Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: log in user

  1. #1
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default log in user

    Hello
    I'm logging in to my computer as the admin and I tried to download stamps.com and i got and error that installation incomplete or corrupted I called stamps.com and after we were able to install it with another user log in they said that my log in user is corrupted or has a virus etc.

    thanks

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi ct8559,

    Couple of questions, if I may.

    Were you experiencing any other issue with the previous user acct.?

    You didn't happen to delete the previous acct. did you?

    Let's have a look and see what might be found, if anything. Please do the following:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post:


  4. #3
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    I did not delete the user and i did have some issues like it was closing had to restart if i didnt use for a while


    Please see reports below


    OTL logfile created on: 5/7/2014 6:36:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Corona\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.97 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 22.94% Memory free
    4.17 Gb Paging File | 0.83 Gb Available in Paging File | 19.86% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.97 Gb Total Space | 22.41 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
    Drive Z: | 148.97 Gb Total Space | 22.41 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

    Computer Name: MINDY | User Name: Corona | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/05/07 18:13:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corona\My Documents\Downloads\OTL.exe
    PRC - [2014/04/30 11:03:18 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    PRC - [2014/04/23 09:44:06 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2014/04/23 09:43:05 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2014/04/01 09:36:04 | 000,431,960 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2014/03/31 11:53:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2014/03/26 15:10:11 | 000,480,256 | ---- | M] (Sage Payment Solutions) -- C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\SageExchange.exe
    PRC - [2014/03/13 10:39:54 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2014/03/13 10:39:42 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2014/03/13 10:39:42 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2014/02/28 14:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2014/02/28 14:38:22 | 005,545,328 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2014/02/28 14:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2013/12/17 09:49:08 | 003,048,480 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    PRC - [2013/12/17 09:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    PRC - [2013/12/17 09:40:07 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    PRC - [2013/09/24 16:02:59 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013/09/10 14:54:47 | 000,373,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\917\g2aprocessfactory.exe
    PRC - [2013/07/10 14:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/03/01 07:06:42 | 001,717,488 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () -- C:\Program Files\IDriveWindows\idwservice_501.exe
    PRC - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe
    PRC - [2009/08/13 05:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    PRC - [2008/10/24 17:13:06 | 000,520,192 | ---- | M] (Brother Industries Ltd.) -- C:\Program Files\Brother\Brmfl08i\FAXRX.exe
    PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/04/30 11:03:19 | 003,019,888 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
    MOD - [2014/04/30 11:03:19 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
    MOD - [2014/04/30 11:03:19 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
    MOD - [2014/04/29 12:41:17 | 016,351,920 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
    MOD - [2014/03/31 11:53:03 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/03/26 15:10:06 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\CommonCL.XmlSerializers.dll
    MOD - [2014/03/26 15:10:02 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\PublisherCL.dll
    MOD - [2014/03/26 15:09:53 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\SpsXmlCL.dll
    MOD - [2014/03/09 11:48:52 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\bb5a0e6808cafd5f642174ff0ece0d41\System.WorkflowServices.ni.dll
    MOD - [2014/03/09 11:47:20 | 001,077,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3c2035880250d6d46413f1981d316ea0\System.ServiceModel.Web.ni.dll
    MOD - [2014/02/13 17:11:46 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 17:11:45 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f6bb2f27e73e55ccd0159c0fc5f08c4\System.ServiceModel.Routing.ni.dll
    MOD - [2014/02/13 17:11:42 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\09987e88bfe8b9e1fd338c9cbd743675\System.ServiceModel.Discovery.ni.dll
    MOD - [2014/02/13 17:11:39 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7c827a34a2a8958bf2e185dcb9ae52e4\System.ServiceModel.Channels.ni.dll
    MOD - [2014/02/13 17:11:37 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cb2d43fc6263770ad977f001a6b69726\System.ServiceModel.Activities.ni.dll
    MOD - [2014/02/13 17:11:25 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1f236d1b65b6f9d77c3d2c63bb347130\System.ServiceModel.ni.dll
    MOD - [2014/02/13 17:10:38 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
    MOD - [2014/02/13 17:10:28 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1ea05c6575298512abd69038ad724ad1\System.IdentityModel.ni.dll
    MOD - [2014/02/13 17:07:51 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
    MOD - [2014/02/13 17:07:50 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
    MOD - [2014/02/13 17:07:49 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
    MOD - [2014/02/13 17:07:47 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\4db577ac7d6b041ca538dda903bc9c7f\System.Runtime.DurableInstancing.ni.dll
    MOD - [2014/02/13 17:07:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e4448b85161eee80928b795515738388\SMDiagnostics.ni.dll
    MOD - [2014/02/13 17:07:42 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0e06620ca298f1287cc5698d1a019296\System.Runtime.Serialization.ni.dll
    MOD - [2014/02/13 17:07:38 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll
    MOD - [2014/02/13 17:07:36 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
    MOD - [2014/02/13 17:07:00 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\211925af2639b2445fda3b8c040e5a8a\Microsoft.VisualC.ni.dll
    MOD - [2014/02/13 17:06:04 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d7785512895a0427dad1bef2155b7ffc\CustomMarshalers.ni.dll
    MOD - [2014/02/13 17:05:07 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/13 17:03:56 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b024176646a5e1a87a2fe51c20aa071\System.Web.Services.ni.dll
    MOD - [2014/02/13 17:01:59 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
    MOD - [2014/02/13 16:52:18 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
    MOD - [2014/02/13 16:51:50 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\276e1fc8b4f195925982f516b26defcd\System.Security.ni.dll
    MOD - [2014/02/13 16:51:26 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 16:51:21 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 12:55:33 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1ab71206b530480fee0800c9fa3976cd\PresentationFramework.ni.dll
    MOD - [2014/02/13 12:55:24 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9de255a0aa42b52f01848ced6d315972\System.Windows.Forms.ni.dll
    MOD - [2014/02/13 12:55:06 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
    MOD - [2014/02/13 12:54:40 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b103aec14e7cfb4b6eab9579a95bf1c\PresentationCore.ni.dll
    MOD - [2014/02/13 12:54:39 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\acfa2ad70ad0f2908e02e858c846ac08\System.Data.ni.dll
    MOD - [2014/02/13 12:54:17 | 000,690,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\5e3ae38fa95746e42867479658c0a791\System.ComponentModel.Composition.ni.dll
    MOD - [2014/02/13 12:53:39 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
    MOD - [2014/02/13 12:53:35 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\e0579383d49e212d5bf5a87c3dad50e7\System.Security.ni.dll
    MOD - [2014/02/13 12:53:20 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
    MOD - [2014/02/13 12:53:18 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
    MOD - [2014/02/13 12:53:13 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\9bf311f8fa0c15e25b3ffb86007663fe\WindowsBase.ni.dll
    MOD - [2014/02/13 12:52:53 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
    MOD - [2014/02/13 12:52:39 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8fa7f2d6cc4122c7102a02586074a183\System.Numerics.ni.dll
    MOD - [2014/02/13 12:52:36 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
    MOD - [2014/02/13 12:48:31 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 12:48:16 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
    MOD - [2014/02/13 12:47:49 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
    MOD - [2014/02/13 12:46:55 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 12:46:44 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
    MOD - [2014/02/13 12:44:08 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2014/02/13 12:39:28 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 12:39:00 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () -- C:\Program Files\IDriveWindows\idwservice_501.exe
    MOD - [2012/03/01 20:06:44 | 000,477,184 | ---- | M] () -- C:\Program Files\IDriveWindows\idcontext.dll
    MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2009/07/30 21:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2008/12/25 13:36:32 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2007/07/23 17:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
    MOD - [2005/02/02 14:38:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Brother\Brmfl08i\brrunpp.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2014/04/29 12:41:22 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/23 09:44:06 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2014/04/23 09:43:05 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/04/01 09:36:04 | 000,431,960 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2014/03/31 11:53:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/13 10:39:54 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2014/03/13 10:39:42 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2014/02/28 14:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2014/02/28 14:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2013/12/17 09:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
    SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/16 18:13:19 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/09/10 14:54:47 | 000,308,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe -- (GoToAssist)
    SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/03/01 07:06:42 | 001,717,488 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
    SRV - [2012/11/06 14:28:34 | 000,334,704 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2013.exe -- (Sage 50 SmartPosting 2013)
    SRV - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () [Auto | Running] -- C:\Program Files\IDriveWindows\idwservice_501.exe -- (IDriveService)
    SRV - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe -- (QuickBooksDB19)
    SRV - [2009/09/25 09:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2009/08/13 05:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
    SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/05/07 17:49:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - [2014/04/10 13:07:31 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/12/17 09:40:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/12/17 09:40:26 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2013/10/07 09:54:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/05/25 11:16:43 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2013/03/01 07:06:06 | 000,091,248 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
    DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2012/05/25 19:34:42 | 000,135,272 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
    DRV - [2011/09/16 16:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2009/09/25 09:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2009/09/25 09:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2009/09/25 09:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2009/09/25 09:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/09/25 09:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/08/18 19:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/08/18 18:21:20 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/08/18 18:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2007/12/03 13:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
    DRV - [2007/11/20 03:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
    DRV - [2007/11/20 03:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
    DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
    DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {89D9EB5F-F11F-4CA8-9E87-4F837CCA43AC}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=DVYNXJKvyL_iqBNC7kQvwMmB4k4?q={searchTerms}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{89D9EB5F-F11F-4CA8-9E87-4F837CCA43AC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope = {89D9EB5F-F11F-4CA8-9E87-4F837CCA43AC}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=DVYNXJKvyL_iqBNC7kQvwMmB4k4?q={searchTerms}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{89D9EB5F-F11F-4CA8-9E87-4F837CCA43AC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\SearchScopes,DefaultScope = {E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=EKXfU9bT3eSaRmdYv2yOkqsZ0T8?q={searchTerms}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\SearchScopes\{E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_enUS313
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=EKXfU9bT3eSaRmdYv2yOkqsZ0T8?q={searchTerms}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_enUS313
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope = {E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=EKXfU9bT3eSaRmdYv2yOkqsZ0T8?q={searchTerms}
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{E0A023F2-C5BA-4CC5-B0AA-6A8646660B5E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_enUS313
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\..\SearchScopes\{4765847A-5FBB-4CCE-BD84-921D720806C1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{4765847A-5FBB-4CCE-BD84-921D720806C1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{4765847A-5FBB-4CCE-BD84-921D720806C1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/14 13:58:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/14 13:58:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/04/30 11:03:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010/09/13 10:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Extensions
    [2010/09/13 10:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2014/03/21 13:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Firefox\Profiles\fi9epx8n.default-1392820249953\extensions
    [2014/03/31 11:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/03/31 11:51:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/31 11:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/03/31 11:51:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/31 11:53:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.132.1_0\McChPlg.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: RealDownloader = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    Hosts file not found
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
    O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
    O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB7C32D-A677-4B8E-A6C6-A2CD18271651}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\917\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Corona/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\phone\command - "" = E:\autorun.exe
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell\AutoRun\command - "" = "G:\WD Drive Unlock.exe" autoplay=true
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{f75e5ac2-e348-11de-9d7b-00219b21ded7}\Shell\AutoRun\command - "" = E:\HebrewBooks.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/05 14:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B26C223F-75F7-4201-923E-111C38B71D5C}
    [2014/05/05 14:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stamps.com
    [2014/05/05 14:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Local Settings\Application Data\~1
    [2014/05/05 12:44:31 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/05/05 12:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/05 12:42:58 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/05/05 12:42:58 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/05/05 12:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/05/05 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Application Data\Stamps.com Internet Postage
    [2014/05/05 11:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Local Settings\Application Data\~0
    [2014/05/05 11:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
    [2014/05/05 11:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Local Settings\Application Data\Seven Zip
    [2014/04/30 11:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
    [2014/04/08 14:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\My Documents\JOE
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\Corona\Desktop\*.tmp files -> C:\Documents and Settings\Corona\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/05/07 18:54:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F89F1B5-D8FE-4C00-AAC2-DAA15220805E}.job
    [2014/05/07 18:50:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/07 18:43:23 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007UA.job
    [2014/05/07 18:42:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
    [2014/05/07 18:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/05/07 18:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Peachtree Backup 1.job
    [2014/05/07 17:49:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/05/07 17:33:00 | 000,000,628 | ---- | M] () -- C:\WINDOWS\tasks\Sage 50 Backup 1.job
    [2014/05/07 16:24:35 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
    [2014/05/07 16:19:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B865D90F-A6AE-4EA0-B61A-D53A83683F2D}.job
    [2014/05/07 15:45:07 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
    [2014/05/07 14:56:46 | 000,000,174 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
    [2014/05/07 14:42:10 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007Core.job
    [2014/05/07 13:42:06 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
    [2014/05/07 10:50:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/05 15:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    [2014/05/05 14:32:40 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    [2014/05/05 13:27:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\WDPABKP.dat
    [2014/05/05 13:25:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/05/05 13:25:11 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/05/05 13:25:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    [2014/05/05 13:24:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/05/05 13:24:47 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/05 12:43:04 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/05 12:37:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2014/05/02 09:23:13 | 000,000,522 | ---- | M] () -- C:\WINDOWS\tasks\Peachtree Backup 2.job
    [2014/05/01 10:34:23 | 000,001,027 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
    [2014/04/30 04:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2014/04/29 16:34:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat
    [2014/04/29 12:41:19 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/04/29 12:41:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/04/28 19:53:59 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/04/25 10:05:04 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    [2014/04/23 11:07:50 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2014/04/23 09:49:29 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2014/04/10 13:07:31 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2014/04/10 13:07:31 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2014/04/10 13:07:31 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2014/04/09 10:34:41 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2014/04/08 15:00:06 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/04/08 14:57:03 | 000,755,068 | ---- | M] () -- C:\Documents and Settings\Corona\My Documents\low resolution brochure.pdf
    [2014/04/08 14:56:26 | 001,922,063 | ---- | M] () -- C:\Documents and Settings\Corona\My Documents\web resolution brochure.pdf
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\Corona\Desktop\*.tmp files -> C:\Documents and Settings\Corona\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/05/05 14:32:40 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    [2014/05/05 12:43:04 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/05 11:09:02 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2014/04/25 10:05:04 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    [2014/04/10 13:08:24 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    [2014/04/08 14:57:03 | 000,755,068 | ---- | C] () -- C:\Documents and Settings\Corona\My Documents\low resolution brochure.pdf
    [2014/04/08 14:56:24 | 001,922,063 | ---- | C] () -- C:\Documents and Settings\Corona\My Documents\web resolution brochure.pdf
    [2014/04/01 12:31:49 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
    [2014/02/05 12:51:03 | 000,001,027 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2014/02/05 12:51:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd8480dn.dat
    [2014/02/05 12:49:07 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2014/02/05 12:49:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2014/02/05 12:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/18 13:42:00 | 000,499,667 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3961636931-249890527-487916745-1008-0.dat
    [2013/10/18 13:41:36 | 000,131,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/10/11 11:49:10 | 003,631,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3961636931-249890527-487916745-1007-0.dat
    [2013/10/11 11:49:09 | 000,216,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/08/15 12:10:56 | 000,809,153 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\census.cache
    [2013/08/15 12:10:03 | 000,223,466 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\ars.cache
    [2012/07/30 19:39:40 | 000,000,110 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2012/05/14 11:41:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/12/12 14:59:09 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/05 13:37:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\housecall.guid.cache
    [2011/04/27 14:08:10 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Corona\g2mdlhlpx.exe
    [2010/10/06 16:53:55 | 000,104,280 | ---- | C] () -- C:\Documents and Settings\Corona\GoToAssistDownloadHelper.exe
    [2010/01/18 17:04:00 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Corona\pool.bin
    [2009/06/24 18:51:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >


    OTL Extras logfile created on: 5/7/2014 6:36:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Corona\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.97 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 22.94% Memory free
    4.17 Gb Paging File | 0.83 Gb Available in Paging File | 19.86% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.97 Gb Total Space | 22.41 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
    Drive Z: | 148.97 Gb Total Space | 22.41 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

    Computer Name: MINDY | User Name: Corona | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
    "3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine
    "5900:TCP" = 5900:TCP:*:Enabled:vnc5900
    "5800:TCP" = 5800:TCP:*:Enabled:vnc5800
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
    "80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "135:TCP" = 135:TCP:*:EnabledCOM(135)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe" = C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com -- ()
    "C:\Program Files\Sage Software\Peachtree\peachw.exe" = C:\Program Files\Sage Software\Peachtree\peachw.exe:LocalSubNet:Enabled:Peachtree Premium Accounting for Distribution 2007 -- (Sage Software, Inc.)
    "C:\pvsw\bin\w3dbsmgr.exe" = C:\pvsw\bin\w3dbsmgr.exe:LocalSubNet:Enabled:w3dbsmgr
    "C:\pvsw\bin\w3lgo103.exe" = C:\pvsw\bin\w3lgo103.exe:*:Enabled:w3lgo103
    "C:\pvswarch\v9\C\PVSW\BIN\w3dbsmgr.exe" = C:\pvswarch\v9\C\PVSW\BIN\w3dbsmgr.exe:*:Enabled:w3dbsmgr
    "C:\pvswarch\v9\C\PVSW\BIN\w3lgo103.exe" = C:\pvswarch\v9\C\PVSW\BIN\w3lgo103.exe:*:Enabled:w3lgo103
    "C:\Program Files\Sage Software\Integration Services\bin\AIS2.Server.Console.exe" = C:\Program Files\Sage Software\Integration Services\bin\AIS2.Server.Console.exe:*:Enabled:AIS2.Server.Console -- (Sage Technology Ltd.)
    "C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabledatabase Service Manager -- (Pervasive Software Inc.)
    "E:\hbapp\Cassini32\UltiDevCassinWebServer2.exe" = E:\hbapp\Cassini32\UltiDevCassinWebServer2.exe:*:Enabled:UltiDev Cassini Web Server Launcher
    "E:\hbapp\Cassini64\UltiDevCassinWebServer2.exe" = E:\hbapp\Cassini64\UltiDevCassinWebServer2.exe:*:Enabled:UltiDev Cassini Web Server Launcher
    "C:\Documents and Settings\Corona\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Corona\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Corona\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Corona\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player
    "C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\IDriveWindows\idwutil_501.exe" = C:\Program Files\IDriveWindows\idwutil_501.exe:*:Enabled:idwutil_501 -- ()
    "C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe:*:Enabled:QuickBooks Database Manager -- (Intuit, Inc.)
    "C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBW32.EXE" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBW32.EXE:*:Enabled:QuickBooks Application -- (Intuit Inc.)
    "C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\DBManagerExe.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\DBManagerExe.exe:*:Enabled:Quickbooks DB Manager Exe -- (Intuit Inc.)
    "C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\FileManagement.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\FileManagement.exe:*:Enabled:Quickbooks File Management -- ()
    "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe:*:Enabled:QuickBooks File Monitor Service -- (Intuit)
    "C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe:*:Enabled:Quickbooks Launcher -- (Intuit Inc.)
    "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Documents and Settings\Corona\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Corona\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite
    "{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008 SP1
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{106FB85A-9567-42FC-85CC-E4DA450F4C7B}" = Sprint SmartView
    "{1158C2AA-9D04-45C7-9494-CC920260A700}" = Elevated Installer
    "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
    "{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
    "{144A1586-E16C-448D-910D-E12ACD65DD98}" = Keyboard Lock Status
    "{1768BEA4-3469-45FB-8EFB-6742E1C0E86F}" = Sage 50 Accounting 2013
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1ec9e03a-452b-48fb-8e1b-27ee0477985f}" = WD SmartWare Installer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24118646-1F78-427B-AE73-B89363F83831}" = ANT Drivers Installer x86
    "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2B58AB2C-D980-47FD-8633-E360314BA662}" = WD Security
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
    "{50b02c70-f203-47ba-a926-5e4d816688db}" = Garmin Express
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5CEEAFB5-509A-482C-98AE-D6CDF149528E}" = Garmin Express
    "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63911503-7EA4-4685-B2FD-D391EF622FB9}" = WD Quick View
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}" = WD SmartWare
    "{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
    "{8E0E6383-9754-4471-939E-E4ABE02E3440}" = InstallIQ Updater
    "{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{8FC44A80-059E-4358-BBB4-50FAEBED7627}" = QuickBooks Connection Diagnostic Tool
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A1785DC-3A39-479D-BD63-8DC9F5F60DCE}" = QuickBooks Enterprise Solutions: Mfg and Whsle Edition 9.0
    "{9A1785DC-3A89-479D-BD63-8DC9F5F60DCE}" = QuickBooks
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD2436E-FA3D-4451-AD1E-1E816657E61D}" = Coby Media Manager
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
    "{A71CE50A-6122-469A-BE77-1B7905287B4D}" = STOIK Smart Resizer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{B3DED121-395C-4338-A455-A2CFF8BDE071}" = Kaspersky Security Scan
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}" = Peachtree Signature Ready Forms
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C454EB7D-3EFD-44F6-8E1E-5984CC9ABED9}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
    "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
    "{C87218DF-512A-4208-A131-0F626F49E055}" = Vonage Click-2-Call
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
    "{D7898B61-3DFF-11D8-9A54-000244173F83}" = Presentation
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
    "{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}" = Privatefirewall 7.0
    "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
    "{EF9FD035-AF23-4FC0-B47E-876E5B5599B8}" = Garmin Express Tray
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
    "7-Zip" = 7-Zip 4.57
    "98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    "9968-4488-2169-7623" = thinkorswim
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
    "F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
    "Google Chrome" = Google Chrome
    "Google Chrome Frame" = Google Chrome Frame
    "GoToAssist" = GoToAssist Corporate
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "IDrive for Windows_is1" = IDrive for Windows Version - 5.0
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallShield_{1768BEA4-3469-45FB-8EFB-6742E1C0E86F}" = Sage 50 Accounting 2013
    "Integration Services" = Sage Software Integration Services
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PC-Doctor for Windows" = My Dell
    "Peachtree Premium Accounting for Distribution" = Peachtree Premium Accounting for Distribution 2010
    "Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
    "Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
    "Picasa 3" = Picasa 3
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "RealPlayer 16.0" = RealPlayer
    "SearchAssist" = SearchAssist
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "Stamps.com" = Stamps.com
    "TeamViewer 7" = TeamViewer 7
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WhoCrashed_is1" = WhoCrashed 4.02
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "f269fca5d8764803" = Sage Exchange
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "JoinMe" = join.me
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "f269fca5d8764803" = Sage Exchange
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "JoinMe" = join.me
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "f269fca5d8764803" = Sage Exchange
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "JoinMe" = join.me
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/6/2014 10:45:41 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = WIA BrtWIA: [2014/05/06 10:45:41.218]: [00002196]: wiasGetChangedValueLong(
    WIA_IPS_XRES ) faild. hrExtent=80070057

    Error - 5/6/2014 10:45:41 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:41.218]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:41 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:41 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:42 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:42 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:42 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/06 10:45:42.578]: [00002196]: CBrUsbSti: GetDevCapa
    Failed.

    Error - 5/6/2014 10:45:56 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = WIA BrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ED Error[-4]


    Error - 5/6/2014 10:45:56 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = WIA BrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ES Error[-4]


    Error - 5/7/2014 10:32:21 AM | Computer Name = MINDY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2014/05/07 10:32:21.265]: [00002196]: CUsbScnDev: DeviceIoControl()
    failed. ErrorCode = 5

    [ System Events ]
    Error - 5/7/2014 2:50:13 AM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 10:43:04 AM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 11:42:22 AM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 12:42:07 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 1:42:17 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 2:43:00 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 3:20:56 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 5/7/2014 3:42:49 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 5/7/2014 3:49:01 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 5/7/2014 3:49:05 PM | Computer Name = MINDY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdatem with
    arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}


    < End of report >

  5. The Following User Says Thank You to ct8559 For This Useful Post:


  6. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi ct8559,

    Please do the following:

    • Download the 32-bit version of Farbar Recovery Scan Tool from >>here<< to your Desktop. <-Important
    • When completed, launch the downloaded file.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce 2 logs (FRST.txt and Addition.txt) on the Desktop. Please copy and paste both logs in your next reply.


    Next:

    TDSSkiller

    Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista - W7 users: Right-click and select "Run As Administrator".
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
    • Click the Start Scan button. Do not use the computer during the scan!
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C.
    • Copy and paste the contents of that file in a separate reply.


    Thank you,

    Donna
    Last edited by DonnaB; 05-08-2014 at 07:59 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. The Following User Says Thank You to DonnaB For This Useful Post:


  8. #5
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2014 01
    Ran by Corona (administrator) on MINDY on 09-05-2014 10:31:02
    Running from C:\Documents and Settings\Corona\My Documents\Downloads
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    () C:\Program Files\IDriveWindows\idwservice_501.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    (Sage Payment Solutions) C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\SageExchange.exe
    (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~2.0\QBDBMgrN.exe
    (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist\917\g2aprocessfactory.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    (Brother Industries Ltd.) C:\Program Files\Brother\Brmfl08i\FAXRX.exe
    (Sage Software, Inc.) C:\Program Files\Sage Software\Peachtree\Peachw.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    (Microsoft Corporation) C:\WINDOWS\msagent\agentsvr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
    HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\.DEFAULT\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1004\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\Run: [Sage Exchange] => "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\Run: [Google Update] => C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {14d44cfa-fa2c-11de-9d8b-00219b21ded7} - E:\autorun.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...\MountPoints2: {f75e5ac2-e348-11de-9d7b-00219b21ded7} - E:\HebrewBooks.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1007\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sage Exchange] => "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {14d44cfa-fa2c-11de-9d8b-00219b21ded7} - E:\autorun.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f75e5ac2-e348-11de-9d7b-00219b21ded7} - E:\HebrewBooks.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sage Exchange] => "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {14d44cfa-fa2c-11de-9d8b-00219b21ded7} - E:\autorun.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {f75e5ac2-e348-11de-9d7b-00219b21ded7} - E:\HebrewBooks.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: {801b9c32-613f-11df-9db1-00219b21ded7} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {801b9c32-613f-11df-9db1-00219b21ded7} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {801b9c32-613f-11df-9db1-00219b21ded7} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {16b91bb6-117c-11e3-9f41-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {801b9c32-613f-11df-9db1-00219b21ded7} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {b9fd9390-3b2c-11e3-9f66-00219b21ded7} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {cc3fd1d5-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {cc3fd1d7-9bb6-11de-9d55-00219b21ded7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3961636931-249890527-487916745-1009\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-20] (Google Inc.)
    HKU\S-1-5-21-3961636931-249890527-487916745-500\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-3961636931-249890527-487916745-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Corona\Application Data\Mozilla\Firefox\Profiles\fi9epx8n.default-1392820249953
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
    FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Corona\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Corona\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Corona\Application Data\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-14]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.132.1_0\McChPlg.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Google Update) - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
    CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Extension: (RealDownloader) - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-19]
    CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-30]
    CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
    R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1717488 2013-03-01] (Blue Coat Systems, Inc.)
    S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
    R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
    R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_501.exe [182416 2012-05-04] ()
    S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-16] (Oracle Corporation)
    S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
    R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-08-13] (Pervasive Software Inc.)
    R3 QuickBooksDB19; C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe [131072 2009-10-01] (Intuit, Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
    S3 Sage 50 SmartPosting 2013; C:\Program Files\Sage Software\Peachtree\SmartPostingService2013.exe [334704 2012-11-06] (Sage Software, Inc.)
    R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
    S4 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [120064 2009-09-25] (SmithMicro Inc.)
    R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
    S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
    S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]

    ==================== Drivers (Whitelisted) ====================

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
    R1 bckd; C:\WINDOWS\System32\drivers\bckd.sys [91248 2013-03-01] (Blue Coat Systems, Inc.)
    S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
    R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
    S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
    R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
    R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
    R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
    R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
    R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
    R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
    R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
    R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
    S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
    S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
    R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)
    S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 pwipf6; C:\WINDOWS\System32\DRIVERS\pwipf6.sys [135272 2012-05-25] (Privacyware/PWI, Inc.)
    S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
    R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
    R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [26888 2009-09-25] ()
    S4 LMIRfsClientNP; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-09 10:29 - 2014-05-09 10:31 - 00000000 ____D () C:\FRST
    2014-05-08 16:22 - 2014-05-08 17:52 - 00018944 _____ () C:\Documents and Settings\Corona\My Documents\alan-2.xls
    2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Stamps.com Internet Postage
    2014-05-05 14:32 - 2014-05-05 14:39 - 00000000 ____D () C:\Documents and Settings\Mindy\Application Data\Stamps.com Internet Postage
    2014-05-05 14:32 - 2014-05-05 14:32 - 00000767 _____ () C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    2014-05-05 14:32 - 2014-05-05 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{B26C223F-75F7-4201-923E-111C38B71D5C}
    2014-05-05 14:31 - 2014-05-05 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Stamps.com
    2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Documents and Settings\Mindy\Local Settings\Application Data\Seven Zip
    2014-05-05 14:30 - 2014-05-05 14:31 - 27480480 _____ (Stamps.com, Inc. ) C:\Documents and Settings\Mindy\Desktop\stamps.exe
    2014-05-05 14:27 - 2014-05-05 14:27 - 00000000 ____D () C:\Documents and Settings\Mindy\Application Data\TeamViewer
    2014-05-05 14:10 - 2014-05-05 14:21 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\~1
    2014-05-05 12:44 - 2014-05-08 09:47 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-05-05 12:43 - 2014-05-05 12:43 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-05 12:43 - 2014-05-05 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 12:42 - 2014-05-05 12:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-05 12:42 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-05-05 12:42 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-05-05 11:50 - 2014-05-05 14:19 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\Stamps.com Internet Postage
    2014-05-05 11:49 - 2014-05-05 14:05 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\~0
    2014-05-05 11:09 - 2014-05-07 15:45 - 00000036 ____H () C:\WINDOWS\system32\f9t.dat
    2014-05-05 11:09 - 2014-05-05 14:32 - 00000000 ____D () C:\Program Files\Stamps.com Internet Postage
    2014-05-05 11:07 - 2014-05-05 11:07 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\Seven Zip
    2014-05-02 15:31 - 2014-05-02 15:33 - 00010869 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-04-30 11:02 - 2014-05-01 12:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
    2014-04-25 10:05 - 2014-04-25 10:05 - 00000342 _____ () C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    2014-04-10 13:08 - 2014-04-10 13:08 - 00000721 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    2014-04-09 10:34 - 2014-04-09 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 10:28 - 2014-04-09 10:30 - 00013592 _____ () C:\WINDOWS\KB2936068-IE8.log
    2014-04-09 10:10 - 2014-04-09 10:34 - 00017442 _____ () C:\WINDOWS\KB2922229.log

    ==================== One Month Modified Files and Folders =======

    2014-05-09 10:32 - 2008-04-25 17:28 - 01236711 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-09 10:31 - 2014-05-09 10:29 - 00000000 ____D () C:\FRST
    2014-05-09 10:30 - 2010-07-01 13:33 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
    2014-05-09 10:29 - 2009-04-17 12:33 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F89F1B5-D8FE-4C00-AAC2-DAA15220805E}.job
    2014-05-09 10:23 - 2009-07-21 15:39 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B865D90F-A6AE-4EA0-B61A-D53A83683F2D}.job
    2014-05-09 10:19 - 2011-01-24 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
    2014-05-09 10:19 - 2011-01-24 18:28 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\Deployment
    2014-05-09 00:43 - 2011-06-28 12:21 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007UA.job
    2014-05-09 00:42 - 2014-02-09 14:37 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
    2014-05-09 00:41 - 2012-04-03 10:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-08 23:58 - 2010-02-01 17:51 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-08 19:10 - 2013-05-22 11:35 - 00000628 _____ () C:\WINDOWS\Tasks\Sage 50 Backup 1.job
    2014-05-08 18:42 - 2008-04-25 17:32 - 00032546 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-08 18:39 - 2013-09-16 18:14 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-05-08 18:00 - 2009-11-11 11:19 - 00000502 _____ () C:\WINDOWS\Tasks\Peachtree Backup 1.job
    2014-05-08 17:52 - 2014-05-08 16:22 - 00018944 _____ () C:\Documents and Settings\Corona\My Documents\alan-2.xls
    2014-05-08 16:58 - 2010-02-01 17:51 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-08 16:46 - 2014-01-05 15:15 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
    2014-05-08 15:10 - 2014-03-12 11:22 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-05-08 14:42 - 2011-06-28 12:21 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007Core.job
    2014-05-08 13:42 - 2014-02-09 14:37 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
    2014-05-08 12:21 - 2014-02-05 12:49 - 00000174 _____ () C:\WINDOWS\Brfaxrx.ini
    2014-05-08 11:12 - 2011-01-25 17:12 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\Skype
    2014-05-08 09:47 - 2014-05-05 12:44 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-05-08 05:30 - 2012-05-04 12:29 - 00000000 ____D () C:\Program Files\IDriveWindows
    2014-05-07 15:45 - 2014-05-05 11:09 - 00000036 ____H () C:\WINDOWS\system32\f9t.dat
    2014-05-06 19:57 - 2011-03-02 13:24 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\EFax Messenger 4.4
    2014-05-06 15:31 - 2012-01-06 13:25 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\Sage
    2014-05-06 15:31 - 2011-08-11 11:59 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\CutePDF Writer
    2014-05-06 11:12 - 2011-06-27 12:49 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\Kids insur
    2014-05-06 10:45 - 2008-04-25 05:25 - 00000495 _____ () C:\WINDOWS\wiadebug.log
    2014-05-06 04:30 - 2008-04-25 17:26 - 00000000 ____D () C:\WINDOWS\Registration
    2014-05-05 16:55 - 2010-03-16 10:48 - 00000178 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
    2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Stamps.com Internet Postage
    2014-05-05 15:16 - 2013-05-23 10:09 - 00000000 ____D () C:\Program Files\My Dell
    2014-05-05 15:16 - 2010-10-29 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
    2014-05-05 15:04 - 2012-12-28 11:00 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    2014-05-05 15:03 - 2012-05-10 10:40 - 00334488 _____ () C:\WINDOWS\setupapi.log
    2014-05-05 14:39 - 2014-05-05 14:32 - 00000000 ____D () C:\Documents and Settings\Mindy\Application Data\Stamps.com Internet Postage
    2014-05-05 14:32 - 2014-05-05 14:32 - 00000767 _____ () C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    2014-05-05 14:32 - 2014-05-05 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{B26C223F-75F7-4201-923E-111C38B71D5C}
    2014-05-05 14:32 - 2014-05-05 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Stamps.com
    2014-05-05 14:32 - 2014-05-05 11:09 - 00000000 ____D () C:\Program Files\Stamps.com Internet Postage
    2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Documents and Settings\Mindy\Local Settings\Application Data\Seven Zip
    2014-05-05 14:31 - 2014-05-05 14:30 - 27480480 _____ (Stamps.com, Inc. ) C:\Documents and Settings\Mindy\Desktop\stamps.exe
    2014-05-05 14:27 - 2014-05-05 14:27 - 00000000 ____D () C:\Documents and Settings\Mindy\Application Data\TeamViewer
    2014-05-05 14:25 - 2009-02-05 19:27 - 00000000 ____D () C:\Documents and Settings\Mindy\Local Settings\Application Data\Google
    2014-05-05 14:21 - 2014-05-05 14:10 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\~1
    2014-05-05 14:19 - 2014-05-05 11:50 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\Stamps.com Internet Postage
    2014-05-05 14:05 - 2014-05-05 11:49 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\~0
    2014-05-05 13:27 - 2014-04-01 12:31 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
    2014-05-05 13:25 - 2014-03-12 11:22 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-05-05 13:25 - 2014-02-04 12:17 - 00000737 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
    2014-05-05 13:25 - 2012-12-28 11:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    2014-05-05 13:25 - 2008-04-25 12:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-05 13:25 - 2008-04-25 05:25 - 00000048 _____ () C:\WINDOWS\wiaservc.log
    2014-05-05 13:24 - 2012-02-17 11:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2660465$
    2014-05-05 13:24 - 2008-04-25 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-05 13:23 - 2013-10-11 11:49 - 00216966 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-05-05 13:23 - 2009-02-09 14:15 - 00000278 ___SH () C:\Documents and Settings\Corona\ntuser.ini
    2014-05-05 13:23 - 2009-02-09 14:15 - 00000000 ____D () C:\Documents and Settings\Corona
    2014-05-05 12:43 - 2014-05-05 12:43 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-05 12:43 - 2014-05-05 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-05 12:43 - 2014-05-05 12:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-05 12:42 - 2009-11-30 10:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-05-05 12:37 - 2008-04-25 12:16 - 00000603 _____ () C:\WINDOWS\win.ini
    2014-05-05 12:37 - 2008-04-25 12:16 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-05-05 12:37 - 2008-04-25 12:16 - 00000211 ___SH () C:\boot.ini
    2014-05-05 12:27 - 2013-10-18 13:41 - 00131680 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-05-05 12:27 - 2013-10-11 11:49 - 03631550 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3961636931-249890527-487916745-1007-0.dat
    2014-05-05 11:32 - 2012-08-24 13:44 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\TeamViewer
    2014-05-05 11:07 - 2014-05-05 11:07 - 00000000 ____D () C:\Documents and Settings\Corona\Local Settings\Application Data\Seven Zip
    2014-05-04 18:25 - 2009-02-18 18:02 - 00000000 ____D () C:\Documents and Settings\Mindy\My Documents\CT
    2014-05-04 15:26 - 2012-06-19 13:42 - 00001001 _____ () C:\Documents and Settings\Corona\Application Data\Rim.Transcoder.Exception.log
    2014-05-04 15:26 - 2011-12-02 13:14 - 00009244 _____ () C:\Documents and Settings\Corona\Application Data\Rim.Desktop.Exception.log
    2014-05-04 15:26 - 2011-12-02 13:14 - 00007161 _____ () C:\Documents and Settings\Corona\Application Data\Rim.DesktopHelper.Exception.log
    2014-05-02 15:33 - 2014-05-02 15:31 - 00010869 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 15:33 - 2009-04-17 12:30 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-02 15:33 - 2009-01-22 07:40 - 00303848 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 02138670 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 01034190 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00980123 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00716976 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00658818 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00433986 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00373171 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00348010 _____ () C:\WINDOWS\iis6.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00147205 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00118050 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00107345 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00106808 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 15:33 - 2008-04-25 05:22 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-05-02 09:23 - 2009-11-11 11:24 - 00000522 _____ () C:\WINDOWS\Tasks\Peachtree Backup 2.job
    2014-05-01 12:59 - 2009-07-01 18:18 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\Price list
    2014-05-01 12:04 - 2014-04-30 11:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
    2014-05-01 12:03 - 2014-03-18 14:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird.bak
    2014-05-01 12:03 - 2012-11-06 14:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-05-01 11:17 - 2010-05-10 19:18 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\PrimoPDF
    2014-05-01 10:34 - 2014-02-05 12:51 - 00001027 _____ () C:\WINDOWS\Brpfx04a.ini
    2014-04-30 04:13 - 2008-04-25 12:16 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-30 04:13 - 2008-04-25 12:16 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-29 16:34 - 2014-02-05 12:49 - 00000000 _____ () C:\WINDOWS\brdfxspd.dat
    2014-04-29 12:41 - 2012-04-03 10:31 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-04-29 12:41 - 2011-05-24 11:02 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-04-28 19:53 - 2013-09-30 13:35 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-04-28 17:49 - 2012-07-30 19:28 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\QB9
    2014-04-25 12:47 - 2009-08-04 20:31 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\Hofset
    2014-04-25 12:29 - 2008-04-25 17:26 - 00039822 _____ () C:\WINDOWS\wmsetup.log
    2014-04-25 12:20 - 2008-04-25 17:26 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2014-04-25 10:05 - 2014-04-25 10:05 - 00000342 _____ () C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    2014-04-24 18:53 - 2009-12-08 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GARMIN
    2014-04-24 18:51 - 2013-03-15 10:38 - 00000000 ____D () C:\Program Files\DIFX
    2014-04-24 18:49 - 2009-12-08 18:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
    2014-04-24 18:49 - 2009-12-08 18:06 - 00000000 ____D () C:\Program Files\Garmin
    2014-04-24 18:45 - 2013-03-15 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
    2014-04-23 13:43 - 2014-01-02 13:38 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\OKL
    2014-04-23 12:44 - 2013-11-20 19:11 - 00000000 ____D () C:\Documents and Settings\Corona\My Documents\Amazon834wstate
    2014-04-23 11:07 - 2010-01-27 20:39 - 00000426 ____C () C:\WINDOWS\brwmark.ini
    2014-04-23 09:49 - 2011-01-24 18:30 - 00001024 _____ () C:\.rnd
    2014-04-23 09:45 - 2011-01-24 18:30 - 00000000 ____D () C:\Program Files\LogMeIn
    2014-04-10 17:47 - 2013-05-02 14:49 - 00000000 ___RD () C:\Documents and Settings\Corona\My Documents\Dropbox
    2014-04-10 17:47 - 2013-05-02 14:43 - 00000000 ____D () C:\Documents and Settings\Corona\Application Data\Dropbox
    2014-04-10 13:08 - 2014-04-10 13:08 - 00000721 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
    2014-04-10 13:07 - 2011-01-24 18:30 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2014-04-10 13:07 - 2011-01-24 18:30 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2014-04-10 13:07 - 2011-01-24 18:30 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
    2014-04-09 10:34 - 2014-04-09 10:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 10:34 - 2014-04-09 10:10 - 00017442 _____ () C:\WINDOWS\KB2922229.log
    2014-04-09 10:34 - 2013-08-14 19:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-04-09 10:34 - 2008-04-25 05:22 - 00001355 _____ () C:\WINDOWS\imsins.BAK
    2014-04-09 10:30 - 2014-04-09 10:28 - 00013592 _____ () C:\WINDOWS\KB2936068-IE8.log
    2014-04-09 10:30 - 2009-02-11 15:31 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Corona\Local Settings\Temp\avgnt.exe
    C:\Documents and Settings\Corona\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Corona\Local Settings\Temp\SkypeSetup.exe
    C:\Documents and Settings\Corona\Local Settings\Temp\y4dmc3jc.dll
    C:\Documents and Settings\Corona\Local Settings\Temp\{A3BD5269-CC2D-4B74-8B1D-83A2E4237AE3}-33.0.1750.146_33.0.1750.117_chrome_updater.exe
    C:\Documents and Settings\Mindy\Local Settings\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-05-2014 01
    Ran by Corona at 2014-05-09 10:33:53
    Running from C:\Documents and Settings\Corona\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Privatefirewall (Disabled) {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

    ==================== Installed Programs ======================

    7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
    Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
    Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
    BlackBerry App World Browser Plugin (HKLM\...\{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}) (Version: 3.1.0.6 - Research In Motion Limited)
    BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    BlackBerry Device Software Updater (HKLM\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
    BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone (HKLM\...\{C454EB7D-3EFD-44F6-8E1E-5984CC9ABED9}) (Version: 4.5.0.186 (Platform 3.4.0.59) - Research In Motion Ltd.)
    Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
    Brother MFL-Pro Suite (HKLM\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.00 - Brother Industries, Ltd.)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Coby Media Manager (HKLM\...\{9BD2436E-FA3D-4451-AD1E-1E816657E61D}) (Version: 1.0.3324 - Coby)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
    Crystal Reports 2008 SP1 (HKLM\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.1.0.883 - Business Objects)
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
    Elevated Installer (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin City Navigator North America NT 2010.30 (HKLM\...\{71DFAA65-77FA-41F3-A748-013B5A8524A3}) (Version: 13.30.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM\...\{50b02c70-f203-47ba-a926-5e4d816688db}) (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (Version: 3.1.7.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
    Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
    Google Talk Plugin (HKLM\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.917 - Citrix Online, a division of Citrix Systems, Inc.)
    GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )
    IDrive for Windows Version - 5.0 (HKLM\...\IDrive for Windows_is1) (Version: 5.0 - Pro Softnet Corp)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    InstallIQ Updater (HKLM\...\{8E0E6383-9754-4471-939E-E4ABE02E3440}) (Version: 1.4.0.0 - W3i, LLC)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iS3 STOPzilla Toolbar (HKLM\...\{37888B36-58B5-41C6-BE67-B846BB4809FF}) (Version: 1.0.0 - iS3 Inc.)
    Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
    join.me (HKCU\...\JoinMe) (Version: 1.9.2.216 - LogMeIn, Inc.)
    Kaspersky Security Scan (HKLM\...\{B3DED121-395C-4338-A455-A2CFF8BDE071}) (Version: 1.0.0.468 - KSS)
    Keyboard Lock Status (HKLM\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)
    LogMeIn (HKLM\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
    LogMeIn (HKLM\...\{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}) (Version: 4.1.1890 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
    Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
    Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft UI Engine (Version: 4.0.0318.1 - Microsoft Corporation) Hidden
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{606BC780-101C-41DB-808D-4539BFA0774A}) (Version: 3.1.1.0 - Apple Inc.)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
    Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    Peachtree Premium Accounting for Distribution 2010 (HKLM\...\Peachtree Premium Accounting for Distribution) (Version: - )
    Peachtree Signature Ready Forms (Version: 12.1.10 - Sage Software SB, Inc.) Hidden
    Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software)
    Pervasive Software PSQL v9.1 Client (HKLM\...\Pervasive Software PSQL v9.1 Workgroup_is1) (Version: - Pervasive Software)
    Pervasive System Analyzer v9.1 (HKLM\...\Pervasive System Analyzer_is1) (Version: - Pervasive Software)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
    Presentation (HKLM\...\{D7898B61-3DFF-11D8-9A54-000244173F83}) (Version: - )
    PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
    Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
    QuickBooks (Version: 19.0.4014.705 - Intuit Inc.) Hidden
    QuickBooks Connection Diagnostic Tool (HKLM\...\{8FC44A80-059E-4358-BBB4-50FAEBED7627}) (Version: 4.0.0 - Intuit)
    QuickBooks Enterprise Solutions: Mfg and Whsle Edition 9.0 (HKLM\...\{9A1785DC-3A39-479D-BD63-8DC9F5F60DCE}) (Version: 19.0.4014.705 - Intuit Inc.)
    QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
    Sage 50 Accounting 2013 (HKLM\...\InstallShield_{1768BEA4-3469-45FB-8EFB-6742E1C0E86F}) (Version: 20.00.00 - Sage Software, Inc.)
    Sage 50 Accounting 2013 (Version: 20.00.00 - Sage Software, Inc.) Hidden
    Sage Exchange (HKCU\...\f269fca5d8764803) (Version: 1.0.5.47 - Sage Payment Solutions)
    Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden
    Sage Software Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
    SearchAssist (HKLM\...\SearchAssist) (Version: - )
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
    Sprint SmartView (HKLM\...\{106FB85A-9567-42FC-85CC-E4DA450F4C7B}) (Version: 2.25.0047.0 - Sprint)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Stamps.com (HKLM\...\Stamps.com) (Version: - Stamps.com, Inc.)
    Stamps.com (Version: 11.1.0.2691 - Stamps.com, Inc.) Hidden
    STOIK Smart Resizer (HKLM\...\{A71CE50A-6122-469A-BE77-1B7905287B4D}) (Version: 1.00.03 - STOIK Imaging)
    SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
    thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Vonage Click-2-Call (HKLM\...\{C87218DF-512A-4208-A131-0F626F49E055}) (Version: - )
    WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WhoCrashed 4.02 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.1 - BillP Studios)
    XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

    ==================== Restore Points =========================

    09-02-2014 20:15:30 System Checkpoint
    10-02-2014 22:30:10 System Checkpoint
    11-02-2014 22:36:30 System Checkpoint
    12-02-2014 23:40:05 System Checkpoint
    13-02-2014 15:59:15 Software Distribution Service 3.0
    13-02-2014 16:30:44 Software Distribution Service 3.0
    13-02-2014 18:07:59 Software Distribution Service 3.0
    16-02-2014 23:41:23 System Checkpoint
    18-02-2014 20:22:34 System Checkpoint
    20-02-2014 01:36:26 System Checkpoint
    21-02-2014 03:37:19 System Checkpoint
    24-02-2014 01:08:27 System Checkpoint
    24-02-2014 23:30:40 Installed Java 7 Update 51
    25-02-2014 23:52:14 System Checkpoint
    27-02-2014 02:29:41 System Checkpoint
    28-02-2014 02:39:07 System Checkpoint
    03-03-2014 00:18:09 System Checkpoint
    04-03-2014 17:04:39 System Checkpoint
    05-03-2014 18:15:45 System Checkpoint
    06-03-2014 18:21:31 System Checkpoint
    09-03-2014 02:31:12 WD SmartWare Installer
    09-03-2014 02:58:07 WD SmartWare Installer
    09-03-2014 03:48:10 Software Distribution Service 3.0
    10-03-2014 14:46:26 Software Distribution Service 3.0
    11-03-2014 20:00:43 System Checkpoint
    12-03-2014 15:00:29 Software Distribution Service 3.0
    13-03-2014 15:25:23 System Checkpoint
    14-03-2014 16:34:44 System Checkpoint
    17-03-2014 21:01:22 System Checkpoint
    18-03-2014 14:15:04 Software Distribution Service 3.0
    18-03-2014 14:23:41 Software Distribution Service 3.0
    19-03-2014 20:17:48 System Checkpoint
    20-03-2014 21:58:39 System Checkpoint
    22-03-2014 01:21:57 System Checkpoint
    23-03-2014 02:12:37 System Checkpoint
    24-03-2014 02:24:35 System Checkpoint
    25-03-2014 06:29:35 System Checkpoint
    26-03-2014 22:32:38 System Checkpoint
    28-03-2014 03:00:15 System Checkpoint
    31-03-2014 22:42:25 System Checkpoint
    02-04-2014 00:33:47 System Checkpoint
    03-04-2014 19:41:35 System Checkpoint
    07-04-2014 00:18:11 System Checkpoint
    09-04-2014 14:27:21 Software Distribution Service 3.0
    10-04-2014 17:08:19 Printer Driver LogMeIn Printer Driver Installed
    24-04-2014 00:36:27 System Checkpoint
    24-04-2014 22:45:38 Garmin Express
    24-04-2014 22:48:47 Garmin Express
    24-04-2014 22:51:44 Garmin Express
    28-04-2014 19:10:52 System Checkpoint
    29-04-2014 22:44:18 System Checkpoint
    30-04-2014 23:51:46 System Checkpoint
    02-05-2014 02:34:56 System Checkpoint
    02-05-2014 19:31:10 Software Distribution Service 3.0
    04-05-2014 17:27:25 System Checkpoint
    05-05-2014 15:20:58 Removed Stamps.com
    05-05-2014 15:36:22 Removed Stamps.com
    05-05-2014 15:44:34 Removed Stamps.com
    05-05-2014 16:07:50 Removed Stamps.com
    05-05-2014 17:41:45 Removed Stamps.com
    05-05-2014 18:04:20 Removed Stamps.com
    05-05-2014 18:20:40 Removed Stamps.com
    06-05-2014 18:34:15 System Checkpoint
    07-05-2014 21:10:46 System Checkpoint
    08-05-2014 22:42:16 Installed Java 7 Update 55

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007Core.job => C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007UA.job => C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
    Task: C:\WINDOWS\Tasks\Peachtree Backup 1.job => C:\Program Files\Sage Software\Peachtree\PeachtreeBackup.exe
    Task: C:\WINDOWS\Tasks\Peachtree Backup 2.job => C:\Program Files\Sage Software\Peachtree\PeachtreeBackup.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3961636931-249890527-487916745-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3961636931-249890527-487916745-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\Sage 50 Backup 1.job => C:\Program Files\Sage Software\Peachtree\PeachtreeBackup.exe
    Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\My Dell\uaclauncher.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F89F1B5-D8FE-4C00-AAC2-DAA15220805E}.job => C:\WINDOWS\system32\msfeedssync.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B865D90F-A6AE-4EA0-B61A-D53A83683F2D}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-11 11:55 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2010-05-10 19:16 - 2009-07-30 21:44 - 00176235 _____ () C:\WINDOWS\system32\Primomonnt.dll
    2012-10-10 10:00 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    2012-05-04 12:30 - 2012-05-04 14:51 - 00182416 _____ () C:\Program Files\IDriveWindows\idwservice_501.exe
    2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-02-05 12:49 - 2008-12-25 13:36 - 00139264 ____N () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    2007-07-23 17:04 - 2007-07-23 17:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    2012-05-04 12:29 - 2012-03-01 20:06 - 00477184 _____ () C:\Program Files\IDriveWindows\idcontext.dll
    2013-10-08 16:43 - 2013-07-15 13:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    2014-03-26 15:10 - 2014-03-26 15:10 - 00147456 ____N () C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\CommonCL.XmlSerializers.dll
    2014-03-26 15:10 - 2014-03-26 15:09 - 00072704 ____N () C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\SpsXmlCL.dll
    2014-03-26 15:10 - 2014-03-26 15:10 - 00058368 ____N () C:\Documents and Settings\Corona\Local Settings\Apps\2.0\88XPR520.37Z\1P9TP99D.N6P\sage..tion_7ed87dda14c1f21d_0001.0000_175ddcd4e5e83b21\PublisherCL.dll
    2014-04-30 11:03 - 2014-04-30 11:03 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
    2014-04-30 11:03 - 2014-04-30 11:03 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
    2014-04-30 11:03 - 2014-04-30 11:03 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
    2014-02-05 12:49 - 2005-02-02 14:38 - 00024576 ____N () C:\Program Files\Brother\Brmfl08i\brrunpp.dll
    1999-02-01 16:10 - 1999-02-01 16:10 - 00057403 _____ () C:\Program Files\Microsoft Office\Office\BLNMGRPS.DLL
    1999-02-01 19:39 - 1999-02-01 19:39 - 00073785 _____ () C:\Program Files\Microsoft Office\Office\BLNMGR.DLL
    2014-03-31 11:51 - 2014-03-31 11:53 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk => C:\WINDOWS\pss\Kaspersky Security Scan.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk => C:\WINDOWS\pss\McAfee Security Scan.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\WINDOWS\pss\QuickBooks Web Connector.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Corona^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Corona^Start Menu^Programs^Startup^eFax 4.4.lnk => C:\WINDOWS\pss\eFax 4.4.lnkStartup
    MSCONFIG\startupreg: 8169Diag => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    MSCONFIG\startupreg: cdloader => "C:\Documents and Settings\Corona\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    MSCONFIG\startupreg: DWQueuedReporting => "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: googletalk => C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: IDrive Background process => "C:\Program Files\IDriveWindows\idwbg_501.exe"
    MSCONFIG\startupreg: IDrive Monitor => "C:\Program Files\IDriveWindows\idwmonitor.exe" Min
    MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
    MSCONFIG\startupreg: InstallIQUpdater => "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
    MSCONFIG\startupreg: LockStatusTray => C:\WINDOWS\LockStatusTray.exe
    MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    MSCONFIG\startupreg: PeachtreePrefetcher.exe => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe /configfileeachtreeprefetcher.winstart.config
    MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: RDVCHG => "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    MSCONFIG\startupreg: RoxioDragToDisc => C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
    MSCONFIG\startupreg: Sage Exchange => "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
    MSCONFIG\startupreg: SearchEngineProtection => C:\Program Files\Gamesbar\SearchEngineProtection.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Sprint SmartView => "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: Vonage => C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe
    MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/09/2014 10:19:14 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/09 10:19:14.250]: [00002196]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

    Error: (05/07/2014 10:32:21 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/07 10:32:21.265]: [00002196]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

    Error: (05/06/2014 10:45:56 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: WIA BrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ES Error[-4]

    Error: (05/06/2014 10:45:56 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: WIA BrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ED Error[-4]

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:42.578]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STI BrtSTI: [2014/05/06 10:45:41.218]: [00002196]: CBrUsbSti: GetDevCapa Failed.


    System errors:
    =============
    Error: (05/08/2014 04:50:22 PM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/08/2014 04:20:26 PM) (Source: DCOM) (User: MINDY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gusvc with arguments ""
    in order to run the server:
    {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error: (05/08/2014 11:50:46 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/08/2014 11:25:38 AM) (Source: DCOM) (User: MINDY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gusvc with arguments ""
    in order to run the server:
    {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error: (05/08/2014 10:55:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7034)
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/08/2014 06:50:24 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/08/2014 01:50:09 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/08/2014 01:42:57 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/08/2014 00:42:21 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (05/07/2014 11:42:43 PM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10005)
    Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
    in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}


    Microsoft Office Sessions:
    =========================
    Error: (05/09/2014 10:19:14 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/09 10:19:14.250]: [00002196]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

    Error: (05/07/2014 10:32:21 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/07 10:32:21.265]: [00002196]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

    Error: (05/06/2014 10:45:56 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: WIABrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ES Error[-4]

    Error: (05/06/2014 10:45:56 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: WIABrtWIA: [2014/05/06 10:45:56.062]: [00002196]: ChkMk:: ED Error[-4]

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:42.578]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:42 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:42.453]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:41.234]: [00002196]: CBrUsbSti: GetDevCapa Failed.

    Error: (05/06/2014 10:45:41 AM) (Source: Brother BrLog) (User: ) (EventID: 1001)
    Description: STIBrtSTI: [2014/05/06 10:45:41.218]: [00002196]: CBrUsbSti: GetDevCapa Failed.


    ==================== Memory info ===========================

    Percentage of memory in use: 80%
    Total physical RAM: 2012.91 MB
    Available physical RAM: 400.32 MB
    Total Pagefile: 4457.96 MB
    Available Pagefile: 1382.13 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1961.2 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:21.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive z: (OS) (Network) (Total:148.97 GB) (Free:21.84 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: A42D04A3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  9. The Following User Says Thank You to ct8559 For This Useful Post:


  10. #6
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    10:41:26.0406 1824 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    10:41:28.0406 1824 ============================================================
    10:41:28.0406 1824 Current date / time: 2014/05/09 10:41:28.0406
    10:41:28.0406 1824 SystemInfo:
    10:41:28.0406 1824
    10:41:28.0406 1824 OS Version: 5.1.2600 ServicePack: 3.0
    10:41:28.0406 1824 Product type: Workstation
    10:41:28.0406 1824 ComputerName: MINDY
    10:41:28.0406 1824 UserName: Corona
    10:41:28.0406 1824 Windows directory: C:\WINDOWS
    10:41:28.0406 1824 System windows directory: C:\WINDOWS
    10:41:28.0406 1824 Processor architecture: Intel x86
    10:41:28.0406 1824 Number of processors: 2
    10:41:28.0421 1824 Page size: 0x1000
    10:41:28.0421 1824 Boot type: Normal boot
    10:41:28.0421 1824 ============================================================
    10:41:37.0234 1824 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:41:37.0234 1824 ============================================================
    10:41:37.0234 1824 \Device\Harddisk0\DR0:
    10:41:37.0234 1824 MBR partitions:
    10:41:37.0234 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x129F1720
    10:41:37.0234 1824 ============================================================
    10:41:37.0265 1824 C: <-> \Device\Harddisk0\DR0\Partition1
    10:41:37.0265 1824 ============================================================
    10:41:37.0265 1824 Initialize success
    10:41:37.0265 1824 ============================================================
    10:43:25.0468 5800 ============================================================
    10:43:25.0468 5800 Scan started
    10:43:25.0468 5800 Mode: Manual;
    10:43:25.0468 5800 ============================================================
    10:43:26.0531 5800 ================ Scan system memory ========================
    10:43:26.0546 5800 System memory - ok
    10:43:26.0546 5800 ================ Scan services =============================
    10:43:26.0718 5800 Abiosdsk - ok
    10:43:26.0765 5800 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    10:43:26.0765 5800 abp480n5 - ok
    10:43:26.0781 5800 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:43:26.0781 5800 ACPI - ok
    10:43:26.0796 5800 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:43:26.0796 5800 ACPIEC - ok
    10:43:26.0859 5800 [ 7C7E868E1D8096ED08D80FF7712BB9D8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:43:26.0859 5800 AdobeFlashPlayerUpdateSvc - ok
    10:43:26.0906 5800 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    10:43:26.0906 5800 adpu160m - ok
    10:43:26.0937 5800 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:43:26.0937 5800 aec - ok
    10:43:26.0984 5800 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:43:26.0984 5800 AFD - ok
    10:43:27.0000 5800 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    10:43:27.0000 5800 agp440 - ok
    10:43:27.0015 5800 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    10:43:27.0015 5800 agpCPQ - ok
    10:43:27.0031 5800 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    10:43:27.0031 5800 Aha154x - ok
    10:43:27.0046 5800 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    10:43:27.0046 5800 aic78u2 - ok
    10:43:27.0046 5800 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    10:43:27.0046 5800 aic78xx - ok
    10:43:27.0109 5800 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:43:27.0109 5800 Alerter - ok
    10:43:27.0125 5800 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    10:43:27.0125 5800 ALG - ok
    10:43:27.0125 5800 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    10:43:27.0125 5800 AliIde - ok
    10:43:27.0140 5800 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    10:43:27.0140 5800 alim1541 - ok
    10:43:27.0156 5800 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    10:43:27.0156 5800 amdagp - ok
    10:43:27.0187 5800 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    10:43:27.0187 5800 amsint - ok
    10:43:27.0359 5800 [ 4D282B9C5BB05DF92C9F3977DFB9F916 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    10:43:27.0406 5800 AntiVirSchedulerService - ok
    10:43:27.0468 5800 [ 65AF41A7A2C5B6693E1B4164E7632C3E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    10:43:27.0468 5800 AntiVirService - ok
    10:43:27.0515 5800 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    10:43:27.0531 5800 AppMgmt - ok
    10:43:27.0578 5800 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    10:43:27.0578 5800 asc - ok
    10:43:27.0625 5800 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    10:43:27.0625 5800 asc3350p - ok
    10:43:27.0640 5800 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    10:43:27.0640 5800 asc3550 - ok
    10:43:27.0734 5800 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    10:43:27.0750 5800 aspnet_state - ok
    10:43:27.0781 5800 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:43:27.0781 5800 AsyncMac - ok
    10:43:27.0796 5800 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:43:27.0812 5800 atapi - ok
    10:43:27.0812 5800 Atdisk - ok
    10:43:27.0812 5800 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:43:27.0812 5800 Atmarpc - ok
    10:43:27.0875 5800 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:43:27.0875 5800 AudioSrv - ok
    10:43:27.0906 5800 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:43:27.0906 5800 audstub - ok
    10:43:27.0968 5800 [ B8C10FF9369394EB84993F331810CF29 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    10:43:27.0968 5800 avgntflt - ok
    10:43:28.0031 5800 [ 4189E5AB2CAD6F395D87DAAE73EB090F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    10:43:28.0031 5800 avipbb - ok
    10:43:28.0078 5800 [ D8C712305F73CD34D1B344810E522728 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    10:43:28.0078 5800 avkmgr - ok
    10:43:28.0140 5800 [ F2E8CEFC8CF4D6454F4121C5FF93136A ] BBSvc C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
    10:43:28.0140 5800 BBSvc - ok
    10:43:28.0203 5800 [ 6E1BCC590C9D30FEE8FC14DBD053CE94 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
    10:43:28.0203 5800 BBUpdate - ok
    10:43:28.0265 5800 [ 85343BE7B985D3D7CD517F5D95766AEC ] bckd C:\WINDOWS\system32\drivers\bckd.sys
    10:43:28.0265 5800 bckd - ok
    10:43:28.0312 5800 [ D1F8FB2CD836F16422AC8E05892BAD5A ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    10:43:28.0390 5800 bckwfs - ok
    10:43:28.0437 5800 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:43:28.0437 5800 Beep - ok
    10:43:28.0500 5800 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:43:28.0515 5800 BITS - ok
    10:43:28.0640 5800 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    10:43:28.0656 5800 Blackberry Device Manager - ok
    10:43:28.0718 5800 [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt C:\WINDOWS\system32\Drivers\Brfilt.sys
    10:43:28.0718 5800 brfilt - ok
    10:43:28.0734 5800 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    10:43:28.0734 5800 Browser - ok
    10:43:28.0781 5800 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    10:43:28.0781 5800 BrScnUsb - ok
    10:43:28.0828 5800 [ 3A9D55D28F61749A4564AFD1D660C050 ] BrSerIf C:\WINDOWS\system32\DRIVERS\BrSerIf.sys
    10:43:28.0828 5800 BrSerIf - ok
    10:43:28.0843 5800 [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    10:43:28.0843 5800 BrSerWDM - ok
    10:43:28.0859 5800 [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
    10:43:28.0859 5800 BrUsbMdm - ok
    10:43:28.0859 5800 [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn C:\WINDOWS\system32\Drivers\BrUsbScn.sys
    10:43:28.0859 5800 BrUsbScn - ok
    10:43:28.0875 5800 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys
    10:43:28.0875 5800 BrUsbSer - ok
    10:43:28.0906 5800 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    10:43:28.0906 5800 cbidf - ok
    10:43:28.0937 5800 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:43:28.0937 5800 cbidf2k - ok
    10:43:28.0968 5800 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    10:43:28.0968 5800 CCDECODE - ok
    10:43:28.0984 5800 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    10:43:28.0984 5800 cd20xrnt - ok
    10:43:28.0984 5800 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:43:28.0984 5800 Cdaudio - ok
    10:43:29.0000 5800 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:43:29.0000 5800 Cdfs - ok
    10:43:29.0046 5800 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:43:29.0046 5800 Cdrom - ok
    10:43:29.0062 5800 Changer - ok
    10:43:29.0125 5800 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:43:29.0125 5800 CiSvc - ok
    10:43:29.0125 5800 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:43:29.0125 5800 ClipSrv - ok
    10:43:29.0218 5800 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:43:29.0250 5800 clr_optimization_v2.0.50727_32 - ok
    10:43:29.0296 5800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:43:29.0406 5800 clr_optimization_v4.0.30319_32 - ok
    10:43:29.0453 5800 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    10:43:29.0453 5800 CmdIde - ok
    10:43:29.0468 5800 COMSysApp - ok
    10:43:29.0515 5800 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    10:43:29.0515 5800 Cpqarray - ok
    10:43:29.0562 5800 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:43:29.0562 5800 CryptSvc - ok
    10:43:29.0578 5800 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    10:43:29.0578 5800 dac2w2k - ok
    10:43:29.0593 5800 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    10:43:29.0593 5800 dac960nt - ok
    10:43:29.0656 5800 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:43:29.0656 5800 DcomLaunch - ok
    10:43:29.0703 5800 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:43:29.0718 5800 Dhcp - ok
    10:43:29.0750 5800 [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
    10:43:29.0750 5800 Diag69xp - ok
    10:43:29.0796 5800 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:43:29.0796 5800 Disk - ok
    10:43:29.0828 5800 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    10:43:29.0828 5800 DLABMFSM - ok
    10:43:29.0843 5800 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    10:43:29.0843 5800 DLABOIOM - ok
    10:43:29.0859 5800 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    10:43:29.0859 5800 DLACDBHM - ok
    10:43:29.0859 5800 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
    10:43:29.0859 5800 DLADResM - ok
    10:43:29.0875 5800 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    10:43:29.0875 5800 DLAIFS_M - ok
    10:43:29.0875 5800 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    10:43:29.0875 5800 DLAOPIOM - ok
    10:43:29.0890 5800 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    10:43:29.0890 5800 DLAPoolM - ok
    10:43:29.0890 5800 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    10:43:29.0890 5800 DLARTL_M - ok
    10:43:29.0906 5800 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    10:43:29.0906 5800 DLAUDFAM - ok
    10:43:29.0906 5800 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    10:43:29.0906 5800 DLAUDF_M - ok
    10:43:29.0921 5800 dmadmin - ok
    10:43:29.0953 5800 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:43:29.0953 5800 dmboot - ok
    10:43:29.0968 5800 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:43:29.0968 5800 dmio - ok
    10:43:29.0984 5800 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:43:29.0984 5800 dmload - ok
    10:43:30.0031 5800 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:43:30.0031 5800 dmserver - ok
    10:43:30.0031 5800 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:43:30.0031 5800 DMusic - ok
    10:43:30.0078 5800 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:43:30.0078 5800 Dnscache - ok
    10:43:30.0093 5800 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:43:30.0109 5800 Dot3svc - ok
    10:43:30.0140 5800 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
    10:43:30.0156 5800 dot4 - ok
    10:43:30.0187 5800 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    10:43:30.0187 5800 Dot4Print - ok
    10:43:30.0234 5800 [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
    10:43:30.0234 5800 Dot4Scan - ok
    10:43:30.0250 5800 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    10:43:30.0250 5800 dot4usb - ok
    10:43:30.0281 5800 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    10:43:30.0281 5800 dpti2o - ok
    10:43:30.0328 5800 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:43:30.0328 5800 drmkaud - ok
    10:43:30.0343 5800 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    10:43:30.0343 5800 DRVMCDB - ok
    10:43:30.0359 5800 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    10:43:30.0359 5800 DRVNDDM - ok
    10:43:30.0406 5800 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:43:30.0406 5800 EapHost - ok
    10:43:30.0421 5800 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:43:30.0421 5800 ERSvc - ok
    10:43:30.0468 5800 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    10:43:30.0468 5800 Eventlog - ok
    10:43:30.0515 5800 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    10:43:30.0531 5800 EventSystem - ok
    10:43:30.0578 5800 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:43:30.0578 5800 Fastfat - ok
    10:43:30.0625 5800 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:43:30.0625 5800 FastUserSwitchingCompatibility - ok
    10:43:30.0687 5800 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    10:43:30.0687 5800 Fax - ok
    10:43:30.0734 5800 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    10:43:30.0734 5800 Fdc - ok
    10:43:30.0750 5800 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:43:30.0750 5800 Fips - ok
    10:43:30.0750 5800 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    10:43:30.0750 5800 Flpydisk - ok
    10:43:30.0765 5800 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    10:43:30.0765 5800 FltMgr - ok
    10:43:30.0859 5800 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:43:30.0859 5800 FontCache3.0.0.0 - ok
    10:43:30.0875 5800 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:43:30.0875 5800 Fs_Rec - ok
    10:43:30.0890 5800 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:43:30.0890 5800 Ftdisk - ok
    10:43:30.0968 5800 [ 8FC1230DBCCEB7016A4F183D4808D335 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    10:43:30.0984 5800 Garmin Core Update Service - ok
    10:43:30.0984 5800 getPlusHelper - ok
    10:43:31.0093 5800 [ DEBE370E7C161EF95D2692064C5E41D6 ] GoToAssist C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe
    10:43:31.0093 5800 GoToAssist - ok
    10:43:31.0156 5800 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:43:31.0156 5800 Gpc - ok
    10:43:31.0187 5800 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    10:43:31.0187 5800 grmnusb - ok
    10:43:31.0234 5800 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:43:31.0234 5800 gupdate - ok
    10:43:31.0234 5800 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:43:31.0234 5800 gupdatem - ok
    10:43:31.0296 5800 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    10:43:31.0312 5800 gusvc - ok
    10:43:31.0312 5800 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    10:43:31.0328 5800 HDAudBus - ok
    10:43:31.0406 5800 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    10:43:31.0406 5800 helpsvc - ok
    10:43:31.0453 5800 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    10:43:31.0453 5800 HidServ - ok
    10:43:31.0468 5800 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:43:31.0468 5800 hidusb - ok
    10:43:31.0515 5800 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:43:31.0515 5800 hkmsvc - ok
    10:43:31.0531 5800 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    10:43:31.0531 5800 hpn - ok
    10:43:31.0578 5800 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:43:31.0593 5800 HTTP - ok
    10:43:31.0625 5800 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:43:31.0625 5800 HTTPFilter - ok
    10:43:31.0671 5800 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    10:43:31.0671 5800 i2omgmt - ok
    10:43:31.0687 5800 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    10:43:31.0687 5800 i2omp - ok
    10:43:31.0812 5800 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    10:43:31.0828 5800 IAANTMON - ok
    10:43:32.0031 5800 [ 2DA364EE62D4949620B6FAE4FFEA16A7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    10:43:32.0203 5800 ialm - ok
    10:43:32.0250 5800 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
    10:43:32.0250 5800 iaStor - ok
    10:43:32.0343 5800 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    10:43:32.0343 5800 IDriverT - ok
    10:43:32.0406 5800 [ A362311AA210A213201ED2F39F2F7291 ] IDriveService C:\Program Files\IDriveWindows\idwservice_501.exe
    10:43:32.0406 5800 IDriveService - ok
    10:43:32.0515 5800 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:43:32.0546 5800 idsvc - ok
    10:43:32.0593 5800 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:43:32.0593 5800 Imapi - ok
    10:43:32.0640 5800 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:43:32.0640 5800 ImapiService - ok
    10:43:32.0687 5800 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    10:43:32.0687 5800 ini910u - ok
    10:43:32.0875 5800 [ 5C8F36CDCB489111B24003AF4DFE1FDC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    10:43:32.0984 5800 IntcAzAudAddService - ok
    10:43:33.0031 5800 [ C9EF68BEE3B1A62F34125A9FBBAAC10C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
    10:43:33.0046 5800 IntcHdmiAddService - ok
    10:43:33.0046 5800 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    10:43:33.0046 5800 IntelIde - ok
    10:43:33.0078 5800 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:43:33.0078 5800 intelppm - ok
    10:43:33.0093 5800 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    10:43:33.0093 5800 Ip6Fw - ok
    10:43:33.0109 5800 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:43:33.0109 5800 IpFilterDriver - ok
    10:43:33.0125 5800 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:43:33.0125 5800 IpInIp - ok
    10:43:33.0125 5800 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:43:33.0140 5800 IpNat - ok
    10:43:33.0140 5800 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:43:33.0140 5800 IPSec - ok
    10:43:33.0171 5800 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:43:33.0171 5800 IRENUM - ok
    10:43:33.0203 5800 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:43:33.0203 5800 isapnp - ok
    10:43:33.0328 5800 [ A5937B2A94424CF1B13A4AD503AF6B2E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:43:33.0343 5800 JavaQuickStarterService - ok
    10:43:33.0390 5800 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:43:33.0390 5800 Kbdclass - ok
    10:43:33.0437 5800 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:43:33.0437 5800 kbdhid - ok
    10:43:33.0453 5800 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:43:33.0453 5800 kmixer - ok
    10:43:33.0468 5800 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:43:33.0468 5800 KSecDD - ok
    10:43:33.0500 5800 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    10:43:33.0515 5800 LanmanServer - ok
    10:43:33.0546 5800 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:43:33.0562 5800 lanmanworkstation - ok
    10:43:33.0593 5800 [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
    10:43:33.0593 5800 LANPkt - ok
    10:43:33.0609 5800 lbrtfdc - ok
    10:43:33.0656 5800 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:43:33.0656 5800 LmHosts - ok
    10:43:33.0765 5800 [ A7D7F4A1DAB8D880762C13638A301B84 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    10:43:33.0765 5800 LMIGuardianSvc - ok
    10:43:33.0812 5800 [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] LMIInfo C:\Program Files\LogMeIn\x86\rainfo.sys
    10:43:33.0812 5800 LMIInfo - ok
    10:43:33.0843 5800 [ CA375728BB9A332CE7FD52762499A067 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
    10:43:33.0843 5800 LMIMaint - ok
    10:43:33.0890 5800 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    10:43:33.0890 5800 lmimirr - ok
    10:43:33.0890 5800 LMIRfsClientNP - ok
    10:43:33.0906 5800 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    10:43:33.0906 5800 LMIRfsDriver - ok
    10:43:33.0953 5800 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
    10:43:33.0953 5800 LogMeIn - ok
    10:43:34.0000 5800 [ 0C6EA0109CFEDF441F06D031E9A8D1A9 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    10:43:34.0000 5800 MBAMProtector - ok
    10:43:34.0093 5800 [ 0E08BDD7326E657D59DB40BAD23D8169 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    10:43:34.0156 5800 MBAMScheduler - ok
    10:43:34.0203 5800 [ A8E7F3DB083EB0839DFC1C763CDD2594 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    10:43:34.0234 5800 MBAMService - ok
    10:43:34.0265 5800 [ 661B911FA04E73FB073FF9B1C9BD2E05 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    10:43:34.0265 5800 MBAMSwissArmy - ok
    10:43:34.0296 5800 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:43:34.0296 5800 Messenger - ok
    10:43:34.0312 5800 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
    10:43:34.0312 5800 mf - ok
    10:43:34.0359 5800 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:43:34.0359 5800 mnmdd - ok
    10:43:34.0375 5800 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:43:34.0375 5800 mnmsrvc - ok
    10:43:34.0375 5800 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:43:34.0375 5800 Modem - ok
    10:43:34.0437 5800 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:43:34.0437 5800 Mouclass - ok
    10:43:34.0437 5800 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:43:34.0437 5800 mouhid - ok
    10:43:34.0453 5800 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:43:34.0453 5800 MountMgr - ok
    10:43:34.0531 5800 [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:43:34.0531 5800 MozillaMaintenance - ok
    10:43:34.0562 5800 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    10:43:34.0562 5800 mraid35x - ok
    10:43:34.0578 5800 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:43:34.0578 5800 MRxDAV - ok
    10:43:34.0625 5800 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:43:34.0640 5800 MRxSmb - ok
    10:43:34.0671 5800 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:43:34.0687 5800 MSDTC - ok
    10:43:34.0687 5800 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:43:34.0703 5800 Msfs - ok
    10:43:34.0703 5800 MSIServer - ok
    10:43:34.0718 5800 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:43:34.0718 5800 MSKSSRV - ok
    10:43:34.0750 5800 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:43:34.0750 5800 MSPCLOCK - ok
    10:43:34.0750 5800 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:43:34.0750 5800 MSPQM - ok
    10:43:34.0796 5800 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:43:34.0796 5800 mssmbios - ok
    10:43:34.0843 5800 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    10:43:34.0843 5800 MSTEE - ok
    10:43:34.0875 5800 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:43:34.0875 5800 Mup - ok
    10:43:34.0906 5800 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    10:43:34.0906 5800 NABTSFEC - ok
    10:43:34.0968 5800 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:43:34.0984 5800 napagent - ok
    10:43:35.0000 5800 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:43:35.0000 5800 NDIS - ok
    10:43:35.0046 5800 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    10:43:35.0046 5800 NdisIP - ok
    10:43:35.0062 5800 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:43:35.0062 5800 NdisTapi - ok
    10:43:35.0093 5800 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:43:35.0093 5800 Ndisuio - ok
    10:43:35.0109 5800 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:43:35.0109 5800 NdisWan - ok
    10:43:35.0171 5800 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:43:35.0171 5800 NDProxy - ok
    10:43:35.0171 5800 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:43:35.0171 5800 NetBIOS - ok
    10:43:35.0187 5800 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:43:35.0187 5800 NetBT - ok
    10:43:35.0250 5800 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:43:35.0250 5800 NetDDE - ok
    10:43:35.0265 5800 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:43:35.0265 5800 NetDDEdsdm - ok
    10:43:35.0312 5800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:43:35.0312 5800 Netlogon - ok
    10:43:35.0328 5800 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    10:43:35.0328 5800 Netman - ok
    10:43:35.0375 5800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    10:43:35.0421 5800 NetTcpPortSharing - ok
    10:43:35.0453 5800 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:43:35.0453 5800 Nla - ok
    10:43:35.0515 5800 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:43:35.0515 5800 Npfs - ok
    10:43:35.0562 5800 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:43:35.0578 5800 Ntfs - ok
    10:43:35.0578 5800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:43:35.0578 5800 NtLmSsp - ok
    10:43:35.0640 5800 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:43:35.0640 5800 NtmsSvc - ok
    10:43:35.0656 5800 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:43:35.0656 5800 Null - ok
    10:43:35.0703 5800 [ 0973C0C696780161F4526586D5EAC422 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    10:43:35.0718 5800 NWADI - ok
    10:43:35.0718 5800 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:43:35.0718 5800 NwlnkFlt - ok
    10:43:35.0734 5800 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:43:35.0734 5800 NwlnkFwd - ok
    10:43:35.0750 5800 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    10:43:35.0750 5800 Parport - ok
    10:43:35.0765 5800 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:43:35.0765 5800 PartMgr - ok
    10:43:35.0781 5800 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:43:35.0781 5800 ParVdm - ok
    10:43:35.0812 5800 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
    10:43:35.0812 5800 PCASp50 - ok
    10:43:35.0828 5800 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:43:35.0828 5800 PCI - ok
    10:43:35.0828 5800 PCIDump - ok
    10:43:35.0875 5800 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:43:35.0875 5800 PCIIde - ok
    10:43:35.0890 5800 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:43:35.0890 5800 Pcmcia - ok
    10:43:35.0937 5800 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\WINDOWS\system32\PCTINDIS5.SYS
    10:43:35.0937 5800 PCTINDIS5 - ok
    10:43:35.0937 5800 PDCOMP - ok
    10:43:35.0953 5800 PDFRAME - ok
    10:43:35.0953 5800 PDRELI - ok
    10:43:35.0953 5800 PDRFRAME - ok
    10:43:35.0968 5800 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    10:43:35.0968 5800 perc2 - ok
    10:43:35.0984 5800 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    10:43:35.0984 5800 perc2hib - ok
    10:43:36.0078 5800 [ B8C3C66D19104E23D6D05A391747F23F ] PFNet C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    10:43:36.0093 5800 PFNet - ok
    10:43:36.0109 5800 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    10:43:36.0109 5800 PlugPlay - ok
    10:43:36.0125 5800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:43:36.0125 5800 PolicyAgent - ok
    10:43:36.0171 5800 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:43:36.0171 5800 PptpMiniport - ok
    10:43:36.0171 5800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:43:36.0187 5800 ProtectedStorage - ok
    10:43:36.0187 5800 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:43:36.0187 5800 PSched - ok
    10:43:36.0281 5800 [ 3596B420E5A2819F18756CC6D0E7C1B1 ] psqlWGE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    10:43:36.0281 5800 psqlWGE - ok
    10:43:36.0328 5800 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:43:36.0328 5800 Ptilink - ok
    10:43:36.0390 5800 [ 944F9CA807FE9E1095FA894D5A7B018A ] pwipf6 C:\WINDOWS\system32\DRIVERS\pwipf6.sys
    10:43:36.0390 5800 pwipf6 - ok
    10:43:36.0437 5800 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    10:43:36.0437 5800 PxHelp20 - ok
    10:43:36.0531 5800 [ E69CFDBCF71B95AB663D67280D763999 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    10:43:36.0531 5800 QBCFMonitorService - ok
    10:43:36.0546 5800 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    10:43:36.0546 5800 QBFCService - ok
    10:43:36.0562 5800 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    10:43:36.0562 5800 ql1080 - ok
    10:43:36.0562 5800 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    10:43:36.0562 5800 Ql10wnt - ok
    10:43:36.0609 5800 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    10:43:36.0609 5800 ql12160 - ok
    10:43:36.0609 5800 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    10:43:36.0625 5800 ql1240 - ok
    10:43:36.0625 5800 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    10:43:36.0625 5800 ql1280 - ok
    10:43:36.0703 5800 QuickBooksDB19 - ok
    10:43:36.0718 5800 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:43:36.0718 5800 RasAcd - ok
    10:43:36.0765 5800 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:43:36.0765 5800 RasAuto - ok
    10:43:36.0781 5800 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:43:36.0781 5800 Rasl2tp - ok
    10:43:36.0796 5800 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:43:36.0812 5800 RasMan - ok
    10:43:36.0812 5800 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:43:36.0812 5800 RasPppoe - ok
    10:43:36.0859 5800 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:43:36.0859 5800 Raspti - ok
    10:43:36.0859 5800 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:43:36.0875 5800 Rdbss - ok
    10:43:36.0875 5800 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:43:36.0875 5800 RDPCDD - ok
    10:43:36.0937 5800 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:43:36.0937 5800 rdpdr - ok
    10:43:36.0953 5800 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:43:36.0953 5800 RDPWD - ok
    10:43:37.0015 5800 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:43:37.0015 5800 RDSessMgr - ok
    10:43:37.0093 5800 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    10:43:37.0093 5800 RealNetworks Downloader Resolver Service - ok
    10:43:37.0140 5800 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:43:37.0140 5800 redbook - ok
    10:43:37.0187 5800 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:43:37.0187 5800 RemoteAccess - ok
    10:43:37.0203 5800 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    10:43:37.0203 5800 RemoteRegistry - ok
    10:43:37.0250 5800 [ BBCE96557881586683611C561FB06269 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    10:43:37.0250 5800 RimUsb - ok
    10:43:37.0265 5800 [ C4F4FCD5AE48BDD31648981DDF8EF993 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    10:43:37.0265 5800 RimVSerPort - ok
    10:43:37.0281 5800 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    10:43:37.0281 5800 ROOTMODEM - ok
    10:43:37.0328 5800 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:43:37.0328 5800 RpcLocator - ok
    10:43:37.0343 5800 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    10:43:37.0359 5800 RpcSs - ok
    10:43:37.0375 5800 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:43:37.0375 5800 RSVP - ok
    10:43:37.0406 5800 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    10:43:37.0406 5800 RTLE8023xp - ok
    10:43:37.0437 5800 [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
    10:43:37.0453 5800 RTLVLAN - ok
    10:43:37.0515 5800 [ 54B9105D4608042767495FF25DCA2A3A ] Sage 50 SmartPosting 2013 C:\Program Files\Sage Software\Peachtree\SmartPostingService2013.exe
    10:43:37.0625 5800 Sage 50 SmartPosting 2013 - ok
    10:43:37.0640 5800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:43:37.0640 5800 SamSs - ok
    10:43:37.0687 5800 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:43:37.0687 5800 SCardSvr - ok
    10:43:37.0703 5800 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:43:37.0703 5800 Schedule - ok
    10:43:37.0750 5800 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:43:37.0750 5800 Secdrv - ok
    10:43:37.0765 5800 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:43:37.0781 5800 seclogon - ok
    10:43:37.0781 5800 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    10:43:37.0781 5800 SENS - ok
    10:43:37.0796 5800 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:43:37.0796 5800 Serenum - ok
    10:43:37.0812 5800 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:43:37.0812 5800 Serial - ok
    10:43:37.0828 5800 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:43:37.0828 5800 Sfloppy - ok
    10:43:37.0875 5800 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:43:37.0875 5800 SharedAccess - ok
    10:43:37.0921 5800 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:43:37.0921 5800 ShellHWDetection - ok
    10:43:37.0921 5800 Simbad - ok
    10:43:37.0968 5800 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    10:43:37.0968 5800 sisagp - ok
    10:43:38.0203 5800 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    10:43:38.0296 5800 Skype C2C Service - ok
    10:43:38.0343 5800 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:43:38.0359 5800 SkypeUpdate - ok
    10:43:38.0375 5800 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    10:43:38.0375 5800 SLIP - ok
    10:43:38.0406 5800 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    10:43:38.0406 5800 Sparrow - ok
    10:43:38.0437 5800 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:43:38.0437 5800 splitter - ok
    10:43:38.0484 5800 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:43:38.0500 5800 Spooler - ok
    10:43:38.0578 5800 [ 16F856310B21685121CAAAA92D84FE09 ] SprintRcAppSvc C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    10:43:38.0593 5800 SprintRcAppSvc - ok
    10:43:38.0625 5800 sprtsvc_dellsupportcenter - ok
    10:43:38.0656 5800 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:43:38.0656 5800 sr - ok
    10:43:38.0703 5800 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:43:38.0703 5800 srservice - ok
    10:43:38.0734 5800 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:43:38.0734 5800 Srv - ok
    10:43:38.0765 5800 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:43:38.0765 5800 SSDPSRV - ok
    10:43:38.0828 5800 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    10:43:38.0828 5800 ssmdrv - ok
    10:43:38.0875 5800 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:43:38.0890 5800 stisvc - ok
    10:43:38.0937 5800 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    10:43:38.0937 5800 stllssvr - ok
    10:43:38.0968 5800 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    10:43:38.0968 5800 streamip - ok
    10:43:39.0015 5800 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:43:39.0015 5800 swenum - ok
    10:43:39.0046 5800 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:43:39.0046 5800 swmidi - ok
    10:43:39.0093 5800 [ EDA7336CD2E334B4DB321BC60B7DA11E ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
    10:43:39.0093 5800 swmsflt - ok
    10:43:39.0109 5800 SwPrv - ok
    10:43:39.0156 5800 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    10:43:39.0156 5800 symc810 - ok
    10:43:39.0187 5800 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    10:43:39.0187 5800 symc8xx - ok
    10:43:39.0203 5800 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    10:43:39.0203 5800 sym_hi - ok
    10:43:39.0203 5800 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    10:43:39.0203 5800 sym_u3 - ok
    10:43:39.0218 5800 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:43:39.0218 5800 sysaudio - ok
    10:43:39.0265 5800 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:43:39.0265 5800 SysmonLog - ok
    10:43:39.0312 5800 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:43:39.0328 5800 TapiSrv - ok
    10:43:39.0375 5800 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:43:39.0375 5800 Tcpip - ok
    10:43:39.0421 5800 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
    10:43:39.0421 5800 tcpipBM - ok
    10:43:39.0453 5800 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:43:39.0468 5800 TDPIPE - ok
    10:43:39.0515 5800 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:43:39.0515 5800 TDTCP - ok
    10:43:39.0578 5800 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:43:39.0578 5800 TermDD - ok
    10:43:39.0640 5800 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    10:43:39.0687 5800 TermService - ok
    10:43:39.0750 5800 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:43:39.0765 5800 Themes - ok
    10:43:39.0812 5800 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    10:43:39.0828 5800 TlntSvr - ok
    10:43:39.0843 5800 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    10:43:39.0843 5800 TosIde - ok
    10:43:39.0875 5800 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:43:39.0875 5800 TrkWks - ok
    10:43:39.0875 5800 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:43:39.0890 5800 Udfs - ok
    10:43:39.0906 5800 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    10:43:39.0906 5800 ultra - ok
    10:43:39.0921 5800 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    10:43:39.0937 5800 Update - ok
    10:43:39.0984 5800 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:43:39.0984 5800 upnphost - ok
    10:43:40.0000 5800 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    10:43:40.0000 5800 UPS - ok
    10:43:40.0046 5800 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    10:43:40.0046 5800 usbaudio - ok
    10:43:40.0093 5800 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:43:40.0093 5800 usbccgp - ok
    10:43:40.0109 5800 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:43:40.0109 5800 usbehci - ok
    10:43:40.0156 5800 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:43:40.0156 5800 usbhub - ok
    10:43:40.0203 5800 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:43:40.0203 5800 usbprint - ok
    10:43:40.0250 5800 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    10:43:40.0250 5800 usbscan - ok
    10:43:40.0296 5800 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:43:40.0296 5800 USBSTOR - ok
    10:43:40.0296 5800 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:43:40.0296 5800 usbuhci - ok
    10:43:40.0312 5800 [ 813236B1183CFCF289E367BD5DE6E29E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    10:43:40.0312 5800 usbvideo - ok
    10:43:40.0359 5800 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:43:40.0359 5800 VgaSave - ok
    10:43:40.0406 5800 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    10:43:40.0406 5800 viaagp - ok
    10:43:40.0421 5800 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    10:43:40.0437 5800 ViaIde - ok
    10:43:40.0453 5800 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:43:40.0453 5800 VolSnap - ok
    10:43:40.0484 5800 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    10:43:40.0484 5800 VSS - ok
    10:43:40.0500 5800 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    10:43:40.0500 5800 w32time - ok
    10:43:40.0515 5800 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:43:40.0515 5800 Wanarp - ok
    10:43:40.0781 5800 [ 17C40FC988BE24CAE78FE5F03348C7BA ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    10:43:40.0843 5800 WDBackup - ok
    10:43:40.0890 5800 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    10:43:40.0890 5800 WDC_SAM - ok
    10:43:40.0906 5800 [ 1924EC48CC26D0A2C445E03A5592FF7A ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    10:43:40.0906 5800 WDDriveService - ok
    10:43:40.0953 5800 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    10:43:40.0953 5800 Wdf01000 - ok
    10:43:40.0968 5800 WDICA - ok
    10:43:41.0000 5800 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:43:41.0000 5800 wdmaud - ok
    10:43:41.0046 5800 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:43:41.0062 5800 WebClient - ok
    10:43:41.0156 5800 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:43:41.0156 5800 winmgmt - ok
    10:43:41.0234 5800 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    10:43:41.0265 5800 WinRM - ok
    10:43:41.0390 5800 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:43:41.0437 5800 wlidsvc - ok
    10:43:41.0468 5800 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    10:43:41.0484 5800 WmdmPmSN - ok
    10:43:41.0546 5800 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    10:43:41.0546 5800 Wmi - ok
    10:43:41.0593 5800 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:43:41.0609 5800 WmiApSrv - ok
    10:43:41.0718 5800 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:43:41.0750 5800 WMPNetworkSvc - ok
    10:43:41.0765 5800 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    10:43:41.0765 5800 WpdUsb - ok
    10:43:41.0921 5800 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:43:41.0937 5800 WPFFontCache_v0400 - ok
    10:43:41.0984 5800 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    10:43:41.0984 5800 WS2IFSL - ok
    10:43:42.0031 5800 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:43:42.0031 5800 wscsvc - ok
    10:43:42.0046 5800 WSearch - ok
    10:43:42.0093 5800 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    10:43:42.0093 5800 WSTCODEC - ok
    10:43:42.0125 5800 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:43:42.0125 5800 wuauserv - ok
    10:43:42.0187 5800 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:43:42.0187 5800 WudfPf - ok
    10:43:42.0203 5800 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:43:42.0203 5800 WudfRd - ok
    10:43:42.0218 5800 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    10:43:42.0218 5800 WudfSvc - ok
    10:43:42.0265 5800 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:43:42.0296 5800 WZCSVC - ok
    10:43:42.0328 5800 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:43:42.0328 5800 xmlprov - ok
    10:43:42.0328 5800 ================ Scan global ===============================
    10:43:42.0375 5800 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    10:43:42.0453 5800 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    10:43:42.0468 5800 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    10:43:42.0484 5800 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    10:43:42.0484 5800 [Global] - ok
    10:43:42.0484 5800 ================ Scan MBR ==================================
    10:43:42.0500 5800 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    10:43:42.0687 5800 \Device\Harddisk0\DR0 - ok
    10:43:42.0687 5800 ================ Scan VBR ==================================
    10:43:42.0703 5800 [ 45016D75A3951123128D0C19F5FB439F ] \Device\Harddisk0\DR0\Partition1
    10:43:42.0703 5800 \Device\Harddisk0\DR0\Partition1 - ok
    10:43:42.0703 5800 ============================================================
    10:43:42.0703 5800 Scan finished
    10:43:42.0703 5800 ============================================================
    10:43:42.0718 8736 Detected object count: 0
    10:43:42.0718 8736 Actual detected object count: 0
    10:43:54.0484 9012 ============================================================
    10:43:54.0484 9012 Scan started
    10:43:54.0484 9012 Mode: Manual;
    10:43:54.0484 9012 ============================================================
    10:43:54.0703 9012 ================ Scan system memory ========================
    10:43:54.0718 9012 System memory - ok
    10:43:54.0718 9012 ================ Scan services =============================
    10:43:54.0812 9012 Abiosdsk - ok
    10:43:54.0859 9012 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    10:43:54.0859 9012 abp480n5 - ok
    10:43:54.0875 9012 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:43:54.0875 9012 ACPI - ok
    10:43:54.0875 9012 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:43:54.0875 9012 ACPIEC - ok
    10:43:54.0937 9012 [ 7C7E868E1D8096ED08D80FF7712BB9D8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:43:54.0937 9012 AdobeFlashPlayerUpdateSvc - ok
    10:43:54.0984 9012 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    10:43:54.0984 9012 adpu160m - ok
    10:43:55.0031 9012 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:43:55.0031 9012 aec - ok
    10:43:55.0078 9012 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:43:55.0078 9012 AFD - ok
    10:43:55.0093 9012 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    10:43:55.0093 9012 agp440 - ok
    10:43:55.0109 9012 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    10:43:55.0109 9012 agpCPQ - ok
    10:43:55.0109 9012 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    10:43:55.0109 9012 Aha154x - ok
    10:43:55.0125 9012 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    10:43:55.0125 9012 aic78u2 - ok
    10:43:55.0171 9012 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    10:43:55.0171 9012 aic78xx - ok
    10:43:55.0218 9012 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:43:55.0218 9012 Alerter - ok
    10:43:55.0234 9012 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    10:43:55.0234 9012 ALG - ok
    10:43:55.0234 9012 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    10:43:55.0234 9012 AliIde - ok
    10:43:55.0250 9012 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    10:43:55.0250 9012 alim1541 - ok
    10:43:55.0265 9012 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    10:43:55.0265 9012 amdagp - ok
    10:43:55.0296 9012 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    10:43:55.0296 9012 amsint - ok
    10:43:55.0468 9012 [ 4D282B9C5BB05DF92C9F3977DFB9F916 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    10:43:55.0468 9012 AntiVirSchedulerService - ok
    10:43:55.0531 9012 [ 65AF41A7A2C5B6693E1B4164E7632C3E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    10:43:55.0531 9012 AntiVirService - ok
    10:43:55.0578 9012 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    10:43:55.0578 9012 AppMgmt - ok
    10:43:55.0625 9012 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    10:43:55.0625 9012 asc - ok
    10:43:55.0671 9012 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    10:43:55.0671 9012 asc3350p - ok
    10:43:55.0687 9012 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    10:43:55.0687 9012 asc3550 - ok
    10:43:55.0781 9012 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    10:43:55.0781 9012 aspnet_state - ok
    10:43:55.0796 9012 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:43:55.0796 9012 AsyncMac - ok
    10:43:55.0812 9012 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:43:55.0812 9012 atapi - ok
    10:43:55.0828 9012 Atdisk - ok
    10:43:55.0828 9012 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:43:55.0828 9012 Atmarpc - ok
    10:43:55.0875 9012 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:43:55.0890 9012 AudioSrv - ok
    10:43:55.0890 9012 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:43:55.0890 9012 audstub - ok
    10:43:55.0937 9012 [ B8C10FF9369394EB84993F331810CF29 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    10:43:55.0937 9012 avgntflt - ok
    10:43:56.0000 9012 [ 4189E5AB2CAD6F395D87DAAE73EB090F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    10:43:56.0000 9012 avipbb - ok
    10:43:56.0046 9012 [ D8C712305F73CD34D1B344810E522728 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    10:43:56.0046 9012 avkmgr - ok
    10:43:56.0093 9012 [ F2E8CEFC8CF4D6454F4121C5FF93136A ] BBSvc C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
    10:43:56.0093 9012 BBSvc - ok
    10:43:56.0156 9012 [ 6E1BCC590C9D30FEE8FC14DBD053CE94 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
    10:43:56.0156 9012 BBUpdate - ok
    10:43:56.0203 9012 [ 85343BE7B985D3D7CD517F5D95766AEC ] bckd C:\WINDOWS\system32\drivers\bckd.sys
    10:43:56.0203 9012 bckd - ok
    10:43:56.0265 9012 [ D1F8FB2CD836F16422AC8E05892BAD5A ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    10:43:56.0281 9012 bckwfs - ok
    10:43:56.0343 9012 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:43:56.0343 9012 Beep - ok
    10:43:56.0390 9012 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:43:56.0406 9012 BITS - ok
    10:43:56.0531 9012 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    10:43:56.0531 9012 Blackberry Device Manager - ok
    10:43:56.0578 9012 [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt C:\WINDOWS\system32\Drivers\Brfilt.sys
    10:43:56.0578 9012 brfilt - ok
    10:43:56.0593 9012 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    10:43:56.0593 9012 Browser - ok
    10:43:56.0640 9012 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    10:43:56.0640 9012 BrScnUsb - ok
    10:43:56.0687 9012 [ 3A9D55D28F61749A4564AFD1D660C050 ] BrSerIf C:\WINDOWS\system32\DRIVERS\BrSerIf.sys
    10:43:56.0687 9012 BrSerIf - ok
    10:43:56.0703 9012 [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    10:43:56.0703 9012 BrSerWDM - ok
    10:43:56.0718 9012 [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
    10:43:56.0718 9012 BrUsbMdm - ok
    10:43:56.0734 9012 [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn C:\WINDOWS\system32\Drivers\BrUsbScn.sys
    10:43:56.0734 9012 BrUsbScn - ok
    10:43:56.0750 9012 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys
    10:43:56.0750 9012 BrUsbSer - ok
    10:43:56.0765 9012 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    10:43:56.0765 9012 cbidf - ok
    10:43:56.0765 9012 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:43:56.0765 9012 cbidf2k - ok
    10:43:56.0828 9012 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    10:43:56.0828 9012 CCDECODE - ok
    10:43:56.0828 9012 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    10:43:56.0828 9012 cd20xrnt - ok
    10:43:56.0843 9012 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:43:56.0843 9012 Cdaudio - ok
    10:43:56.0859 9012 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:43:56.0859 9012 Cdfs - ok
    10:43:56.0906 9012 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:43:56.0906 9012 Cdrom - ok
    10:43:56.0906 9012 Changer - ok
    10:43:56.0953 9012 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:43:56.0953 9012 CiSvc - ok
    10:43:56.0968 9012 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:43:56.0968 9012 ClipSrv - ok
    10:43:57.0062 9012 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:43:57.0062 9012 clr_optimization_v2.0.50727_32 - ok
    10:43:57.0109 9012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:43:57.0109 9012 clr_optimization_v4.0.30319_32 - ok
    10:43:57.0171 9012 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    10:43:57.0171 9012 CmdIde - ok
    10:43:57.0171 9012 COMSysApp - ok
    10:43:57.0187 9012 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    10:43:57.0187 9012 Cpqarray - ok
    10:43:57.0234 9012 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:43:57.0234 9012 CryptSvc - ok
    10:43:57.0265 9012 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    10:43:57.0265 9012 dac2w2k - ok
    10:43:57.0281 9012 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    10:43:57.0281 9012 dac960nt - ok
    10:43:57.0296 9012 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:43:57.0312 9012 DcomLaunch - ok
    10:43:57.0359 9012 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:43:57.0359 9012 Dhcp - ok
    10:43:57.0406 9012 [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
    10:43:57.0406 9012 Diag69xp - ok
    10:43:57.0453 9012 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:43:57.0453 9012 Disk - ok
    10:43:57.0468 9012 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    10:43:57.0468 9012 DLABMFSM - ok
    10:43:57.0500 9012 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    10:43:57.0500 9012 DLABOIOM - ok
    10:43:57.0500 9012 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    10:43:57.0500 9012 DLACDBHM - ok
    10:43:57.0500 9012 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
    10:43:57.0500 9012 DLADResM - ok
    10:43:57.0515 9012 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    10:43:57.0515 9012 DLAIFS_M - ok
    10:43:57.0531 9012 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    10:43:57.0531 9012 DLAOPIOM - ok
    10:43:57.0531 9012 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    10:43:57.0531 9012 DLAPoolM - ok
    10:43:57.0546 9012 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    10:43:57.0546 9012 DLARTL_M - ok
    10:43:57.0546 9012 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    10:43:57.0546 9012 DLAUDFAM - ok
    10:43:57.0562 9012 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    10:43:57.0562 9012 DLAUDF_M - ok
    10:43:57.0562 9012 dmadmin - ok
    10:43:57.0593 9012 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:43:57.0593 9012 dmboot - ok
    10:43:57.0609 9012 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:43:57.0609 9012 dmio - ok
    10:43:57.0625 9012 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:43:57.0625 9012 dmload - ok
    10:43:57.0656 9012 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:43:57.0671 9012 dmserver - ok
    10:43:57.0671 9012 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:43:57.0671 9012 DMusic - ok
    10:43:57.0718 9012 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:43:57.0718 9012 Dnscache - ok
    10:43:57.0734 9012 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:43:57.0734 9012 Dot3svc - ok
    10:43:57.0781 9012 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
    10:43:57.0781 9012 dot4 - ok
    10:43:57.0828 9012 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    10:43:57.0828 9012 Dot4Print - ok
    10:43:57.0875 9012 [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
    10:43:57.0875 9012 Dot4Scan - ok
    10:43:57.0890 9012 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    10:43:57.0890 9012 dot4usb - ok
    10:43:57.0921 9012 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    10:43:57.0921 9012 dpti2o - ok
    10:43:57.0968 9012 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:43:57.0968 9012 drmkaud - ok
    10:43:58.0015 9012 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    10:43:58.0015 9012 DRVMCDB - ok
    10:43:58.0031 9012 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    10:43:58.0031 9012 DRVNDDM - ok
    10:43:58.0078 9012 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:43:58.0078 9012 EapHost - ok
    10:43:58.0093 9012 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:43:58.0093 9012 ERSvc - ok
    10:43:58.0140 9012 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    10:43:58.0140 9012 Eventlog - ok
    10:43:58.0187 9012 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    10:43:58.0187 9012 EventSystem - ok
    10:43:58.0234 9012 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:43:58.0234 9012 Fastfat - ok
    10:43:58.0281 9012 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:43:58.0296 9012 FastUserSwitchingCompatibility - ok
    10:43:58.0343 9012 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    10:43:58.0343 9012 Fax - ok
    10:43:58.0390 9012 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    10:43:58.0390 9012 Fdc - ok
    10:43:58.0406 9012 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:43:58.0406 9012 Fips - ok
    10:43:58.0421 9012 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    10:43:58.0421 9012 Flpydisk - ok
    10:43:58.0437 9012 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    10:43:58.0437 9012 FltMgr - ok
    10:43:58.0515 9012 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:43:58.0515 9012 FontCache3.0.0.0 - ok
    10:43:58.0531 9012 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:43:58.0531 9012 Fs_Rec - ok
    10:43:58.0546 9012 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:43:58.0546 9012 Ftdisk - ok
    10:43:58.0640 9012 [ 8FC1230DBCCEB7016A4F183D4808D335 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    10:43:58.0640 9012 Garmin Core Update Service - ok
    10:43:58.0640 9012 getPlusHelper - ok
    10:43:58.0750 9012 [ DEBE370E7C161EF95D2692064C5E41D6 ] GoToAssist C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe
    10:43:58.0750 9012 GoToAssist - ok
    10:43:58.0781 9012 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:43:58.0781 9012 Gpc - ok
    10:43:58.0812 9012 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    10:43:58.0812 9012 grmnusb - ok
    10:43:58.0875 9012 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:43:58.0875 9012 gupdate - ok
    10:43:58.0875 9012 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:43:58.0875 9012 gupdatem - ok
    10:43:58.0937 9012 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    10:43:58.0937 9012 gusvc - ok
    10:43:58.0953 9012 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    10:43:58.0953 9012 HDAudBus - ok
    10:43:59.0031 9012 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    10:43:59.0031 9012 helpsvc - ok
    10:43:59.0078 9012 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    10:43:59.0078 9012 HidServ - ok
    10:43:59.0093 9012 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:43:59.0093 9012 hidusb - ok
    10:43:59.0140 9012 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:43:59.0140 9012 hkmsvc - ok
    10:43:59.0187 9012 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    10:43:59.0187 9012 hpn - ok
    10:43:59.0234 9012 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:43:59.0234 9012 HTTP - ok
    10:43:59.0296 9012 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:43:59.0296 9012 HTTPFilter - ok
    10:43:59.0343 9012 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    10:43:59.0343 9012 i2omgmt - ok
    10:43:59.0359 9012 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    10:43:59.0359 9012 i2omp - ok
    10:43:59.0468 9012 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    10:43:59.0468 9012 IAANTMON - ok
    10:43:59.0671 9012 [ 2DA364EE62D4949620B6FAE4FFEA16A7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    10:43:59.0718 9012 ialm - ok
    10:43:59.0734 9012 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
    10:43:59.0734 9012 iaStor - ok
    10:43:59.0828 9012 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    10:43:59.0828 9012 IDriverT - ok
    10:43:59.0890 9012 [ A362311AA210A213201ED2F39F2F7291 ] IDriveService C:\Program Files\IDriveWindows\idwservice_501.exe
    10:43:59.0890 9012 IDriveService - ok
    10:44:00.0000 9012 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:44:00.0015 9012 idsvc - ok
    10:44:00.0062 9012 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:44:00.0062 9012 Imapi - ok
    10:44:00.0109 9012 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:44:00.0109 9012 ImapiService - ok
    10:44:00.0156 9012 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    10:44:00.0156 9012 ini910u - ok
    10:44:00.0328 9012 [ 5C8F36CDCB489111B24003AF4DFE1FDC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    10:44:00.0359 9012 IntcAzAudAddService - ok
    10:44:00.0437 9012 [ C9EF68BEE3B1A62F34125A9FBBAAC10C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
    10:44:00.0437 9012 IntcHdmiAddService - ok
    10:44:00.0437 9012 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    10:44:00.0437 9012 IntelIde - ok
    10:44:00.0453 9012 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:44:00.0453 9012 intelppm - ok
    10:44:00.0468 9012 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    10:44:00.0468 9012 Ip6Fw - ok
    10:44:00.0484 9012 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:44:00.0484 9012 IpFilterDriver - ok
    10:44:00.0515 9012 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:44:00.0515 9012 IpInIp - ok
    10:44:00.0531 9012 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:44:00.0531 9012 IpNat - ok
    10:44:00.0546 9012 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:44:00.0546 9012 IPSec - ok
    10:44:00.0562 9012 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:44:00.0562 9012 IRENUM - ok
    10:44:00.0609 9012 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:44:00.0609 9012 isapnp - ok
    10:44:00.0734 9012 [ A5937B2A94424CF1B13A4AD503AF6B2E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:44:00.0734 9012 JavaQuickStarterService - ok
    10:44:00.0781 9012 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:44:00.0781 9012 Kbdclass - ok
    10:44:00.0812 9012 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:44:00.0812 9012 kbdhid - ok
    10:44:00.0828 9012 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:44:00.0828 9012 kmixer - ok
    10:44:00.0859 9012 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:44:00.0859 9012 KSecDD - ok
    10:44:00.0890 9012 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    10:44:00.0890 9012 LanmanServer - ok
    10:44:00.0937 9012 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:44:00.0937 9012 lanmanworkstation - ok
    10:44:00.0984 9012 [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
    10:44:00.0984 9012 LANPkt - ok
    10:44:00.0984 9012 lbrtfdc - ok
    10:44:01.0046 9012 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:44:01.0046 9012 LmHosts - ok
    10:44:01.0156 9012 [ A7D7F4A1DAB8D880762C13638A301B84 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    10:44:01.0156 9012 LMIGuardianSvc - ok
    10:44:01.0203 9012 [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] LMIInfo C:\Program Files\LogMeIn\x86\rainfo.sys
    10:44:01.0203 9012 LMIInfo - ok
    10:44:01.0234 9012 [ CA375728BB9A332CE7FD52762499A067 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
    10:44:01.0234 9012 LMIMaint - ok
    10:44:01.0281 9012 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    10:44:01.0281 9012 lmimirr - ok
    10:44:01.0281 9012 LMIRfsClientNP - ok
    10:44:01.0296 9012 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    10:44:01.0296 9012 LMIRfsDriver - ok
    10:44:01.0343 9012 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
    10:44:01.0343 9012 LogMeIn - ok
    10:44:01.0390 9012 [ 0C6EA0109CFEDF441F06D031E9A8D1A9 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    10:44:01.0390 9012 MBAMProtector - ok
    10:44:01.0500 9012 [ 0E08BDD7326E657D59DB40BAD23D8169 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    10:44:01.0515 9012 MBAMScheduler - ok
    10:44:01.0562 9012 [ A8E7F3DB083EB0839DFC1C763CDD2594 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    10:44:01.0562 9012 MBAMService - ok
    10:44:01.0593 9012 [ 661B911FA04E73FB073FF9B1C9BD2E05 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    10:44:01.0593 9012 MBAMSwissArmy - ok
    10:44:01.0625 9012 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:44:01.0625 9012 Messenger - ok
    10:44:01.0625 9012 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
    10:44:01.0625 9012 mf - ok
    10:44:01.0671 9012 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:44:01.0671 9012 mnmdd - ok
    10:44:01.0687 9012 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:44:01.0687 9012 mnmsrvc - ok
    10:44:01.0703 9012 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:44:01.0703 9012 Modem - ok
    10:44:01.0750 9012 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:44:01.0750 9012 Mouclass - ok
    10:44:01.0750 9012 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:44:01.0750 9012 mouhid - ok
    10:44:01.0765 9012 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:44:01.0765 9012 MountMgr - ok
    10:44:01.0843 9012 [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:44:01.0843 9012 MozillaMaintenance - ok
    10:44:01.0875 9012 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    10:44:01.0875 9012 mraid35x - ok
    10:44:01.0890 9012 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:44:01.0890 9012 MRxDAV - ok
    10:44:01.0953 9012 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:44:01.0953 9012 MRxSmb - ok
    10:44:01.0984 9012 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:44:02.0000 9012 MSDTC - ok
    10:44:02.0015 9012 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:44:02.0015 9012 Msfs - ok
    10:44:02.0015 9012 MSIServer - ok
    10:44:02.0031 9012 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:44:02.0031 9012 MSKSSRV - ok
    10:44:02.0062 9012 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:44:02.0062 9012 MSPCLOCK - ok
    10:44:02.0078 9012 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:44:02.0078 9012 MSPQM - ok
    10:44:02.0125 9012 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:44:02.0125 9012 mssmbios - ok
    10:44:02.0171 9012 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    10:44:02.0171 9012 MSTEE - ok
    10:44:02.0203 9012 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:44:02.0203 9012 Mup - ok
    10:44:02.0234 9012 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    10:44:02.0234 9012 NABTSFEC - ok
    10:44:02.0406 9012 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:44:02.0406 9012 napagent - ok
    10:44:02.0453 9012 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:44:02.0468 9012 NDIS - ok
    10:44:02.0500 9012 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    10:44:02.0500 9012 NdisIP - ok
    10:44:02.0546 9012 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:44:02.0546 9012 NdisTapi - ok
    10:44:02.0593 9012 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:44:02.0593 9012 Ndisuio - ok
    10:44:02.0609 9012 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:44:02.0609 9012 NdisWan - ok
    10:44:02.0656 9012 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:44:02.0656 9012 NDProxy - ok
    10:44:02.0671 9012 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:44:02.0671 9012 NetBIOS - ok
    10:44:02.0687 9012 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:44:02.0687 9012 NetBT - ok
    10:44:02.0750 9012 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:44:02.0750 9012 NetDDE - ok
    10:44:02.0750 9012 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:44:02.0750 9012 NetDDEdsdm - ok
    10:44:02.0812 9012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:44:02.0812 9012 Netlogon - ok
    10:44:02.0828 9012 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    10:44:02.0828 9012 Netman - ok
    10:44:02.0890 9012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    10:44:02.0890 9012 NetTcpPortSharing - ok
    10:44:02.0906 9012 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:44:02.0906 9012 Nla - ok
    10:44:02.0968 9012 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:44:02.0968 9012 Npfs - ok
    10:44:03.0015 9012 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:44:03.0031 9012 Ntfs - ok
    10:44:03.0031 9012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:44:03.0031 9012 NtLmSsp - ok
    10:44:03.0078 9012 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:44:03.0093 9012 NtmsSvc - ok
    10:44:03.0125 9012 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:44:03.0125 9012 Null - ok
    10:44:03.0187 9012 [ 0973C0C696780161F4526586D5EAC422 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    10:44:03.0187 9012 NWADI - ok
    10:44:03.0187 9012 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:44:03.0187 9012 NwlnkFlt - ok
    10:44:03.0203 9012 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:44:03.0203 9012 NwlnkFwd - ok
    10:44:03.0250 9012 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    10:44:03.0250 9012 Parport - ok
    10:44:03.0265 9012 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:44:03.0265 9012 PartMgr - ok
    10:44:03.0296 9012 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:44:03.0296 9012 ParVdm - ok
    10:44:03.0312 9012 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
    10:44:03.0312 9012 PCASp50 - ok
    10:44:03.0375 9012 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:44:03.0375 9012 PCI - ok
    10:44:03.0375 9012 PCIDump - ok
    10:44:03.0421 9012 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:44:03.0421 9012 PCIIde - ok
    10:44:03.0437 9012 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:44:03.0437 9012 Pcmcia - ok
    10:44:03.0484 9012 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\WINDOWS\system32\PCTINDIS5.SYS
    10:44:03.0484 9012 PCTINDIS5 - ok
    10:44:03.0484 9012 PDCOMP - ok
    10:44:03.0500 9012 PDFRAME - ok
    10:44:03.0500 9012 PDRELI - ok
    10:44:03.0500 9012 PDRFRAME - ok
    10:44:03.0531 9012 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    10:44:03.0531 9012 perc2 - ok
    10:44:03.0578 9012 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    10:44:03.0578 9012 perc2hib - ok
    10:44:03.0687 9012 [ B8C3C66D19104E23D6D05A391747F23F ] PFNet C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    10:44:03.0687 9012 PFNet - ok
    10:44:03.0703 9012 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    10:44:03.0718 9012 PlugPlay - ok
    10:44:03.0734 9012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:44:03.0734 9012 PolicyAgent - ok
    10:44:03.0781 9012 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:44:03.0781 9012 PptpMiniport - ok
    10:44:03.0781 9012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:44:03.0781 9012 ProtectedStorage - ok
    10:44:03.0796 9012 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:44:03.0796 9012 PSched - ok
    10:44:03.0875 9012 [ 3596B420E5A2819F18756CC6D0E7C1B1 ] psqlWGE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    10:44:03.0890 9012 psqlWGE - ok
    10:44:03.0906 9012 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:44:03.0906 9012 Ptilink - ok
    10:44:03.0953 9012 [ 944F9CA807FE9E1095FA894D5A7B018A ] pwipf6 C:\WINDOWS\system32\DRIVERS\pwipf6.sys
    10:44:03.0953 9012 pwipf6 - ok
    10:44:04.0000 9012 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    10:44:04.0000 9012 PxHelp20 - ok
    10:44:04.0093 9012 [ E69CFDBCF71B95AB663D67280D763999 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    10:44:04.0093 9012 QBCFMonitorService - ok
    10:44:04.0109 9012 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    10:44:04.0125 9012 QBFCService - ok
    10:44:04.0125 9012 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    10:44:04.0125 9012 ql1080 - ok
    10:44:04.0140 9012 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    10:44:04.0140 9012 Ql10wnt - ok
    10:44:04.0187 9012 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    10:44:04.0187 9012 ql12160 - ok
    10:44:04.0187 9012 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    10:44:04.0187 9012 ql1240 - ok
    10:44:04.0203 9012 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    10:44:04.0203 9012 ql1280 - ok
    10:44:04.0281 9012 QuickBooksDB19 - ok
    10:44:04.0296 9012 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:44:04.0296 9012 RasAcd - ok
    10:44:04.0328 9012 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:44:04.0328 9012 RasAuto - ok
    10:44:04.0343 9012 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:44:04.0343 9012 Rasl2tp - ok
    10:44:04.0359 9012 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:44:04.0359 9012 RasMan - ok
    10:44:04.0375 9012 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:44:04.0375 9012 RasPppoe - ok
    10:44:04.0421 9012 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:44:04.0421 9012 Raspti - ok
    10:44:04.0421 9012 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:44:04.0437 9012 Rdbss - ok
    10:44:04.0437 9012 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:44:04.0437 9012 RDPCDD - ok
    10:44:04.0500 9012 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:44:04.0500 9012 rdpdr - ok
    10:44:04.0531 9012 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:44:04.0531 9012 RDPWD - ok
    10:44:04.0578 9012 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:44:04.0578 9012 RDSessMgr - ok
    10:44:04.0640 9012 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    10:44:04.0640 9012 RealNetworks Downloader Resolver Service - ok
    10:44:04.0687 9012 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:44:04.0687 9012 redbook - ok
    10:44:04.0734 9012 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:44:04.0734 9012 RemoteAccess - ok
    10:44:04.0781 9012 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    10:44:04.0781 9012 RemoteRegistry - ok
    10:44:04.0828 9012 [ BBCE96557881586683611C561FB06269 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    10:44:04.0828 9012 RimUsb - ok
    10:44:04.0843 9012 [ C4F4FCD5AE48BDD31648981DDF8EF993 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    10:44:04.0843 9012 RimVSerPort - ok
    10:44:04.0859 9012 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    10:44:04.0875 9012 ROOTMODEM - ok
    10:44:04.0921 9012 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:44:04.0921 9012 RpcLocator - ok
    10:44:04.0937 9012 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    10:44:04.0937 9012 RpcSs - ok
    10:44:04.0984 9012 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:44:05.0000 9012 RSVP - ok
    10:44:05.0078 9012 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    10:44:05.0078 9012 RTLE8023xp - ok
    10:44:05.0156 9012 [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
    10:44:05.0156 9012 RTLVLAN - ok
    10:44:05.0437 9012 [ 54B9105D4608042767495FF25DCA2A3A ] Sage 50 SmartPosting 2013 C:\Program Files\Sage Software\Peachtree\SmartPostingService2013.exe
    10:44:05.0437 9012 Sage 50 SmartPosting 2013 - ok
    10:44:05.0453 9012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:44:05.0453 9012 SamSs - ok
    10:44:05.0468 9012 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:44:05.0468 9012 SCardSvr - ok
    10:44:05.0515 9012 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:44:05.0515 9012 Schedule - ok
    10:44:05.0546 9012 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:44:05.0546 9012 Secdrv - ok
    10:44:05.0578 9012 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:44:05.0578 9012 seclogon - ok
    10:44:05.0593 9012 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    10:44:05.0593 9012 SENS - ok
    10:44:05.0609 9012 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:44:05.0609 9012 Serenum - ok
    10:44:05.0609 9012 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:44:05.0609 9012 Serial - ok
    10:44:05.0625 9012 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:44:05.0625 9012 Sfloppy - ok
    10:44:05.0687 9012 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:44:05.0687 9012 SharedAccess - ok
    10:44:05.0734 9012 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:44:05.0734 9012 ShellHWDetection - ok
    10:44:05.0750 9012 Simbad - ok
    10:44:05.0750 9012 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    10:44:05.0750 9012 sisagp - ok
    10:44:06.0000 9012 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    10:44:06.0015 9012 Skype C2C Service - ok
    10:44:06.0078 9012 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:44:06.0078 9012 SkypeUpdate - ok
    10:44:06.0125 9012 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    10:44:06.0125 9012 SLIP - ok
    10:44:06.0140 9012 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    10:44:06.0140 9012 Sparrow - ok
    10:44:06.0187 9012 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:44:06.0187 9012 splitter - ok
    10:44:06.0234 9012 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:44:06.0234 9012 Spooler - ok
    10:44:06.0328 9012 [ 16F856310B21685121CAAAA92D84FE09 ] SprintRcAppSvc C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    10:44:06.0328 9012 SprintRcAppSvc - ok
    10:44:06.0328 9012 sprtsvc_dellsupportcenter - ok
    10:44:06.0359 9012 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:44:06.0359 9012 sr - ok
    10:44:06.0406 9012 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:44:06.0406 9012 srservice - ok
    10:44:06.0437 9012 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:44:06.0437 9012 Srv - ok
    10:44:06.0468 9012 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:44:06.0468 9012 SSDPSRV - ok
    10:44:06.0515 9012 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    10:44:06.0515 9012 ssmdrv - ok
    10:44:06.0562 9012 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:44:06.0578 9012 stisvc - ok
    10:44:06.0609 9012 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    10:44:06.0609 9012 stllssvr - ok
    10:44:06.0656 9012 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    10:44:06.0656 9012 streamip - ok
    10:44:06.0703 9012 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:44:06.0703 9012 swenum - ok
    10:44:06.0750 9012 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:44:06.0750 9012 swmidi - ok
    10:44:06.0796 9012 [ EDA7336CD2E334B4DB321BC60B7DA11E ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
    10:44:06.0796 9012 swmsflt - ok
    10:44:06.0796 9012 SwPrv - ok
    10:44:06.0843 9012 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    10:44:06.0843 9012 symc810 - ok
    10:44:06.0875 9012 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    10:44:06.0875 9012 symc8xx - ok
    10:44:06.0890 9012 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    10:44:06.0890 9012 sym_hi - ok
    10:44:06.0890 9012 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    10:44:06.0890 9012 sym_u3 - ok
    10:44:06.0906 9012 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:44:06.0906 9012 sysaudio - ok
    10:44:06.0953 9012 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:44:06.0953 9012 SysmonLog - ok
    10:44:07.0000 9012 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:44:07.0000 9012 TapiSrv - ok
    10:44:07.0046 9012 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:44:07.0062 9012 Tcpip - ok
    10:44:07.0109 9012 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
    10:44:07.0109 9012 tcpipBM - ok
    10:44:07.0156 9012 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:44:07.0156 9012 TDPIPE - ok
    10:44:07.0171 9012 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:44:07.0171 9012 TDTCP - ok
    10:44:07.0218 9012 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:44:07.0218 9012 TermDD - ok
    10:44:07.0234 9012 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    10:44:07.0234 9012 TermService - ok
    10:44:07.0250 9012 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:44:07.0250 9012 Themes - ok
    10:44:07.0265 9012 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    10:44:07.0265 9012 TlntSvr - ok
    10:44:07.0281 9012 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    10:44:07.0296 9012 TosIde - ok
    10:44:07.0312 9012 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:44:07.0312 9012 TrkWks - ok
    10:44:07.0359 9012 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:44:07.0359 9012 Udfs - ok
    10:44:07.0375 9012 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    10:44:07.0375 9012 ultra - ok
    10:44:07.0406 9012 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    10:44:07.0406 9012 Update - ok
    10:44:07.0453 9012 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:44:07.0453 9012 upnphost - ok
    10:44:07.0500 9012 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    10:44:07.0500 9012 UPS - ok
    10:44:07.0546 9012 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    10:44:07.0546 9012 usbaudio - ok
    10:44:07.0593 9012 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:44:07.0593 9012 usbccgp - ok
    10:44:07.0593 9012 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:44:07.0593 9012 usbehci - ok
    10:44:07.0640 9012 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:44:07.0656 9012 usbhub - ok
    10:44:07.0687 9012 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:44:07.0687 9012 usbprint - ok
    10:44:07.0750 9012 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    10:44:07.0750 9012 usbscan - ok
    10:44:07.0796 9012 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:44:07.0796 9012 USBSTOR - ok
    10:44:07.0796 9012 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:44:07.0796 9012 usbuhci - ok
    10:44:07.0812 9012 [ 813236B1183CFCF289E367BD5DE6E29E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    10:44:07.0812 9012 usbvideo - ok
    10:44:07.0875 9012 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:44:07.0875 9012 VgaSave - ok
    10:44:07.0906 9012 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    10:44:07.0906 9012 viaagp - ok
    10:44:07.0937 9012 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    10:44:07.0937 9012 ViaIde - ok
    10:44:07.0984 9012 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:44:07.0984 9012 VolSnap - ok
    10:44:08.0000 9012 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    10:44:08.0000 9012 VSS - ok
    10:44:08.0046 9012 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    10:44:08.0046 9012 w32time - ok
    10:44:08.0062 9012 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:44:08.0062 9012 Wanarp - ok
    10:44:08.0187 9012 [ 17C40FC988BE24CAE78FE5F03348C7BA ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    10:44:08.0203 9012 WDBackup - ok
    10:44:08.0250 9012 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    10:44:08.0250 9012 WDC_SAM - ok
    10:44:08.0296 9012 [ 1924EC48CC26D0A2C445E03A5592FF7A ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    10:44:08.0296 9012 WDDriveService - ok
    10:44:08.0343 9012 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    10:44:08.0359 9012 Wdf01000 - ok
    10:44:08.0359 9012 WDICA - ok
    10:44:08.0390 9012 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:44:08.0390 9012 wdmaud - ok
    10:44:08.0453 9012 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:44:08.0453 9012 WebClient - ok
    10:44:08.0546 9012 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:44:08.0546 9012 winmgmt - ok
    10:44:08.0609 9012 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    10:44:08.0625 9012 WinRM - ok
    10:44:08.0734 9012 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:44:08.0750 9012 wlidsvc - ok
    10:44:08.0796 9012 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    10:44:08.0796 9012 WmdmPmSN - ok
    10:44:08.0859 9012 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    10:44:08.0859 9012 Wmi - ok
    10:44:08.0921 9012 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:44:08.0921 9012 WmiApSrv - ok
    10:44:09.0031 9012 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:44:09.0046 9012 WMPNetworkSvc - ok
    10:44:09.0078 9012 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    10:44:09.0078 9012 WpdUsb - ok
    10:44:09.0218 9012 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:44:09.0234 9012 WPFFontCache_v0400 - ok
    10:44:09.0281 9012 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    10:44:09.0281 9012 WS2IFSL - ok
    10:44:09.0296 9012 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:44:09.0296 9012 wscsvc - ok
    10:44:09.0296 9012 WSearch - ok
    10:44:09.0343 9012 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    10:44:09.0343 9012 WSTCODEC - ok
    10:44:09.0359 9012 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:44:09.0359 9012 wuauserv - ok
    10:44:09.0406 9012 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:44:09.0421 9012 WudfPf - ok
    10:44:09.0421 9012 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:44:09.0421 9012 WudfRd - ok
    10:44:09.0437 9012 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    10:44:09.0453 9012 WudfSvc - ok
    10:44:09.0468 9012 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:44:09.0468 9012 WZCSVC - ok
    10:44:09.0484 9012 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:44:09.0484 9012 xmlprov - ok
    10:44:09.0500 9012 ================ Scan global ===============================
    10:44:09.0546 9012 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    10:44:09.0593 9012 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    10:44:09.0609 9012 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    10:44:09.0625 9012 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    10:44:09.0625 9012 [Global] - ok
    10:44:09.0625 9012 ================ Scan MBR ==================================
    10:44:09.0656 9012 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    10:44:09.0843 9012 \Device\Harddisk0\DR0 - ok
    10:44:09.0843 9012 ================ Scan VBR ==================================
    10:44:09.0843 9012 [ 45016D75A3951123128D0C19F5FB439F ] \Device\Harddisk0\DR0\Partition1
    10:44:09.0843 9012 \Device\Harddisk0\DR0\Partition1 - ok
    10:44:09.0843 9012 ============================================================
    10:44:09.0843 9012 Scan finished
    10:44:09.0843 9012 ============================================================
    10:44:09.0859 9772 Detected object count: 0
    10:44:09.0859 9772 Actual detected object count: 0
    10:44:23.0281 3584 Deinitialize success

  11. The Following User Says Thank You to ct8559 For This Useful Post:


  12. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    You have some left over orphaned registry entries,
    Lets take care of those left overs:

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
      O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
      O4 - HKU\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [Sage Exchange] "C:\Documents and Settings\Corona\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms" File not found
      [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
      [1 C:\Documents and Settings\Corona\Desktop\*.tmp files -> C:\Documents and Settings\Corona\Desktop\*.tmp -> ]
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    • Download RogueKiller (by tigzy) on the desktop
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan. Once finished, click on Report


    Please post the contents of the RKreport.txt in your next Reply.

    Please post in your next reply

    1- OTL Fix log.
    2 -New OTL after quick scan.
    3- RKreport[1].txt




    Thanks
    Joe
    Last edited by zep516; 05-10-2014 at 09:49 PM.

  13. #8
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1006.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Sage Exchange deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run not found.
    Registry key HKEY_USERS\S-1-5-21-3961636931-249890527-487916745-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run not found.
    C:\Program Files\GUM26.tmp folder deleted successfully.
    C:\Documents and Settings\Corona\Desktop\nsmail.tmp deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Corona\My Documents\Downloads\cmd.bat deleted successfully.
    C:\Documents and Settings\Corona\My Documents\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Corona
    ->Temp folder emptied: 591191947 bytes
    ->Temporary Internet Files folder emptied: 55441163 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 364299080 bytes
    ->Google Chrome cache emptied: 6174892 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4404 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: GAC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 67925 bytes
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mindy
    ->Temp folder emptied: 16854935 bytes
    ->Temporary Internet Files folder emptied: 7194465 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1012 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: QBDataServiceUser19
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 49632 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1297057346 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80892921 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 83228616 bytes

    Total Files Cleaned = 2,387.00 mb

    Error: Unble to create default HOSTS file!

    OTL by OldTimer - Version 3.2.69.0 log created on 05112014_142943

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temp\JET1EB9.tmp not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\610PdCNtjcL._SL1500_[1].jpg not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\610PdCNtjcL._SX522_[1].jpg not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\61EMqZ+qgWL._SL150_[1].jpg not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\61jTy+GOf2L[1].jpg not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\61N2k4WZpEL._SL1500_[1].jpg not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\cb=gapi[1].loaded_0 not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\icon_twitter[1].gif not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\ie6-8-min[1].js not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\imageBlock-udp-airy-532983328._V1_[1].js not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\s_code[1].js not found!
    File\Folder C:\Documents and Settings\Corona\Local Settings\Temporary Internet Files\Content.IE5\4D04FFQ7\s_code[2].js not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d24.dat not found!
    C:\WINDOWS\temp\scaninfo(4468).tmp moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  14. #9
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    NEW OTL after quick scan report
    OTL logfile created on: 5/11/2014 2:55:15 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Corona\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.97 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.61% Memory free
    3.81 Gb Paging File | 2.53 Gb Available in Paging File | 66.30% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.97 Gb Total Space | 24.49 Gb Free Space | 16.44% Space Free | Partition Type: NTFS
    Drive Z: | 148.97 Gb Total Space | 24.49 Gb Free Space | 16.44% Space Free | Partition Type: NTFS

    Computer Name: MINDY | User Name: Corona | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/05/07 18:13:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corona\My Documents\Downloads\OTL.exe
    PRC - [2014/04/23 09:44:06 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2014/04/23 09:43:05 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2014/04/01 09:36:04 | 000,431,960 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2014/03/31 11:53:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2014/03/13 10:39:54 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2014/03/13 10:39:42 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2014/03/13 10:39:42 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2014/02/28 14:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2014/02/28 14:38:22 | 005,545,328 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2014/02/28 14:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2013/12/17 09:49:08 | 003,048,480 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    PRC - [2013/12/17 09:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    PRC - [2013/12/17 09:40:07 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
    PRC - [2013/09/24 16:02:59 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013/07/10 14:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/03/01 07:06:42 | 001,717,488 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () -- C:\Program Files\IDriveWindows\idwservice_501.exe
    PRC - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe
    PRC - [2009/08/13 05:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/03/31 11:53:03 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/03/09 11:48:52 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\bb5a0e6808cafd5f642174ff0ece0d41\System.WorkflowServices.ni.dll
    MOD - [2014/03/09 11:47:20 | 001,077,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3c2035880250d6d46413f1981d316ea0\System.ServiceModel.Web.ni.dll
    MOD - [2014/02/13 17:11:46 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 17:11:45 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f6bb2f27e73e55ccd0159c0fc5f08c4\System.ServiceModel.Routing.ni.dll
    MOD - [2014/02/13 17:11:42 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\09987e88bfe8b9e1fd338c9cbd743675\System.ServiceModel.Discovery.ni.dll
    MOD - [2014/02/13 17:11:39 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7c827a34a2a8958bf2e185dcb9ae52e4\System.ServiceModel.Channels.ni.dll
    MOD - [2014/02/13 17:11:37 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cb2d43fc6263770ad977f001a6b69726\System.ServiceModel.Activities.ni.dll
    MOD - [2014/02/13 17:11:25 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1f236d1b65b6f9d77c3d2c63bb347130\System.ServiceModel.ni.dll
    MOD - [2014/02/13 17:10:38 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
    MOD - [2014/02/13 17:10:28 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1ea05c6575298512abd69038ad724ad1\System.IdentityModel.ni.dll
    MOD - [2014/02/13 17:07:51 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
    MOD - [2014/02/13 17:07:50 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
    MOD - [2014/02/13 17:07:49 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
    MOD - [2014/02/13 17:07:47 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\4db577ac7d6b041ca538dda903bc9c7f\System.Runtime.DurableInstancing.ni.dll
    MOD - [2014/02/13 17:07:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e4448b85161eee80928b795515738388\SMDiagnostics.ni.dll
    MOD - [2014/02/13 17:07:42 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0e06620ca298f1287cc5698d1a019296\System.Runtime.Serialization.ni.dll
    MOD - [2014/02/13 17:07:38 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll
    MOD - [2014/02/13 17:07:00 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\211925af2639b2445fda3b8c040e5a8a\Microsoft.VisualC.ni.dll
    MOD - [2014/02/13 17:06:04 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d7785512895a0427dad1bef2155b7ffc\CustomMarshalers.ni.dll
    MOD - [2014/02/13 16:51:21 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 12:55:24 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9de255a0aa42b52f01848ced6d315972\System.Windows.Forms.ni.dll
    MOD - [2014/02/13 12:55:06 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
    MOD - [2014/02/13 12:54:39 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\acfa2ad70ad0f2908e02e858c846ac08\System.Data.ni.dll
    MOD - [2014/02/13 12:53:39 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
    MOD - [2014/02/13 12:53:35 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\e0579383d49e212d5bf5a87c3dad50e7\System.Security.ni.dll
    MOD - [2014/02/13 12:53:20 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
    MOD - [2014/02/13 12:53:18 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
    MOD - [2014/02/13 12:52:53 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
    MOD - [2014/02/13 12:52:36 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
    MOD - [2014/02/13 12:39:28 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 12:39:00 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () -- C:\Program Files\IDriveWindows\idwservice_501.exe
    MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2009/07/30 21:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2008/12/25 13:36:32 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2014/04/29 12:41:22 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/23 09:44:06 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2014/04/23 09:43:05 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/04/01 09:36:04 | 000,431,960 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2014/03/31 11:53:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/13 10:39:54 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2014/03/13 10:39:42 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2014/02/28 14:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2014/02/28 14:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2013/12/17 09:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
    SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/16 18:13:19 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/09/10 14:54:47 | 000,308,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe -- (GoToAssist)
    SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/03/01 07:06:42 | 001,717,488 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
    SRV - [2012/11/06 14:28:34 | 000,334,704 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2013.exe -- (Sage 50 SmartPosting 2013)
    SRV - [2012/05/04 14:51:36 | 000,182,416 | ---- | M] () [Auto | Running] -- C:\Program Files\IDriveWindows\idwservice_501.exe -- (IDriveService)
    SRV - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/10/01 00:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe -- (QuickBooksDB19)
    SRV - [2009/09/25 09:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2009/08/13 05:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
    SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/04/10 13:07:31 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/12/17 09:40:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/12/17 09:40:26 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2013/10/07 09:54:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/05/25 11:16:43 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2013/03/01 07:06:06 | 000,091,248 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
    DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2012/05/25 19:34:42 | 000,135,272 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
    DRV - [2011/09/16 16:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2009/09/25 09:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2009/09/25 09:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2009/09/25 09:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2009/09/25 09:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/09/25 09:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/08/18 19:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/08/18 18:21:20 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/08/18 18:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2007/12/03 13:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
    DRV - [2007/11/20 03:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
    DRV - [2007/11/20 03:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
    DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
    DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090122
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{331EBF97-C46F-4280-9F50-67020939B721}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/14 13:58:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/14 13:58:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/04/30 11:03:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010/09/13 10:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Extensions
    [2010/09/13 10:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2014/03/21 13:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corona\Application Data\Mozilla\Firefox\Profiles\fi9epx8n.default-1392820249953\extensions
    [2014/03/31 11:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/03/31 11:51:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/31 11:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/03/31 11:51:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/03/31 11:53:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.132.1_0\McChPlg.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Corona\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: RealDownloader = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Corona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    Hosts file not found
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
    O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB7C32D-A677-4B8E-A6C6-A2CD18271651}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\917\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Corona/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\{14d44cfa-fa2c-11de-9d8b-00219b21ded7}\Shell\phone\command - "" = E:\autorun.exe
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{16b91bb6-117c-11e3-9f41-00219b21ded7}\Shell\AutoRun\command - "" = "G:\WD Drive Unlock.exe" autoplay=true
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9fd9390-3b2c-11e3-9f66-00219b21ded7}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cc3fd1d5-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cc3fd1d7-9bb6-11de-9d55-00219b21ded7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{f75e5ac2-e348-11de-9d7b-00219b21ded7}\Shell\AutoRun\command - "" = E:\HebrewBooks.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/11 14:29:43 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/05/09 10:29:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/05/05 14:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B26C223F-75F7-4201-923E-111C38B71D5C}
    [2014/05/05 14:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stamps.com
    [2014/05/05 12:44:31 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/05/05 12:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/05 12:42:58 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/05/05 12:42:58 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/05/05 12:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/05/05 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Application Data\Stamps.com Internet Postage
    [2014/05/05 11:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
    [2014/05/05 11:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corona\Local Settings\Application Data\Seven Zip
    [2014/04/30 11:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

    ========== Files - Modified Within 30 Days ==========

    [2014/05/11 14:59:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F89F1B5-D8FE-4C00-AAC2-DAA15220805E}.job
    [2014/05/11 14:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/11 14:48:17 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\WDPABKP.dat
    [2014/05/11 14:47:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/05/11 14:45:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/11 14:45:47 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    [2014/05/11 14:45:47 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/05/11 14:45:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/05/11 14:45:30 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/11 14:43:20 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007UA.job
    [2014/05/11 14:42:03 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
    [2014/05/11 14:42:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3961636931-249890527-487916745-1007Core.job
    [2014/05/11 14:41:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/05/11 14:04:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B865D90F-A6AE-4EA0-B61A-D53A83683F2D}.job
    [2014/05/09 13:42:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
    [2014/05/08 19:10:00 | 000,000,628 | ---- | M] () -- C:\WINDOWS\tasks\Sage 50 Backup 1.job
    [2014/05/08 18:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Peachtree Backup 1.job
    [2014/05/08 16:46:31 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
    [2014/05/08 15:10:02 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/05/08 12:21:52 | 000,000,174 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
    [2014/05/08 09:47:59 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/05/07 15:45:07 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
    [2014/05/05 15:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3961636931-249890527-487916745-1007.job
    [2014/05/05 14:32:40 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    [2014/05/05 12:43:04 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/05 12:37:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2014/05/02 09:23:13 | 000,000,522 | ---- | M] () -- C:\WINDOWS\tasks\Peachtree Backup 2.job
    [2014/05/01 10:34:23 | 000,001,027 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
    [2014/04/29 16:34:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat
    [2014/04/28 19:53:59 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/04/25 10:05:04 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    [2014/04/23 11:07:50 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2014/04/23 09:49:29 | 000,001,024 | ---- | M] () -- C:\.rnd

    ========== Files Created - No Company Name ==========

    [2014/05/11 14:47:31 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
    [2014/05/05 14:32:40 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
    [2014/05/05 12:43:04 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/05 11:09:02 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2014/04/25 10:05:04 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\Corona\Desktop\My Documents.lnk
    [2014/02/05 12:51:03 | 000,001,027 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2014/02/05 12:51:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd8480dn.dat
    [2014/02/05 12:49:07 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2014/02/05 12:49:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2014/02/05 12:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/18 13:42:00 | 000,499,667 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3961636931-249890527-487916745-1008-0.dat
    [2013/10/18 13:41:36 | 000,131,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/10/11 11:49:10 | 003,631,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3961636931-249890527-487916745-1007-0.dat
    [2013/10/11 11:49:09 | 000,216,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/08/15 12:10:56 | 000,809,153 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\census.cache
    [2013/08/15 12:10:03 | 000,223,466 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\ars.cache
    [2012/07/30 19:39:40 | 000,000,110 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2012/05/14 11:41:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/12/12 14:59:09 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/05 13:37:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\housecall.guid.cache
    [2011/04/27 14:08:10 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Corona\g2mdlhlpx.exe
    [2010/10/06 16:53:55 | 000,104,280 | ---- | C] () -- C:\Documents and Settings\Corona\GoToAssistDownloadHelper.exe
    [2010/01/18 17:04:00 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Corona\pool.bin
    [2009/06/24 18:51:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Corona\Local Settings\Application Data\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/05/08 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
    [2013/08/29 17:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2012/07/30 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2011/03/02 13:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
    [2014/04/24 18:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2013/10/08 16:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/10/08 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2014/05/11 13:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/01/06 12:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2014/04/24 18:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
    [2014/05/05 15:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2009/11/02 10:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
    [2013/10/01 18:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
    [2013/10/13 12:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promote Installer
    [2011/12/02 13:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2012/05/08 14:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2009/11/30 11:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2009/10/21 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
    [2012/08/01 20:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
    [2009/12/07 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2014/02/03 18:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/12/07 12:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UltiDev
    [2014/03/08 22:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2012/02/03 12:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/08/10 09:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2014/05/05 14:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B26C223F-75F7-4201-923E-111C38B71D5C}
    [2010/07/29 10:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Blackberry Desktop
    [2012/09/24 18:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Business Objects
    [2009/10/21 13:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Bytemobile
    [2010/12/08 17:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Coby Media Manager
    [2009/11/12 16:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/12/09 12:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\CrystalIdea Software
    [2014/04/10 17:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Dropbox
    [2014/03/26 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\eFax Messenger
    [2013/11/27 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\ElevatedDiagnostics
    [2013/07/15 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\FreeBurner
    [2013/03/15 10:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\GARMIN
    [2013/07/15 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\ImgBurn
    [2011/03/02 13:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\j2 Global
    [2010/01/05 15:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\mjusbsp
    [2014/02/05 13:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\PC-FAX TX
    [2012/04/24 19:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\PCDr
    [2009/06/24 18:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Peachtree
    [2014/05/01 11:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\PrimoPDF
    [2014/01/27 18:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\QuickScan
    [2011/12/02 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Research In Motion
    [2012/05/08 14:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Sage
    [2009/10/21 13:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Sprint
    [2014/05/05 14:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Stamps.com Internet Postage
    [2011/12/12 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\SumatraPDF
    [2014/05/05 11:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\TeamViewer
    [2010/09/13 10:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Thunderbird
    [2014/01/16 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\webex
    [2013/09/17 11:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Windows Desktop Search
    [2013/09/17 14:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\Windows Search
    [2013/10/08 16:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corona\Application Data\WinPatrol

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >

  15. #10
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    I cant dowmload the RogueKiller.exe not sure what blocks me
    thanks

Page 1 of 3 123 LastLast