Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

getting strange pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

getting strange pop-ups

Unread postby robo122 » July 10th, 2012, 11:08 pm

hi,

you have helped me in the past and i hope you can work your magic once more for me.

i noticed earlier today that i was getting strange pop-ups as i use IE9, i would then close the pop-up and then click the google link again and would get directed to the correct page.

i also noticed as i was writing an e-mail that it was not registering all of my keystrokes. i am not having this problem as i write this.

i then took a break from my computer for a few hours and i came back and as soon as i clicked on IE to open the program, i got a blue screen and the comp shut down.

i was not able to run the DDS scan, when i did it gave me all sorts of strange characters, so i have attached my OTL scan results as requested

OTL.txt

OTL logfile created on: 7/10/2012 10:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rob & Teresa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.19% Memory free
16.12 Gb Paging File | 13.35 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 419.88 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.99 Gb Free Space | 53.28% Space Free | Partition Type: NTFS

Computer Name: ROBTERESA-PC | User Name: Rob & Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 22:51:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
PRC - [2012/07/05 08:05:42 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/23 09:24:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/17 15:28:52 | 000,509,456 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarHelper.dll
MOD - [2011/02/17 15:28:52 | 000,029,200 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuSetting.dll
MOD - [2011/02/17 15:28:52 | 000,029,200 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\components\TBMenuHelp.dll
MOD - [2011/02/16 23:42:44 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/02/16 23:42:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2010/12/04 22:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 22:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/03/26 12:34:17 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/12/08 20:54:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/10/29 02:06:44 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 08:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/05 08:06:00 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 13:33:00 | 003,290,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 18:16:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/17 18:05:02 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:54:59 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/11/20 09:54:59 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/11/20 09:54:59 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/11/20 09:54:59 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/20 09:54:59 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/11/20 09:54:59 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/10/29 02:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/01 05:12:26 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 09:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/18 11:59:08 | 000,949,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WMP110.sys -- (WMP110)
DRV:64bit: - [2007/06/07 21:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/03/08 17:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2006/11/13 09:08:42 | 000,640,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}
IE:64bit: - HKLM\..\SearchScopes\{3ABC8FCE-33FD-4EDB-BCF8-792F7F9B27C1}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yankees.com/
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\..\SearchScopes,DefaultScope = {BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\..\SearchScopes\{BEBC6849-AB8F-4CB6-AAA5-8795AE9D299D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Rob & Teresa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/11/20 10:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/03/20 08:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 09:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Rob & Teresa\AppData\Roaming\Move Networks [2009/12/04 21:51:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1099155162-2330400522-297761176-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1099155162-2330400522-297761176-1000..\Run: [Mozilla] C:\Users\Rob & Teresa\AppData\Local\PMB Files\Mozilla\ewvjntv.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1099155162-2330400522-297761176-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1099155162-2330400522-297761176-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rob & Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resour ... cctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.optimusexperience.com/us/Plu ... taller.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69EA13B3-2070-4D4B-AA04-F8A371D644A2}: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFFF4C06-4B6D-452C-85D9-0203A6CAFCBC}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E476AE48-8195-44FF-9316-3154354A9472}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rob & Teresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/08 20:08:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 22:51:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/10 22:50:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob & Teresa\Desktop\dds.com
[2012/07/10 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C12633E9-AA8C-4C82-9B40-B5D634544006}
[2012/07/10 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A30DB61E-E62E-4920-857B-C9982B09A6A7}
[2012/07/10 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{8F982E91-D826-41D7-948C-35A89D39A775}
[2012/07/10 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{7D336145-B69B-46A8-8CFD-35321EFD2F50}
[2012/07/10 06:33:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\ManyCam
[2012/07/10 06:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012/07/10 06:33:12 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Roaming\ManyCam
[2012/07/10 06:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012/07/09 20:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{DA5EE426-732C-4546-994A-D12087897E7C}
[2012/07/09 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FD007480-B7BB-4695-93C4-0B3A2A2077E7}
[2012/07/09 08:08:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{550A4FB3-7FAD-400C-B9AD-01A5F7CD75A6}
[2012/07/09 08:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9D8096A7-2A8C-4EF1-A3CF-00C358921C1C}
[2012/07/08 06:23:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{79CDEB50-7CE4-40C1-B6C9-F1A9D4CE8335}
[2012/07/08 06:22:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9FD16888-F079-4EF5-B10D-0AA7D8CE18F5}
[2012/07/06 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{289B11B1-EA51-431D-8158-D9AA62CDAAD2}
[2012/07/06 21:13:51 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{86DE4BBE-B3EF-4D64-B757-63B42F88BEA0}
[2012/07/06 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CAF8E12F-F794-4F0C-B9AD-69B6DF35B5FB}
[2012/07/06 09:13:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{77EA964D-5871-4664-ACA9-ACBBFFD7EF23}
[2012/07/05 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CD00F6A4-1E10-43D0-BEDA-03E44600D058}
[2012/07/05 08:05:24 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D3504B8B-50A5-448F-A0CC-71222F5DC966}
[2012/06/30 07:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4D845BF2-EA71-4784-B635-44E92051A95B}
[2012/06/30 07:55:42 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{98D4652D-6BB5-43A3-B591-A39C0FBE9F59}
[2012/06/29 18:09:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{F7F9B670-8509-417E-B316-32A7EFC1E576}
[2012/06/29 18:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C34C3334-786A-4558-A420-AF50C0D1B7D8}
[2012/06/29 06:08:48 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{54259742-1270-4C5B-9537-89176225B913}
[2012/06/29 06:08:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{00A04CDC-E2F8-4E2C-AA93-CDCDBA9CE6EA}
[2012/06/28 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{CEC5D7B6-72EB-4858-B6A2-9B1288A6A39E}
[2012/06/28 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B08CFD0E-006B-42FD-B56C-3830E007D253}
[2012/06/28 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5706A129-18E8-45D9-9C0F-F66A2B153B66}
[2012/06/28 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2D5C4BFA-EE31-42F4-8A2D-0CF4B7ECDEDE}
[2012/06/27 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{43F3DE2F-CE00-42C1-9CC5-05C10CEFBB5A}
[2012/06/27 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A46DE864-0120-4857-9CFB-68D5DCF09312}
[2012/06/26 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9A728C05-D209-4340-B91F-1D1FF252F948}
[2012/06/26 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{5CC4C33F-4338-440D-ADBA-671FF05AD680}
[2012/06/26 09:06:18 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{60331546-AABD-4048-9945-03A86044CE9D}
[2012/06/26 09:06:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0583AA22-3C98-42B3-A336-3A569DE1CB84}
[2012/06/25 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{809FA752-DF44-4DDB-9E6C-CFC1C093CDF6}
[2012/06/25 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{BF8F5BBC-1D75-429E-8333-3033CB9DC955}
[2012/06/25 06:45:46 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{85314D85-5380-4362-9C54-6FCBD24C12F9}
[2012/06/25 06:45:32 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{6CDB4920-0E1F-4E09-9A6B-A24134EF2FE0}
[2012/06/24 08:58:31 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{24ABFCEB-4508-48A0-B51F-F6BE5A5C7110}
[2012/06/23 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{3F843821-19F2-4658-B932-5970A2444B1E}
[2012/06/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/23 09:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/23 08:57:41 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2FD27759-F5B3-40FD-9B82-F12919EBD074}
[2012/06/23 08:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EBFD6085-C12F-4F0F-A7A8-0A403CD5D011}
[2012/06/22 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D6EEA47E-801B-4807-A280-BA6D9CAAC174}
[2012/06/22 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{C7B1DA5A-5315-4679-AD48-5263BF9FFFFF}
[2012/06/22 08:56:40 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E81F0E6D-CA05-4EA2-AE27-A484DB62B2DD}
[2012/06/22 08:56:29 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B25428BD-B38A-4740-98A4-0842AE887EFA}
[2012/06/21 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A7ACDFE8-3D97-4823-A714-F1B62FBD7F8D}
[2012/06/21 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{828328B8-50D0-4838-B1A4-0DDCA7760A93}
[2012/06/21 12:10:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 12:10:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 12:10:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 12:09:58 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 12:09:58 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 12:09:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 12:09:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 12:09:58 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 12:09:57 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 12:09:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 12:09:49 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 12:09:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 12:09:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/21 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D4AE068F-FE6F-4501-BDD7-C9DB73B30D4E}
[2012/06/21 08:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{1D041A7A-FCAA-4F14-B603-25BC2FB989A4}
[2012/06/20 20:55:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{18B3933A-06AB-4804-BE65-94CAAB2183A7}
[2012/06/20 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{9AC4F500-DE64-4E34-B4DB-F9C45B941959}
[2012/06/20 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{FC9EFE00-D2CF-4266-BBEE-D0238BB60450}
[2012/06/20 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{01B0D79E-8F6E-44A1-A3B7-0507EE406A19}
[2012/06/19 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{EA38DE54-8F01-4263-9DE6-259A8D73BFB1}
[2012/06/19 20:53:58 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E7415C0D-6F28-4A20-A8AF-0F69F2A7BCC1}
[2012/06/19 08:53:38 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{E98A4983-D8FC-4E09-AF33-0D3FF3D1A5BD}
[2012/06/19 08:53:26 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0686A83D-3511-4F3E-A7CB-64D2DB53215B}
[2012/06/16 10:48:12 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0EAE815C-4919-4E89-97F1-A334D34850C4}
[2012/06/15 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{A3CC9BB9-0B9F-4215-A993-B34C8FCEBD17}
[2012/06/14 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{4EC75039-013F-4022-8192-5B045BC191A4}
[2012/06/14 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{D9090DE6-C176-43B8-84DA-8781E2D93389}
[2012/06/14 00:12:57 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{2583CA7C-6334-4D93-9957-6690CF4C14FF}
[2012/06/14 00:12:46 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{489644CD-D13B-4457-BF15-09FC217B9D18}
[2012/06/13 12:12:32 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{ADA441AC-2A60-42DA-9E8E-B485E3000FD6}
[2012/06/13 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{AA604B1C-8039-48C7-9B9A-78FC849B7696}
[2012/06/13 02:53:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 02:53:38 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/13 02:53:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 02:53:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 02:53:36 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 02:53:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 02:53:36 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/13 02:53:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/13 02:53:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/13 02:53:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/13 02:53:36 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 02:53:36 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 02:53:36 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 02:53:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/13 02:53:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/13 02:53:36 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/13 02:53:35 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/13 02:53:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/13 02:53:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/13 02:53:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 02:53:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 02:53:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/13 02:53:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/13 02:53:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/13 02:53:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/13 02:53:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/13 02:53:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/13 02:53:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/13 02:53:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/13 02:53:30 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 02:53:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 18:28:04 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{28E219EA-E07E-4DD9-B6AF-84FB63D87B56}
[2012/06/12 18:27:54 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{DBD7F540-3773-428E-AC82-273A9C0E3184}
[2012/06/12 06:27:16 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{0DB87A1C-5E68-4D27-84E2-C3F5328DB71D}
[2012/06/12 06:27:01 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{51C9283E-1A07-4064-A6BF-1819353E42D4}
[2012/06/11 10:25:30 | 000,000,000 | ---D | C] -- C:\Users\Rob & Teresa\AppData\Local\{B36DAD27-8786-4A04-BFFD-DE1FF2FEFD3A}
[2009/07/22 13:34:38 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Rob & Teresa\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/10 22:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 22:51:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rob & Teresa\Desktop\OTL.exe
[2012/07/10 22:50:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob & Teresa\Desktop\dds.com
[2012/07/10 22:27:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 22:27:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 22:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 20:27:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 20:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/10 20:27:14 | 851,756,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/10 13:35:46 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D1408BA-3CA6-493F-9D3B-1C7FBCF140A3}.job
[2012/07/10 10:38:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/10 06:39:50 | 000,002,609 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Excel.lnk
[2012/07/06 17:06:12 | 000,002,651 | ---- | M] () -- C:\Users\Rob & Teresa\Desktop\Word.lnk
[2012/07/05 08:05:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/05 08:05:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/23 09:26:15 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/23 09:25:11 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/23 09:24:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/23 09:24:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/23 09:24:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/21 20:37:41 | 000,777,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 20:37:41 | 000,655,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 20:37:41 | 000,124,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 03:38:12 | 000,456,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 20:31:24 | 000,038,466 | ---- | M] () -- C:\Users\Rob & Teresa\AppData\Roaming\Comma Separated Values (Windows).ADR

========== Files Created - No Company Name ==========

[2012/06/23 09:26:15 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/21 10:20:45 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/08 20:54:49 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/08 20:31:26 | 000,772,598 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 20:32:39 | 000,038,466 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/15 21:34:45 | 000,000,036 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\housecall.guid.cache
[2009/03/13 13:56:11 | 000,006,836 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\d3d9caps.dat
[2009/03/13 12:58:26 | 000,055,808 | ---- | C] () -- C:\Users\Rob & Teresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/09 23:47:40 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Amazon
[2011/12/08 20:51:21 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Autodesk
[2012/07/10 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Dropbox
[2010/02/09 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Facebook
[2011/06/23 21:58:59 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Flip Video
[2012/02/13 22:07:28 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\LaunchPad
[2010/12/07 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\Leadertech
[2012/07/10 06:36:14 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\ManyCam
[2011/07/16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Rob & Teresa\AppData\Roaming\REScheck
[2012/07/09 21:40:15 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/10 13:35:46 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0D1408BA-3CA6-493F-9D3B-1C7FBCF140A3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


---------------------------------------------------------------

Extras.txt

OTL Extras logfile created on: 7/10/2012 10:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rob & Teresa\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.19% Memory free
16.12 Gb Paging File | 13.35 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 419.88 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.99 Gb Free Space | 53.28% Space Free | Partition Type: NTFS

Computer Name: ROBTERESA-PC | User Name: Rob & Teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BB 8D 2D E9 CE 6A CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB06689-9BB6-43D0-AA74-6ED61FB36132}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0CECC573-F0E8-4B65-A451-D797A3AC93F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{122A8621-8067-41FD-8001-F05E25923C2C}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{18B07E40-4EDA-4464-9706-A10B229BC5F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36C8C9F1-1E2B-4987-B7CA-CB4AA1133763}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AAF78CB-E8FC-43DE-B0AA-A2CC51DA7D91}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D6DBF83-418C-4C35-9763-9CA5F23D4102}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AB8F8EE-1EAD-47BA-8AE5-4DB5E471CD5C}" = lport=138 | protocol=17 | dir=in | app=system |
"{5087F232-CB8F-4D29-9C75-7098039BFBD1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C16961A-F98E-4784-8CE1-9793FD03AFC4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6589238F-A794-475B-9C58-24BF64117D87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D33C0DB-F32B-4152-8F72-E30A86A01A89}" = lport=137 | protocol=17 | dir=in | app=system |
"{7ECF1A2F-7C88-45EA-B550-6E658BA547C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AEBB7E2-87ED-466B-A74A-5C8B5B35BBAE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{999C7E4B-5F01-4C88-9A97-6707C184E1F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1C8C77D-FF4E-4F2E-921E-AF4B200A76B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2228059-791A-449D-993B-8337E99A4B4C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A4013ABA-8A40-468A-928D-F434A4EC487C}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE54856D-835A-47AD-8735-D7ADE5C46FBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{B005830C-9087-482C-A738-9A4EA0C29F7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4BFB7A4-0A42-41CC-A0D6-231F83C117CE}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{D0DA0250-B699-4A52-8E40-E99513B478B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{E759BDCC-A376-43AC-9AD5-5E98733FFECA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA3AE81E-0058-4340-932B-F29F8E004769}" = rport=137 | protocol=17 | dir=out | app=system |
"{EAB1564A-A886-4D72-A713-A01EF8FED8FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDC5703E-EAF3-4CFC-8294-DBDC76F41083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0051B0D9-66FC-4341-8F8E-272DF9FB5364}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0C60F97E-26EF-42BB-9AD9-A4C628F92A33}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D85B2E4-0465-4EF8-AB2E-85361D9E61CA}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{14B80E30-4762-4631-B107-92994715279A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1DF33916-4B27-4222-89A3-527BB9822EF9}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{1FEEEA59-8905-4120-A5FB-D018DBADAE87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34E3AE6B-19D8-4014-A12E-EB744AAE51C7}" = protocol=17 | dir=in | app=c:\users\rob & teresa\appdata\roaming\dropbox\bin\dropbox.exe |
"{35C0DD31-174D-4507-B87E-6737C28AEABB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4758CACF-D548-4D3C-9409-99A736C83814}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A0B8C77-EBEA-4604-BB28-2B74AF8FA3C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{4BB0C37E-FD91-4AFB-A5E6-DE628D791B33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FBF57A8-0D1B-4348-948D-1DCDF417F173}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{532F71D1-5D38-4316-B8D5-6737DCCE6229}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{565D6F73-E026-4D80-86C5-F18D0F75DA00}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A390701-895F-4409-B8D9-84C9FC1CBFEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BE05E92-FEA2-487B-B72A-0D66993638E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E3F23A9-9B5E-406F-B716-733BCB36D0EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{627A20EE-083E-4A06-967F-0790854EABB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65423ABB-D5D1-4A97-AC48-0C75A4920C98}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{657C9607-3E8E-4DFA-8C4B-5DB4F7B3A852}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6B844746-78DD-42FE-8D59-3EB8619B5CB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E4D1BA9-A6C6-4D69-842F-B53BE6861928}" = protocol=6 | dir=out | app=system |
"{7480A7DF-D02E-4893-9720-DF821D849D3F}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{763B2463-4999-46D3-9B3F-98DDD2A1F85A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{786A5F93-494D-42F9-B44D-AFFC1B2FFD72}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7989FA6B-0119-469B-8F0C-832A692938A6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A2E7204-BE56-448A-ACAA-32FE4998106B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D40D12A-D721-45F3-BE17-51DFBB43D55D}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{80372099-2F17-466F-8C3C-428D03AD3C24}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B66ED77-0005-4AE3-8B37-B0D18F946F01}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{8D040DA8-C4AF-4D1E-A86C-F76AC063B496}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D5C8C52-1547-43B5-9FFF-9648DCABE858}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E339719-5394-4673-9372-DC762D3757FE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{954FF1C4-5827-4648-BEA8-F907E8FD0F8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9AD6F23E-434A-4163-B597-1BE576A3B5D1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{A123E37E-E3EB-4474-980F-45B12E0645C6}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A180267E-9A03-4F4E-A4EF-1754EE786442}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A79E0B2E-2161-4A1D-AC56-EF9CAD184968}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADFD1CB2-03EE-48F1-AE5F-227D6F7F9919}" = protocol=6 | dir=in | app=c:\users\rob & teresa\appdata\roaming\dropbox\bin\dropbox.exe |
"{B79EB4CB-51C6-4E30-B78E-D9443C911196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8173C0B-A6A2-43F2-96D7-02A152F0FEF2}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{C8C45737-00BE-4CF8-987E-7AE5A05FAD5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA044E63-E0E9-4BB7-A4C9-85728EF5772A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CE380DD7-737E-4435-8075-58D20F9391E9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{CEEA1947-7465-4E54-8048-D540A700405B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D227EE6F-DB94-4F2B-9329-498DCF410048}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DBCE2825-1C29-443B-B440-EA482A28182B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6FD1BF3-35EB-48E7-B512-EB0FF6E7A6B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE298F5F-D897-4CD0-97B1-279A4C012405}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F49BCEC6-176F-4888-9AA5-E98A6C620125}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{04DA9A0F-7845-4F6F-A35C-6D32F1DE09E2}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{0A2E9174-3E07-46D0-829C-9C0BE7BF41FB}C:\users\rob & teresa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob & teresa\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2F6F2D7E-8C3A-4A90-B295-CE0F8ECF80FD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{E453F636-8C3C-4A37-A4C8-897A89979D41}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ED19212F-96A1-4F7D-8AAE-7E27EDBFAC7E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{EF278BDB-B99B-4B2E-8C66-CB36D299D102}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0EA53D6B-0D1E-4023-A02E-6720B697E20C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{21E08A60-68B7-4EAE-BB2E-F635E5482EB6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2953DF51-1EDF-4E55-9C8B-22ED5D543144}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{74F05B9A-1D67-4F9D-B3DF-26A5872CC669}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{D276051A-232B-460C-A7F0-0678242B7158}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{EE60E3B8-6099-4E25-9FF2-E2CCB384423E}C:\users\rob & teresa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob & teresa\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-6001-0409-0102-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C9F6831-F6A8-4178-01AD-83EA6F5D07EB}" = IDrop
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"AutoCAD 2012 - English SP1" = AutoCAD 2012 - English SP1
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
"{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard
"{2FF34494-2AD7-4210-8DCA-1EB5D39EF736}" = Program
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish
"{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese
"{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French
"{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
"{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
"{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian
"{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian
"{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional
"{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CBDD204-BF4E-4284-B117-465A02883B81}" = Linksys WMP110 RangePlus Wireless PCI Adapter Driver - WMP110
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German
"{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat (remove only)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion Web Plugin
"Google Updater" = Google Updater
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"ManyCam" = ManyCam 3.0.80 (remove only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"REScheck 4.4.1" = REScheck 4.4.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1099155162-2330400522-297761176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2011 10:03:08 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2011 6:58:54 PM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2011 5:33:54 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/20/2011 8:25:39 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2011 9:21:26 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2011 3:38:07 PM | Computer Name = RobTeresa-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3,
exception code 0xc000000d, fault offset 0x00014ba1, process id 0x12e0, application
start time 0x01cc6029de308dff.

Error - 8/22/2011 9:31:38 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2011 9:20:18 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2011 9:59:33 PM | Computer Name = RobTeresa-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/24/2011 9:40:25 AM | Computer Name = RobTeresa-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 11/28/2010 10:53:14 AM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2011 8:36:33 PM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1557
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 5/5/2011 8:37:10 PM | Computer Name = RobTeresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/10/2012 8:25:57 PM | Computer Name = RobTeresa-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/10/2012 8:27:27 PM | Computer Name = RobTeresa-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:24:20 PM on 7/10/2012 was unexpected.

Error - 7/10/2012 8:29:15 PM | Computer Name = RobTeresa-PC | Source = DCOM | ID = 10005
Description =

Error - 7/10/2012 8:29:15 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/10/2012 8:29:15 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2012 8:30:22 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/10/2012 8:30:56 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/10/2012 8:30:56 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/10/2012 8:31:26 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/10/2012 8:31:26 PM | Computer Name = RobTeresa-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
robo122
Regular Member
 
Posts: 21
Joined: July 21st, 2009, 12:31 pm
Advertisement
Register to Remove

Re: getting strange pop-ups

Unread postby deltalima » July 14th, 2012, 3:41 pm

Checking your post - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: getting strange pop-ups

Unread postby deltalima » July 14th, 2012, 3:47 pm

Hi robo122,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: getting strange pop-ups

Unread postby robo122 » July 14th, 2012, 8:19 pm

this computer is home use only

i was not able to run the CK scanner, when i clcked on the link, it popped up that "Internet Explorer cannot display the webpage"

i ran the microsoft diagnostic tool, results are below


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89583-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {28BF738B-DFC8-41F0-B74D-2B276D00A465}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6002.vistasp2_gdr.120402-0336
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{28BF738B-DFC8-41F0-B74D-2B276D00A465}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89583-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1099155162-2330400522-297761176</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 518</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.5</Version><SMBIOSVersion major="2" minor="5"/><Date>20081212000000.000000+000</Date></BIOS><HWID>D6313507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>C0A25836FDBE5AC</Val><Hash>FmDbcrRY1pTOcrz4ZUZRHhpUuc0=</Hash><Pid>89409-726-2958074-65357</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89583-00146-321-500204-02-1033-6001.0000-0722009
Installation ID: 002830125496770551273053435541787232888555340052921230
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABAABAAEAAQAEAAAAAwABAAEAln0GxqQFOnuC6Ij9ZP5Od9aW8vQa7LA77BYVBchmpv2sVkxY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SLIC DELL FX09
DMY2 DELL FX09
SSDT PmRef CpuPm
robo122
Regular Member
 
Posts: 21
Joined: July 21st, 2009, 12:31 pm

Re: getting strange pop-ups

Unread postby deltalima » July 15th, 2012, 6:20 am

Hi robo122,

i was not able to run the CK scanner


Please try again and post the log, the link is working for me.

Please also let me know how you obtained the licenses for the following software.

AutoCAD 2012 - English
Microsoft Office Professional Plus 2007
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: getting strange pop-ups

Unread postby robo122 » July 15th, 2012, 9:57 am

the link still does not work for me for the CK scanner

i have installed autocad 2012, because i sometimes bring work home over the weekends to put in extra hours, and it is a 100% legal license for the program, one license is allowed to be installed on 2 seperate computers, as long as they are not runnig at the same time.

office profession plus 2007, i purchased the program

if you are doubting that this is a home use computer, i assure 100% that it is, and only connected to my home network
robo122
Regular Member
 
Posts: 21
Joined: July 21st, 2009, 12:31 pm

Re: getting strange pop-ups

Unread postby deltalima » July 15th, 2012, 10:08 am

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware