\Documents\YARDSALE.odg
[2012/10/28 11:16:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/27 16:05:08 | 000,224,565 | ---- | M] () -- C:\Users\Public\Documents\Jonathan's trip.xps
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/25 03:12:04 | 000,000,567 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\MBRCheck - Shortcut.lnk
[2012/11/23 09:35:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 09:32:44 | 000,000,577 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\tdsskiller - Shortcut.lnk
[2012/11/22 19:47:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/22 19:47:27 | 000,001,955 | ---- | C] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/22 15:25:52 | 289,624,380 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/20 19:52:06 | 000,577,646 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\shawna license.pdf
[2012/11/20 19:41:59 | 001,697,444 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\megan wagy.pdf
[2012/11/18 09:19:21 | 000,001,028 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/17 07:46:23 | 000,011,968 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\MVTHealthCheck_Deviation.html
[2012/11/17 06:52:00 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/11/17 06:51:13 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/11/09 04:06:28 | 000,083,986 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\{33090943-95A0-CABB-A565-2F2049631B24}.dat
[2012/11/05 19:31:07 | 001,192,082 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;31;03 PM.PDF
[2012/11/05 19:27:08 | 001,147,321 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;26;44 PM.PDF
[2012/11/04 08:18:09 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2012/11/03 07:52:36 | 000,009,905 | ---- | C] () -- C:\Users\Randall Bailey\Documents\YARDSALE2.odg
[2012/11/03 07:22:48 | 000,013,523 | ---- | C] () -- C:\Users\Randall Bailey\Documents\YARDSALE.odg
[2012/10/29 16:25:17 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
[2012/10/29 16:25:14 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
[2012/10/28 11:16:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/27 16:05:07 | 000,224,565 | ---- | C] () -- C:\Users\Public\Documents\Jonathan's trip.xps
[2012/03/31 09:30:38 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/03/31 09:30:38 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/03/31 09:29:07 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2012/03/31 09:29:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2012/03/31 09:29:03 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2012/03/31 09:29:03 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2012/03/31 09:29:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2012/03/17 07:19:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/03/17 07:19:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/08 04:17:01 | 000,052,167 | ---- | C] () -- C:\Users\Randall Bailey\Application for Copy of Birth Record.pdf
[2012/01/28 10:22:08 | 000,128,326 | ---- | C] () -- C:\Users\Randall Bailey\ACE - 2.pdf
[2012/01/01 07:14:56 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/12/29 12:11:03 | 000,000,944 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Roaming\wklnhst.dat
[2011/11/19 04:54:04 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/16 07:58:35 | 000,094,208 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\common_functions.dll
[2011/10/17 19:17:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/17 19:17:06 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/02 04:08:50 | 000,102,400 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\ie_runner_app.exe
[2011/08/22 06:24:38 | 000,000,680 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\d3d9caps.dat
[2011/07/18 01:40:10 | 000,030,547 | ---- | C] () -- C:\Users\Randall Bailey\UC232A_winxp.zip
[2011/07/17 07:27:39 | 000,013,824 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 06:43:26 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2011/07/17 06:43:26 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2011/07/16 10:25:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2011/07/16 10:25:32 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2011/07/16 10:25:31 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2011/07/16 10:25:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2011/07/16 10:25:30 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2011/07/16 10:25:28 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2011/07/16 10:25:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2011/07/16 10:25:22 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2011/07/16 10:25:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2011/07/16 10:25:21 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2011/07/16 10:25:21 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2011/07/16 10:25:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2011/07/16 10:25:19 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[2011/07/16 10:25:19 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2011/07/16 10:25:19 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2011/07/15 17:45:03 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2011/07/15 17:45:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2011/07/15 17:45:03 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2011/05/08 06:50:47 | 000,050,493 | ---- | C] () -- C:\Users\Randall Bailey\Mother's Day card.jpg
[2011/05/01 16:00:35 | 005,454,111 | ---- | C] () -- C:\Users\Randall Bailey\owp04282011.mp3
[2011/03/06 07:38:55 | 000,559,824 | ---- | C] () -- C:\Users\Randall Bailey\Ford AX4S Transmission Problems.mht
[2010/08/28 15:02:57 | 000,669,199 | ---- | C] () -- C:\Users\Randall Bailey\fairfield.JPG
[2010/06/24 03:19:35 | 000,131,088 | ---- | C] () -- C:\Users\Randall Bailey\ttaxol2008.pdf
[2010/04/17 06:22:42 | 000,046,280 | ---- | C] () -- C:\Users\Randall Bailey\CHSdrama.jpg
[2010/04/11 09:19:20 | 000,156,812 | ---- | C] () -- C:\Users\Randall Bailey\AZgunlaw2009.pdf
[2010/04/03 07:16:57 | 000,331,340 | ---- | C] () -- C:\Users\Randall Bailey\ladmotie.jpg.jpg
[2010/02/22 14:54:35 | 000,307,535 | ---- | C] () -- C:\Users\Randall Bailey\goals and barriers.pdf
[2009/12/12 10:26:00 | 000,223,045 | ---- | C] () -- C:\Users\Randall Bailey\pi_abilify.pdf
[2009/11/01 13:26:08 | 001,360,858 | ---- | C] () -- C:\Users\Randall Bailey\Carbonite-3.230.zip
[2009/10/31 11:13:48 | 000,605,922 | ---- | C] () -- C:\Users\Randall Bailey\S9_UG.pdf
[2009/08/22 09:34:12 | 000,052,351 | ---- | C] () -- C:\Users\Randall Bailey\aerize.optimizer.manual.1.0.0.pdf
[2009/08/06 15:00:51 | 001,284,803 | ---- | C] () -- C:\Users\Randall Bailey\Car agreement.JPG
[2009/06/22 03:29:23 | 000,081,622 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/22 03:15:09 | 000,081,622 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/17 23:50:01 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/15 10:59:17 | 005,697,705 | ---- | C] () -- C:\Users\Randall Bailey\2009_relocation.pdf
[2009/04/13 17:14:32 | 000,131,012 | ---- | C] () -- C:\Users\Randall Bailey\2008tax.pdf
[2009/03/24 07:52:50 | 000,084,693 | ---- | C] () -- C:\Users\Randall Bailey\autoinsurance.pdf
[2009/03/10 04:21:33 | 000,180,224 | ---- | C] () -- C:\Users\Randall Bailey\2009-03-07_rev_1252_compiled.zip
[2009/03/04 12:24:17 | 000,000,650 | ---- | C] () -- C:\Users\Randall Bailey\SHARED LEADERSHIP MARCH 4TH.rtf
[2009/01/24 05:50:25 | 002,939,836 | ---- | C] () -- C:\Users\Randall Bailey\Driver_install_instructions_1.pdf
[2009/01/01 13:43:37 | 000,012,657 | ---- | C] () -- C:\Users\Randall Bailey\Windowscontacts.csv
[2009/01/01 12:41:53 | 000,016,351 | ---- | C] () -- C:\Users\Randall Bailey\WLContacts.csv
[2008/12/22 18:36:50 | 000,017,819 | ---- | C] () -- C:\Users\Randall Bailey\address.csv
[2008/12/22 16:07:27 | 000,007,283 | ---- | C] () -- C:\Users\Randall Bailey\Yahoo.csv
[2008/12/19 15:39:34 | 006,737,032 | ---- | C] () -- C:\Users\Randall Bailey\transcript 12-19-2008p2.pdf
[2008/12/19 15:37:41 | 006,737,032 | ---- | C] () -- C:\Users\Randall Bailey\transcript 12-19-2008.pdf
[2008/12/16 10:37:10 | 001,031,195 | ---- | C] () -- C:\Users\Randall Bailey\U. S. Senate Report.pdf
[2008/11/26 19:40:25 | 003,622,912 | ---- | C] () -- C:\Users\Randall Bailey\UNIQUE Fotos.pps
[2008/10/04 07:19:24 | 000,033,286 | ---- | C] () -- C:\Users\Randall Bailey\Emergency Economic Stabilization Act of 2008.pdf
[2008/09/25 17:29:24 | 000,019,651 | ---- | C] () -- C:\Users\Randall Bailey\phone.csv
[2008/09/21 16:28:53 | 000,080,021 | ---- | C] () -- C:\Users\Randall Bailey\psychrometric chart.gif
[2008/08/28 15:13:04 | 000,102,994 | ---- | C] () -- C:\Users\Randall Bailey\sleep_diary.pdf
[2008/08/24 19:42:08 | 001,354,194 | ---- | C] () -- C:\Users\Randall Bailey\myCIGNAGuide.pdf

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011/09/11 05:30:47 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Blackberry Desktop
[2012/10/14 07:30:31 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 06:22:19 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Funambol
[2011/07/22 03:47:41 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Lexmark Productivity Studio
[2011/08/04 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\OpenOffice.org
[2011/07/30 08:59:18 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Research In Motion
[2012/11/08 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Spotify
[2011/12/29 12:11:07 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Template
[2011/11/16 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\upromise
[2012/11/08 03:36:39 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\WildTangent
[2011/08/29 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\Z06197VS AZ.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\taylor.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\TaxReturn2008.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\RSI.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\NewTake1.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\InfoTool.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0311.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0310.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0309.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0308.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0307.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0306.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0305.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0304.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0303.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0302.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0301.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0300.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0299.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0298.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0297.JPG:Roxio EMC Stream
@Alternate Data Stream - 1045 bytes -> C:\Users\Randall Bailey\Documents\Walmart_com Product Care Plan Confirmation.eml:OECustomProperty

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL Extras logfile created on: 11/25/2012 9:03:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Randall Bailey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 57.80% Memory free
5.71 Gb Paging File | 4.19 Gb Available in Paging File | 73.26% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 53.60 Gb Free Space | 38.64% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.22 Gb Free Space | 11.79% Space Free | Partition Type: NTFS
Drive G: | 93.16 Gb Total Space | 57.14 Gb Free Space | 61.34% Space Free | Partition Type: NTFS

Computer Name: BARDICK-PC | User Name: Randall Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9D7E6-61D3-4FBE-A9FB-37B134DC038C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1277FD0B-1716-4A7F-BEF9-DC3C7A8783CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{13334C53-6F76-47E8-A5E1-8A8D6CA7AA88}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{165BB20E-B49B-47EF-9CC0-62E9AF315F7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1ACC42AC-DAAC-4401-B6A3-F3033278B9CB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D419C75-D8D6-4528-B96F-C0A07EE411DD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{31AE36D8-DB07-459E-9B09-F96FB6887BE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{370CE7D7-FF64-4D7E-8E3C-136630BD33A5}" = lport=138 | protocol=17 | dir=in | app=system |
"{37C458FE-16EF-4A1C-918F-AA3A6F54BD25}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B5EF7CD-25CE-45AF-9153-017BE41FD2FC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{50E5490A-BDC9-425B-800A-F0DC7A58DE8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{59C290A5-799D-4581-AF52-F0504E3BFF37}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{60FDF95E-61C3-43A3-9272-146B5402E538}" = lport=137 | protocol=17 | dir=in | app=system |
"{66941EBB-9475-46A0-A0ED-8A02859A89BA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{767BD0A4-574E-42CC-8B10-4070CCE8C9C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8898B162-CE9D-4DD4-B94E-2E8BF60FAF00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B47DBC1-362F-4865-AE80-3E6378AF2ACE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E5F6FF5-EF5E-46CB-AEE6-094D608C7FBE}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8F44FD80-06E2-4AD6-B711-33B1AA2C796C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{9748579E-3D48-4DB1-9044-3551EEF61574}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB3CDD95-9BD3-4CF1-9D1A-400A904E29E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ACB11EF1-30DC-4044-82BF-E8530DC52F2B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B48AC775-06A9-4341-A606-431AF255006C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B50F8DAD-4D2C-4B98-B0A7-FB5C4E64FDB0}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B995BF68-B522-4DF1-B945-8C3F5084DCF5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{BFCEBFBE-A8B6-4D5C-B70E-AFE4A816BB37}" = lport=139 | protocol=6 | dir=in | app=system |
"{C452098B-CE5B-4C29-BF94-531BD00A6265}" = rport=138 | protocol=17 | dir=out | app=system |
"{C54EF518-8C04-4911-9952-9ED565D8AE30}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7DEB84E-6FDA-40D5-B5E7-B2C7758CA35C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{CFD3CA49-7512-439B-88BE-C89C25A54FD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D028EB1E-A8CA-4A8D-A0D1-FBF39D1FA57E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1B20D6D-644B-40E9-A116-BFAF29AFF209}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E09ED5C7-5E1A-45EF-9B98-68E31C6E4D0F}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2CB852F-3228-4EE4-882C-60ACDDD6FE06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4D3B078-0C47-4AC5-8992-E75CC97C8C3B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{F5757C19-B2C0-460E-B34D-637481B7E952}" = rport=137 | protocol=17 | dir=out | app=system |
"{F99CAEB2-3959-4CE5-8B0D-1BAA5CC513BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9B01C3B-280D-440A-970A-8F40A60236B9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022DCFF6-DB80-47BF-ACD1-68049C0151C8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{08DB0F7F-2973-4208-BF2F-112A50836CFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0AE49071-A24B-4B9A-B2FB-B40E989FCF5A}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{0BC955A3-BB78-4050-A5D6-ACA7A5AF93C5}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{0D5CE8BC-9071-49FA-B232-B04A342932D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{118D3974-4739-413A-9024-A12249093675}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{1D0A7193-8C01-4902-AA87-CB69924FF540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20FA5F12-56C4-48A2-9CB8-959BC82646A1}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{291F0A84-2ECF-4734-8454-11E5CE7EABC9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33109B1E-059B-4059-96E1-61DF89BF41D1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{36BE1136-551F-4357-BEC8-9052B1F995DC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{501960BF-F3D6-4BDA-86DE-D88D5CD1F1ED}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5C368E7C-D471-4DA5-9D45-B5E97F653DDA}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{66018D7B-D6AA-413A-9D0F-F21D93D99676}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{677BCD5F-C497-4E5C-A0E3-C2473B494445}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76E8C450-7469-439E-A325-41DAF991CF57}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7F6E7539-7842-414C-83ED-8DDAAFCE5F5D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{88F5891B-0C17-4865-B857-B4432E76B2B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9420CC3B-AB9B-4D63-AA38-3E159941C3D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B61A85C-C993-4D96-9626-3852B78C2A5D}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9C7B6F68-F2E6-4E0F-8CBE-CC2708FBAD28}" = dir=in | app=c:\users\randall bailey\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A06FEC69-B6F0-40C3-97B0-166B8D986826}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{A89043EC-A952-42EB-8AB7-8860A9FAE4AC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B50FA4DB-2768-49D9-9083-55C9095C1C88}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BCE63DBD-F58B-41FD-BD75-313E4A9252A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C30B7BA7-8B27-4B19-A5C6-F15ABEAB3B28}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C5690926-4B35-4CA5-88F0-89C80C497879}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D0A49ED6-E631-4DF8-9CC8-C5AD72F9221B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{D757CB8B-7F93-43AC-A57D-FD2B5BC32B8A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7629500-AFE0-4224-964C-230A7D35571E}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D9618AAD-91E7-47F6-9DEC-AE5A0A34201E}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{E18EA667-7289-407F-A6E4-9B9ED6AC7219}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{E4DC5122-A7D1-4FBC-993A-AB86D453A813}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{E6626814-1B9C-455A-892F-B294512B4E72}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E7E66E9A-EF78-451A-A4A0-25B95DE87B83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF86385F-7BE1-4B3D-A32A-2B7E518BF86A}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{F09106E1-E2F7-40C4-971B-DB108C958D6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3248F9E-6922-444E-8A52-607297AFEDEC}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{F5318513-D11B-4395-B248-914D4B14BFBC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5BDA9BB-9E85-4496-8F1E-FDB68818EBD3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{14C83327-CBE0-4A8E-A08F-17F1CA36A6A2}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"TCP Query User{31F8C077-E1C0-4783-90A6-229D2DDD8E36}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"TCP Query User{AD779D36-9D5A-4E20-A53C-1B5D8F58A9F4}C:\program files\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktophelper.exe |
"UDP Query User{0E02936C-E451-4A33-8A26-8D15EFE57C60}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"UDP Query User{66DDBF89-EB6A-4A43-9D37-FE5FEF755D7F}C:\program files\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktophelper.exe |
"UDP Query User{C58A0F09-21D8-47DF-9FA7-FE0C641F53C5}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7DCBBA-D8C7-4877-967F-C663037353C4}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{1CB9B42A-DA98-4F71-9270-C7AF35F47213}" = MyFax® Print-to-Fax Assistant 32bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}" = MotionDV STUDIO 6.0E LE for DV
"{510DE38F-8FEC-4AFE-8C8C-8095C55C1DDC}" = TurboTax 2011 waliper
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82FEBE5D-61EC-4365-A213-2B278780945E}" = OneTouch Software
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5CC6AC-5807-4348-B963-87CE46DACA3F}" = TurboTax 2011 waziper
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch(R) Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch(R) Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}" = HP Product Detection
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleManager" = AudibleManager
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"Carbonite Backup" = Carbonite
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch(R) Software v1.10.0.0
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"LFSVCOMM&10C4&85A7" = LifeScan USB Device Driver vSL2.0 (Driver Removal)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.2
"NVIDIA Drivers" = NVIDIA Drivers
"Sprint Desktop Sync Client" = Sprint Desktop Sync Client 3.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2011" = TurboTax 2011
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Upromise TurboSaver" = Upromise TurboSaver (remove only)

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/23/2012 5:43:01 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/23/2012 5:43:01 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/23/2012 5:43:14 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/23/2012 5:43:14 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/23/2012 5:43:30 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/23/2012 5:43:30 PM | Computer Name = bardick-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2012 6:35:40 AM | Computer Name = bardick-PC | Source = ESENT | ID = 484
Description = wlmail (9008) WindowsLiveMail0: An attempt to remove the folder "C:\Users\Randall
Bailey\AppData\Local\Microsoft\Windows Live Mail\Backup\old" failed with system
error 145 (0x00000091): "The directory is not empty. ". The remove folder operation
will fail with error -1022 (0xfffffc02).

Error - 11/24/2012 6:35:40 AM | Computer Name = bardick-PC | Source = ESENT | ID = 215
Description = wlmail (9008) WindowsLiveMail0: The backup has been stopped because
it was halted by the client or the connection with the client failed.

Error - 11/24/2012 9:32:31 AM | Computer Name = bardick-PC | Source = Application Error | ID = 1000
Description = Faulting application nvxdsync.exe, version 8.17.13.142, time stamp
0x4fb20bad, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x4d8, application
start time 0x01cdc9ba27343813.

Error - 11/24/2012 9:38:34 AM | Computer Name = bardick-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/24/2012 10:02:37 AM | Computer Name = bardick-PC | Source = Windows Backup | ID = 4104
Description =

[ System Events ]
Error - 11/24/2012 9:40:03 AM | Computer Name = bardick-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/24/2012 9:40:03 AM | Computer Name = bardick-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/24/2012 10:40:05 AM | Computer Name = bardick-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.17. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 11/25/2012 2:30:28 AM | Computer Name = bardick-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/25/2012 2:31:29 AM | Computer Name = bardick-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/25/2012 4:51:01 AM | Computer Name = bardick-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.17. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 11/25/2012 6:24:57 AM | Computer Name = bardick-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/25/2012 7:11:02 AM | Computer Name = bardick-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/25/2012 7:11:56 AM | Computer Name = bardick-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 11/25/2012 12:02:23 PM | Computer Name = bardick-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Java 7 Update 9
Java(TM) 6 Update 7
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
Adobe Reader 10.1.4 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox 16.0.2 [color=red]Firefox out of Date![/color]
Google Chrome 22.0.1229.95
Google Chrome 23.0.1271.64
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1 %
[u]````````````````````End of Log``````````````````````[/u]
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to randalldb

Randall...you are missing the MBAM log and the online scan

Directions on how to run the two and where to find the logs are here:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Let us know if you need help with the logs



Randall

@cox.net

found the one but couldnt find the other except for a install log


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to randalldb

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Randall

@cox.net

downloadSophosVirusR···Tool.log 12,536 bytes
sophos


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to randalldb

2012-11-27 15:00:25 Sophos Virus Removal Tool version 2.2
2012-11-27 15:00:25 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-11-27 15:00:25 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-11-27 15:00:25 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2012-11-27 15:00:25 Checking for updates...
2012-11-27 15:00:32 Update progress: proxy server not available
2012-11-27 15:01:07 Option all = no
2012-11-27 15:01:07 Option recurse = yes
2012-11-27 15:01:07 Option archive = no
2012-11-27 15:01:07 Option service = yes
2012-11-27 15:01:07 Option confirm = yes
2012-11-27 15:01:07 Option sxl = yes
2012-11-27 15:01:07 Option max-data-age = 35
2012-11-27 15:01:07 Component SVRTcli.exe version 2.2
2012-11-27 15:01:07 Component control.dll version 2.2
2012-11-27 15:01:07 Component SVRTservice.exe version 2.2
2012-11-27 15:01:07 Component engine\osdp.dll version 1.44.0.2022
2012-11-27 15:01:07 Component engine\veex.dll version 3.37.2.2022
2012-11-27 15:01:07 Component engine\savi.dll version 7.5.10.2022
2012-11-27 15:01:08 Component rkdisk.dll version 1.5.30.0
2012-11-27 15:01:08 Version info: Product version 2.2
2012-11-27 15:01:08 Version info: Detection engine 3.37.2
2012-11-27 15:01:08 Version info: Detection data 4.83
2012-11-27 15:01:08 Version info: Build date 11/5/2012
2012-11-27 15:01:08 Version info: Data files added 329
2012-11-27 15:01:08 Version info: Last successful update (not yet updated)
2012-11-27 15:05:48 Downloading updates...
2012-11-27 15:05:48 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2012-11-27 15:05:48 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2012-11-27 15:05:48 Update progress: [I49502] Found supplement IDE484 LATEST
2012-11-27 15:05:48 Update progress: [I49502] Found supplement IDE485 LATEST
2012-11-27 15:05:48 Update progress: [I49502] Found supplement IDE486 LATEST
2012-11-27 15:05:48 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2012-11-27 15:05:48 Update progress: [I19463] Syncing product SAVIW32 21
2012-11-27 15:05:52 Update progress: [I19463] Syncing product IDE484 157
2012-11-27 15:05:54 Installing updates...
2012-11-27 15:05:55 Update progress: [I19463] Syncing product IDE485 173
2012-11-27 15:05:55 Update progress: [I19463] Syncing product IDE486 2
2012-11-27 15:06:16 Update successful
2012-11-27 15:06:31 Option all = no
2012-11-27 15:06:31 Option recurse = yes
2012-11-27 15:06:31 Option archive = no
2012-11-27 15:06:31 Option service = yes
2012-11-27 15:06:31 Option confirm = yes
2012-11-27 15:06:31 Option sxl = yes
2012-11-27 15:06:31 Option max-data-age = 35
2012-11-27 15:06:31 Component SVRTcli.exe version 2.2
2012-11-27 15:06:31 Component control.dll version 2.2
2012-11-27 15:06:31 Component SVRTservice.exe version 2.2
2012-11-27 15:06:31 Component engine\osdp.dll version 1.44.0.2022
2012-11-27 15:06:31 Component engine\veex.dll version 3.37.2.2022
2012-11-27 15:06:31 Component engine\savi.dll version 7.5.10.2022
2012-11-27 15:06:31 Component rkdisk.dll version 1.5.30.0
2012-11-27 15:06:31 Version info: Product version 2.2
2012-11-27 15:06:31 Version info: Detection engine 3.37.2
2012-11-27 15:06:31 Version info: Detection data 4.83G
2012-11-27 15:06:31 Version info: Build date 11/5/2012
2012-11-27 15:06:31 Version info: Data files added 329
2012-11-27 15:06:31 Version info: Last successful update 11/27/2012 3:06:16 PM

2012-11-27 16:43:01 Could not open C:\System Volume Information\{04b7be99-3581-11e2-a4fc-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{04b7bea1-3581-11e2-a4fc-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{52e2b751-35ad-11e2-89f3-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{5d2dc979-3397-11e2-938c-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{5d2dc987-3397-11e2-938c-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{6db176d0-38a2-11e2-ac97-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{6db176d8-38a2-11e2-ac97-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{7864e325-36c9-11e2-a03c-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{7864e34c-36c9-11e2-a03c-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{88201ca6-37da-11e2-8d76-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad8fb-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad903-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad90b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad913-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad91b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad923-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad92b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad933-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad93b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad943-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad94b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad953-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad95b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad963-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad96b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad973-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad97b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad983-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad98b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad993-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad99b-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9a3-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9ab-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9b3-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9bb-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9c3-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9cb-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{b74ad9d3-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{f710ddca-363b-11e2-a725-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 16:43:01 Could not open C:\System Volume Information\{f710ddfb-363b-11e2-a725-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:18:44 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-11-27 17:18:44 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\components
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\SAM
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\SECURITY
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2012-11-27 17:18:50 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2012-11-27 17:50:38 Could not open D:\System Volume Information\{04b7be9a-3581-11e2-a4fc-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{04b7bea2-3581-11e2-a4fc-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{52e2b752-35ad-11e2-89f3-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{6db176d1-38a2-11e2-ac97-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{6db176d9-38a2-11e2-ac97-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9a4-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9ac-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9b4-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9bc-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9c4-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9cc-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{b74ad9d4-350b-11e2-b3c2-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{f710ddcb-363b-11e2-a725-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open D:\System Volume Information\{f710ddfc-363b-11e2-a725-001f167bac78}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-27 17:50:38 Could not open LOGICAL:0005:00000000
2012-11-27 17:50:39 Could not open F:\
2012-11-27 17:50:52 Could not open PHYSICAL:0082:0000:0000:0001

2012-11-27 18:52:50 Scan completed.
2012-11-27 18:52:50

------------------------------------------------------------
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to randalldb

Thanks for the Sophos log. Nothing there.

There is one item that needs to be removed. Use Add/Remove Programs (Program Features) to uninstall Upromise Turbo Saver. It's an adware threat and may impact performance.

Once removed, run OTL again and post the new log in this thread. Note there will not be a new Extras log.

Also advise if removing Upromise improved performance.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Randall

@cox.net

OTL logfile created on: 11/28/2012 5:32:03 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Randall Bailey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.23% Memory free
5.70 Gb Paging File | 4.49 Gb Available in Paging File | 78.76% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 52.51 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.21 Gb Free Space | 11.71% Space Free | Partition Type: NTFS
Drive G: | 93.16 Gb Total Space | 57.14 Gb Free Space | 61.34% Space Free | Partition Type: NTFS

Computer Name: BARDICK-PC | User Name: Randall Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/25 09:02:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randall Bailey\Downloads\OTL.exe
PRC - [2012/11/23 13:59:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2012/08/31 13:00:52 | 000,078,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Core\mchost.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/12/05 20:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/12/05 20:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/02/04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/16 09:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/16 09:31:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/16 09:26:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/16 09:25:33 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/16 09:23:21 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/16 09:20:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/02/04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
MOD - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/04 01:05:09 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/04 01:04:53 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/04 01:04:52 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/04 00:52:39 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2010/02/04 00:52:33 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2010/02/02 03:30:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.core.dll
MOD - [2010/02/02 03:30:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.monitor.common.dll
MOD - [2010/02/02 03:29:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/11/22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/10 17:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/17 15:05:48 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/07/17 15:03:46 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/05/15 03:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/05 20:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/17 15:12:34 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/07/17 15:09:42 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/07/17 15:08:10 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:05:58 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/07/17 15:05:38 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/07/17 15:05:18 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/04/18 10:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/03/12 18:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 19:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {36190541-0C04-4C0F-9F78-A70761A42B1B}
IE - HKLM\..\SearchScopes\{36190541-0C04-4C0F-9F78-A70761A42B1B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm300YYus&ptb=C7DD6F0D-AC6A-4647-BF4E-B5C2604CD684&ind=2011111311&ptnrS=RGxdm300YYus&si=&n=77df1f8f&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{F71A5F20-2EEC-41AE-BE76-5CABF69A135E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sparkpeople.com/myspark [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxphoenix.com/category/230135/news
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: {6B6B6A0D-5922-4B4F-89BE-39E9799AE387}:6.3
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Randall Bailey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Randall Bailey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Randall Bailey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/11/11 20:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/28 17:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/12 16:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/11 20:43:39 | 000,000,000 | ---D | M]

[2011/12/18 09:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Extensions
[2012/11/21 12:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions
[2012/11/12 16:09:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/11 03:49:11 | 000,000,000 | ---D | M] (UPnPDescriptionDocument Class extension for Firefox) -- C:\Users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\extensions\{6B6B6A0D-5922-4B4F-89BE-39E9799AE387}
[2012/11/12 16:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/26 22:41:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/28 17:27:13 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Randall Bailey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Randall Bailey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Randall Bailey\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Gmail = C:\Users\Randall Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120624200152.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Randall Bailey\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: directv.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fax.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: srpnet.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F10C57-CF82-47A4-A2B5-684C2EA32BCA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D892DBAB-43CA-4A32-AE2B-9845BE228544}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Randall Bailey\Pictures\Colorado\IMGA0390.JPG
O24 - Desktop BackupWallPaper: C:\Users\Randall Bailey\Pictures\Colorado\IMGA0390.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{86929e47-1754-11e1-89e4-001f167bac78}\Shell - "" = AutoRun
O33 - MountPoints2\{86929e47-1754-11e1-89e4-001f167bac78}\Shell\AutoRun\command - "" = G:\TAOPhotoTransfer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/28 17:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/27 15:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/11/27 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/11/27 14:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/11/25 18:31:14 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{E36CB37D-8AAB-497D-BEAC-73E747A5EAAD}
[2012/11/25 15:44:23 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\QuickPlay
[2012/11/25 13:41:30 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\QuickScan
[2012/11/25 09:40:24 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\Desktop\logs
[2012/11/25 03:21:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Randall Bailey\Desktop\TFC.exe
[2012/11/24 03:36:28 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{68CE577F-0842-4F83-97C1-89A87AAD2A34}
[2012/11/23 13:59:37 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/23 13:59:37 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/23 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Malwarebytes
[2012/11/23 09:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/23 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/23 09:35:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/23 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/23 09:12:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/11/22 20:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/11/22 20:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/11/22 19:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/22 09:08:16 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{40BF40AC-D74E-453D-A5CE-912615748D45}
[2012/11/21 18:22:41 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{84909EA9-C209-401D-9EA3-F32BB22FCF80}
[2012/11/20 05:16:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/19 19:02:52 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{0329BE1F-163A-4DDB-8687-9D6648F207D4}
[2012/11/18 18:25:56 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{D63123B9-44B0-4A43-A961-E36914AB257B}
[2012/11/18 06:25:29 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{F68B4FA1-2EB4-4AF6-94F6-1157480523E7}
[2012/11/17 13:09:48 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 13:09:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 13:09:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 13:09:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 13:09:18 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Seven Zip
[2012/11/17 06:52:01 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\McAfee
[2012/11/16 04:40:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/16 04:40:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/16 04:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/16 04:40:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/16 04:40:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/16 04:40:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/16 04:40:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/16 04:40:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/15 12:26:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 12:25:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/11 03:53:04 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Macromedia
[2012/11/11 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Mozilla Firefox
[2012/11/10 05:38:53 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{B0BDCDD7-8B27-4255-86F0-7BDD58CBBFA6}
[2012/11/09 03:28:54 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{AC5A06D3-004E-4C7A-983F-46E0CFDFA13A}
[2012/11/08 17:37:55 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\Spotify
[2012/11/08 17:36:46 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\Spotify
[2012/11/08 03:36:39 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Roaming\WildTangent
[2012/11/08 03:36:00 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\BVRP Software
[2012/11/05 19:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/05 19:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/05 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{47F513B7-0FAF-417B-A86F-BCAA38EB2494}
[2012/11/05 05:08:12 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{DDA3F7A5-6BB8-422A-B7DA-58BB3DF7B044}
[2012/11/04 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{38DD0FC4-EF83-4AED-B863-87F3EAED9F4A}
[2012/11/04 08:21:03 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\ABBYY
[2012/11/04 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2012/11/04 08:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2012/11/04 05:07:47 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{1C01B6E9-621B-4156-BFBD-686A3F2A956C}
[2012/11/03 17:07:34 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{CBB3D626-6D39-46BE-9BE3-9342CB4B3F0E}
[2012/11/03 05:07:22 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{3DCAB480-AAC2-4AC1-A888-C0135BD71E71}
[2012/11/02 17:06:54 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{DEA8A3F8-24AB-4D7C-BECB-8823708C7500}
[2012/11/02 03:57:20 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{F4AAC95F-73EA-4816-A459-AFC8F8F15604}
[2012/10/31 16:10:25 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{EBFDE835-0EB2-4846-B939-626293F5FD9B}
[2012/10/30 16:16:13 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{BA62C8EF-75A7-4BD0-AD5D-A5D2514BDF0D}
[2012/10/30 04:15:48 | 000,000,000 | ---D | C] -- C:\Users\Randall Bailey\AppData\Local\{75C69AB7-6C69-4859-AC13-623448543046}
[2011/11/16 07:58:28 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Randall Bailey\AppData\Local\log4cxx.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/28 17:32:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/28 17:30:06 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
[2012/11/28 17:23:24 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/11/28 17:22:32 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/28 17:22:22 | 000,000,576 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/11/28 17:21:59 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 17:21:59 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 17:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/28 08:49:02 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
[2012/11/27 16:30:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
[2012/11/27 15:05:41 | 000,002,655 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/27 14:49:01 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
[2012/11/27 13:36:44 | 000,001,955 | ---- | M] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/27 13:36:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/26 04:34:35 | 000,342,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/25 12:18:21 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/25 03:22:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Randall Bailey\Desktop\TFC.exe
[2012/11/25 03:12:04 | 000,000,567 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\MBRCheck - Shortcut.lnk
[2012/11/24 06:54:23 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 06:54:23 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 13:59:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/23 13:59:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/23 09:35:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 09:32:44 | 000,000,577 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\tdsskiller - Shortcut.lnk
[2012/11/22 15:25:52 | 289,624,380 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/20 19:42:01 | 001,697,444 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\megan wagy.pdf
[2012/11/18 09:19:21 | 000,001,028 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/17 13:08:18 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 13:08:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 13:08:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 13:08:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 13:08:10 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 13:08:09 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/17 07:46:23 | 000,011,968 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\MVTHealthCheck_Deviation.html
[2012/11/17 06:52:00 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/11/12 16:57:25 | 000,000,870 | ---- | M] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/12 16:57:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/12 16:39:44 | 000,013,824 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/10 17:04:27 | 000,000,680 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\d3d9caps.dat
[2012/11/09 04:06:28 | 000,083,986 | ---- | M] () -- C:\Users\Randall Bailey\AppData\Local\{33090943-95A0-CABB-A565-2F2049631B24}.dat
[2012/11/05 19:31:03 | 001,192,082 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;31;03 PM.PDF
[2012/11/05 19:26:44 | 001,147,321 | ---- | M] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;26;44 PM.PDF
[2012/11/04 08:19:32 | 000,075,233 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2012/11/03 07:52:37 | 000,009,905 | ---- | M] () -- C:\Users\Randall Bailey\Documents\YARDSALE2.odg
[2012/11/03 07:39:06 | 000,013,523 | ---- | M] () -- C:\Users\Randall Bailey\Documents\YARDSALE.odg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/27 15:00:17 | 000,002,655 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/25 15:43:17 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/11/25 12:18:21 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/25 03:12:04 | 000,000,567 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\MBRCheck - Shortcut.lnk
[2012/11/23 09:35:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 09:32:44 | 000,000,577 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\tdsskiller - Shortcut.lnk
[2012/11/22 19:47:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/22 19:47:27 | 000,001,955 | ---- | C] () -- C:\Users\Randall Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/22 15:25:52 | 289,624,380 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/20 19:41:59 | 001,697,444 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\megan wagy.pdf
[2012/11/18 09:19:21 | 000,001,028 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/17 07:46:23 | 000,011,968 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\MVTHealthCheck_Deviation.html
[2012/11/17 06:52:00 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/11/17 06:51:13 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/11/09 04:06:28 | 000,083,986 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\{33090943-95A0-CABB-A565-2F2049631B24}.dat
[2012/11/05 19:31:07 | 001,192,082 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;31;03 PM.PDF
[2012/11/05 19:27:08 | 001,147,321 | ---- | C] () -- C:\Users\Randall Bailey\Desktop\11-5-2012 7;26;44 PM.PDF
[2012/11/04 08:18:09 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2012/11/03 07:52:36 | 000,009,905 | ---- | C] () -- C:\Users\Randall Bailey\Documents\YARDSALE2.odg
[2012/11/03 07:22:48 | 000,013,523 | ---- | C] () -- C:\Users\Randall Bailey\Documents\YARDSALE.odg
[2012/03/31 09:30:38 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/03/31 09:30:38 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/03/31 09:29:07 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2012/03/31 09:29:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2012/03/31 09:29:03 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2012/03/31 09:29:03 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2012/03/31 09:29:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2012/03/17 07:19:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/03/17 07:19:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/08 04:17:01 | 000,052,167 | ---- | C] () -- C:\Users\Randall Bailey\Application for Copy of Birth Record.pdf
[2012/01/28 10:22:08 | 000,128,326 | ---- | C] () -- C:\Users\Randall Bailey\ACE - 2.pdf
[2012/01/01 07:14:56 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/12/29 12:11:03 | 000,000,944 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Roaming\wklnhst.dat
[2011/11/19 04:54:04 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/16 07:58:35 | 000,094,208 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\common_functions.dll
[2011/10/17 19:17:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/17 19:17:06 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/02 04:08:50 | 000,102,400 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\ie_runner_app.exe
[2011/08/22 06:24:38 | 000,000,680 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\d3d9caps.dat
[2011/07/18 01:40:10 | 000,030,547 | ---- | C] () -- C:\Users\Randall Bailey\UC232A_winxp.zip
[2011/07/17 07:27:39 | 000,013,824 | ---- | C] () -- C:\Users\Randall Bailey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 06:43:26 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2011/07/17 06:43:26 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2011/07/16 10:25:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2011/07/16 10:25:32 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2011/07/16 10:25:31 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2011/07/16 10:25:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2011/07/16 10:25:30 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2011/07/16 10:25:28 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2011/07/16 10:25:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2011/07/16 10:25:22 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2011/07/16 10:25:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2011/07/16 10:25:21 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2011/07/16 10:25:21 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2011/07/16 10:25:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2011/07/16 10:25:19 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[2011/07/16 10:25:19 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2011/07/16 10:25:19 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2011/07/15 17:45:03 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2011/07/15 17:45:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2011/07/15 17:45:03 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2011/05/08 06:50:47 | 000,050,493 | ---- | C] () -- C:\Users\Randall Bailey\Mother's Day card.jpg
[2011/05/01 16:00:35 | 005,454,111 | ---- | C] () -- C:\Users\Randall Bailey\owp04282011.mp3
[2011/03/06 07:38:55 | 000,559,824 | ---- | C] () -- C:\Users\Randall Bailey\Ford AX4S Transmission Problems.mht
[2010/08/28 15:02:57 | 000,669,199 | ---- | C] () -- C:\Users\Randall Bailey\fairfield.JPG
[2010/06/24 03:19:35 | 000,131,088 | ---- | C] () -- C:\Users\Randall Bailey\ttaxol2008.pdf
[2010/04/17 06:22:42 | 000,046,280 | ---- | C] () -- C:\Users\Randall Bailey\CHSdrama.jpg
[2010/04/11 09:19:20 | 000,156,812 | ---- | C] () -- C:\Users\Randall Bailey\AZgunlaw2009.pdf
[2010/04/03 07:16:57 | 000,331,340 | ---- | C] () -- C:\Users\Randall Bailey\ladmotie.jpg.jpg
[2010/02/22 14:54:35 | 000,307,535 | ---- | C] () -- C:\Users\Randall Bailey\goals and barriers.pdf
[2009/12/12 10:26:00 | 000,223,045 | ---- | C] () -- C:\Users\Randall Bailey\pi_abilify.pdf
[2009/11/01 13:26:08 | 001,360,858 | ---- | C] () -- C:\Users\Randall Bailey\Carbonite-3.230.zip
[2009/10/31 11:13:48 | 000,605,922 | ---- | C] () -- C:\Users\Randall Bailey\S9_UG.pdf
[2009/08/22 09:34:12 | 000,052,351 | ---- | C] () -- C:\Users\Randall Bailey\aerize.optimizer.manual.1.0.0.pdf
[2009/08/06 15:00:51 | 001,284,803 | ---- | C] () -- C:\Users\Randall Bailey\Car agreement.JPG
[2009/06/22 03:29:23 | 000,081,622 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/22 03:15:09 | 000,081,622 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/17 23:50:01 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/15 10:59:17 | 005,697,705 | ---- | C] () -- C:\Users\Randall Bailey\2009_relocation.pdf
[2009/04/13 17:14:32 | 000,131,012 | ---- | C] () -- C:\Users\Randall Bailey\2008tax.pdf
[2009/03/24 07:52:50 | 000,084,693 | ---- | C] () -- C:\Users\Randall Bailey\autoinsurance.pdf
[2009/03/10 04:21:33 | 000,180,224 | ---- | C] () -- C:\Users\Randall Bailey\2009-03-07_rev_1252_compiled.zip
[2009/03/04 12:24:17 | 000,000,650 | ---- | C] () -- C:\Users\Randall Bailey\SHARED LEADERSHIP MARCH 4TH.rtf
[2009/01/24 05:50:25 | 002,939,836 | ---- | C] () -- C:\Users\Randall Bailey\Driver_install_instructions_1.pdf
[2009/01/01 13:43:37 | 000,012,657 | ---- | C] () -- C:\Users\Randall Bailey\Windowscontacts.csv
[2009/01/01 12:41:53 | 000,016,351 | ---- | C] () -- C:\Users\Randall Bailey\WLContacts.csv
[2008/12/22 18:36:50 | 000,017,819 | ---- | C] () -- C:\Users\Randall Bailey\address.csv
[2008/12/22 16:07:27 | 000,007,283 | ---- | C] () -- C:\Users\Randall Bailey\Yahoo.csv
[2008/12/19 15:39:34 | 006,737,032 | ---- | C] () -- C:\Users\Randall Bailey\transcript 12-19-2008p2.pdf
[2008/12/19 15:37:41 | 006,737,032 | ---- | C] () -- C:\Users\Randall Bailey\transcript 12-19-2008.pdf
[2008/12/16 10:37:10 | 001,031,195 | ---- | C] () -- C:\Users\Randall Bailey\U. S. Senate Report.pdf
[2008/11/26 19:40:25 | 003,622,912 | ---- | C] () -- C:\Users\Randall Bailey\UNIQUE Fotos.pps
[2008/10/04 07:19:24 | 000,033,286 | ---- | C] () -- C:\Users\Randall Bailey\Emergency Economic Stabilization Act of 2008.pdf
[2008/09/25 17:29:24 | 000,019,651 | ---- | C] () -- C:\Users\Randall Bailey\phone.csv
[2008/09/21 16:28:53 | 000,080,021 | ---- | C] () -- C:\Users\Randall Bailey\psychrometric chart.gif
[2008/08/28 15:13:04 | 000,102,994 | ---- | C] () -- C:\Users\Randall Bailey\sleep_diary.pdf
[2008/08/24 19:42:08 | 001,354,194 | ---- | C] () -- C:\Users\Randall Bailey\myCIGNAGuide.pdf

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011/09/11 05:30:47 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Blackberry Desktop
[2012/10/14 07:30:31 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 06:22:19 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Funambol
[2011/07/22 03:47:41 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Lexmark Productivity Studio
[2011/08/04 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\OpenOffice.org
[2012/11/26 04:44:46 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\QuickScan
[2011/07/30 08:59:18 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Research In Motion
[2012/11/08 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Spotify
[2011/12/29 12:11:07 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Template
[2012/11/08 03:36:39 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\WildTangent
[2011/08/29 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\Randall Bailey\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\Z06197VS AZ.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\taylor.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\TaxReturn2008.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\RSI.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\NewTake1.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\InfoTool.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0311.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0310.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0309.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0308.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0307.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0306.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0305.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0304.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0303.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0302.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0301.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0300.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0299.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0298.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Randall Bailey\Documents\IMGA0297.JPG:Roxio EMC Stream
@Alternate Data Stream - 1045 bytes -> C:\Users\Randall Bailey\Documents\Walmart_com Product Care Plan Confirmation.eml:OECustomProperty

no difference yet but Ill restart and let you know


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to randalldb

Nothing in the last OTL log. No rootkits, no malware. Puzzling why the slowdown. Time for a deeper check.

Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


Randall

@cox.net

Well this all started with a HDD that is going bad I believed. Event Viewer suggested I had some bad sectors so I ran chkdsk and cleaned those up. then I wanted to make a disc image and replace the HDD. Ran McAfee and came up with 1 trojan....ran MRT and came up with another....oh and some system files were corrupted by virus or bad sectors... so I reinstalled those but system is still slow
Seems to be related to Flash player and shockwave flash player , graphics on IE Run slow.

sometimes the display loads top half then bottom half when starting up.

so Ill go ahead and run these new programs and post em

I had removed 5 versions of generic backdoor and zeroaccess before I came here.....let the pain stop LOL

thanks alot for your help



Randall

@cox.net
reply to LoPhatPhuud

ComboFix 12-11-30.02 - Randall Bailey 11/30/2012 17:47:18.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2814.1831 [GMT -7:00]
Running from: c:\users\Randall Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZTO1JLT\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Retrogamer_2zEI
c:\program files\Shop to Win
c:\program files\Shop to Win\Test.htm
c:\programdata\SPL36D4.tmp
c:\programdata\SPLCAD6.tmp
c:\programdata\SPLE739.tmp
c:\users\Randall Bailey\AppData\Local\common_functions.dll
c:\users\Randall Bailey\AppData\Local\ie_runner_app.exe
c:\users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Recent\CouponsDotCom.url
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 01:03 . 2012-12-01 01:03 -------- d-----w- c:\users\Randall Bailey\AppData\Local\temp
2012-12-01 01:03 . 2012-12-01 01:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-30 19:52 . 2012-11-30 19:52 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F34D4A6-9C32-417A-A166-D3F495DE4F2D}\offreg.dll
2012-11-30 11:38 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F34D4A6-9C32-417A-A166-D3F495DE4F2D}\mpengine.dll
2012-11-27 22:00 . 2012-11-27 22:00 -------- d-----w- c:\programdata\Sophos
2012-11-27 22:00 . 2012-11-27 22:00 73728 ----a-r- c:\users\Randall Bailey\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-27 22:00 . 2012-11-27 22:00 73728 ----a-r- c:\users\Randall Bailey\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-27 22:00 . 2012-11-27 22:00 73728 ----a-r- c:\users\Randall Bailey\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-11-27 21:59 . 2012-11-27 21:59 -------- d-----w- c:\program files\Sophos
2012-11-25 22:44 . 2012-11-25 22:56 -------- d-----w- c:\users\Randall Bailey\AppData\Local\QuickPlay
2012-11-25 20:41 . 2012-11-26 11:44 -------- d-----w- c:\users\Randall Bailey\AppData\Roaming\QuickScan
2012-11-23 20:59 . 2012-11-23 20:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-23 20:59 . 2012-11-23 20:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-23 16:35 . 2012-11-23 16:35 -------- d-----w- c:\users\Randall Bailey\AppData\Roaming\Malwarebytes
2012-11-23 16:35 . 2012-11-23 16:35 -------- d-----w- c:\programdata\Malwarebytes
2012-11-23 16:35 . 2012-11-23 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-23 16:35 . 2012-09-30 02:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-23 16:12 . 2012-11-23 16:19 -------- d-----w- c:\windows\system32\Adobe
2012-11-23 03:20 . 2012-11-23 03:20 -------- d-----w- c:\program files\SAMSUNG
2012-11-23 03:19 . 2012-11-23 03:19 -------- d-----w- c:\programdata\Samsung
2012-11-17 20:09 . 2012-11-17 20:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-17 20:09 . 2012-11-17 20:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-17 16:09 . 2012-11-17 16:09 -------- d-----w- c:\users\Randall Bailey\AppData\Local\Seven Zip
2012-11-17 13:52 . 2012-11-17 13:52 -------- d-----w- c:\users\Randall Bailey\AppData\Roaming\McAfee
2012-11-15 19:26 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 19:25 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 23:57 . 2012-10-24 17:50 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-12 23:57 . 2012-10-24 17:50 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-11-12 23:57 . 2012-10-24 17:50 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-11-11 10:53 . 2012-11-11 10:53 -------- d-----w- c:\users\Randall Bailey\AppData\Local\Macromedia
2012-11-11 10:50 . 2012-11-11 10:50 -------- d-----w- c:\users\Randall Bailey\AppData\Local\Mozilla Firefox
2012-11-09 00:37 . 2012-11-09 02:37 -------- d-----w- c:\users\Randall Bailey\AppData\Local\Spotify
2012-11-09 00:36 . 2012-11-09 02:57 -------- d-----w- c:\users\Randall Bailey\AppData\Roaming\Spotify
2012-11-08 10:36 . 2012-11-08 10:36 -------- d-----w- c:\users\Randall Bailey\AppData\Roaming\WildTangent
2012-11-08 10:36 . 2012-11-08 10:36 -------- d-----w- c:\users\Randall Bailey\AppData\Local\BVRP Software
2012-11-06 02:24 . 2012-11-13 00:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-06 02:24 . 2012-10-24 17:50 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-11-06 02:24 . 2012-10-24 17:50 261600 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-06 02:24 . 2012-10-24 17:50 116192 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-11-06 02:24 . 2012-10-24 17:50 192600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-11-06 02:24 . 2012-10-24 17:50 115168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-11-06 02:24 . 2012-10-24 17:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-11-06 02:24 . 2012-10-24 17:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-11-04 15:21 . 2012-11-04 15:21 -------- d-----w- c:\users\Randall Bailey\AppData\Local\ABBYY
2012-11-04 15:18 . 2012-11-12 03:42 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 20:08 . 2011-07-13 01:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 13:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 17:50 . 2012-11-06 02:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-12-19 17:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 03:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 03:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 03:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Randall Bailey\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-09-08 468264]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Randall Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-09-28 08:39 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-09-08 21:18 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
- c:\users\Randall Bailey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-25 21:40]
.
2012-12-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
- c:\users\Randall Bailey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-25 21:40]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 00:10]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002Core.job
- c:\users\Randall Bailey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-29 17:26]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2363605596-395245341-3206715689-1002UA.job
- c:\users\Randall Bailey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-29 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myfoxphoenix.com/category/230135/news
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: directv.com\www
Trusted Zone: fax.com\secure
Trusted Zone: intuit.com\ttlc
Trusted Zone: srpnet.com\myaccount
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Randall Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\ylg7woa7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-28 11:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-30 18:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-30 18:07:18
ComboFix-quarantined-files.txt 2012-12-01 01:07
.
Pre-Run: 57,007,214,592 bytes free
Post-Run: 57,126,793,216 bytes free
.
- - End Of File - - 417146054C484AE25E4D6D996E43466A


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to randalldb

Combofix removed a few items, but the log otherwise clean.

No sign of active malware, and nothing to indicate a slowdown.

Are you still have the same symptoms on your computer?
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum



Randall

@cox.net

Well start up was MUCH faster, but IE still very slow when mulitple flash ads are on a web page. at any rate im convinced its safe to do a disc Image and Ill not be transfering virus's with it.
thanks so much for your expert guidance and patience.

if theres anything I can do let me know



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to randalldb

Just need to cleanup...

Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum