|
-
April 23rd, 2014, 10:44 AM
#16
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}" = AMD Accelerated Video Transcoding
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{30921AC4-6875-F7DF-B48B-2BB68C000BB6}" = AMD Media Foundation Decoders
"{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6C676266-91E4-DC71-E661-13494AC29A3E}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}" = AMD Drag and Drop Transcoding
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{CB1032F6-1108-30C7-01C9-C0C132D13BEE}" = AMD Fuel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}" = DYMO LabelWriter Drivers
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{053D3A58-6440-4281-9495-31C07078724B}" = Node.js
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{2339C775-C7EA-4103-9A82-E12EB67FA2A3}" = Hallmark Card Studio 2013 Bonus Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F9EB3E8-5CF3-448F-A2A0-982BE6C5FDDE}" = Roxio Creator 2011
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}" = TSST OEM Content
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89590A73-9AC3-48ED-B83E-6489900DED5A}" = Nero Multimedia Suite 10 Essentials
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97F4C931-5B0F-4572-97FD-042F75F5198B}" = RealDownloader
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}" = Roxio Creator 2011 Content
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2011
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A6E08FBC-FC99-4CEE-B645-83A42107BE89}" = Hallmark Card Studio 2013
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = AMD VISION Engine Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"AI RoboForm" = RoboForm 7-9-6-7 (All Users)
"am-superpopdrop" = Super Pop & Drop
"ATT-AT&T Troubleshoot & Resolve" = AT&T Troubleshoot & Resolve
"Audacity_is1" = Audacity 2.0.2
"Coupon Printer for Windows5.0.0.7" = Coupon Printer for Windows
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DYMO Label v.8" = DYMO Label v.8
"Free Video to Android Converter_is1" = Free Video to Android Converter version 5.0.23.320
"Free Window Registry Repair" = Free Window Registry Repair
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HangARoo_is1" = HangARoo v2.052
"HP PhotoSmart Photo Printing Software" = HP PhotoSmart Photo Printing Software
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IP Locator" = IP Locator
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"McAfee Virtual Technician" = McAfee Virtual Technician
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee SecurityCenter
"MyDriveConnect" = MyDriveConnect 3.3.0.1342
"RealPlayer 17.0" = RealPlayer Cloud
"Revo Uninstaller" = Revo Uninstaller 1.94
"Roxio PhotoShow" = Roxio PhotoShow
"SCRABBLE®" = SCRABBLE®
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Super WHATword?" = Super WHATword?
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Word Cross(TM)" = Word Cross(TM)
"Word Search Deluxe" = Word Search Deluxe
"Word Slinger" = Word Slinger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2912744265-1680788630-2871304238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/23/2014 10:12:48 AM | Computer Name = BlueRoom-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 4/23/2014 9:06:53 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 4/23/2014 9:07:28 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 4/23/2014 9:07:30 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 4/23/2014 9:07:32 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 4/23/2014 9:07:32 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 4/23/2014 9:07:34 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 4/23/2014 9:07:34 AM | Computer Name = BlueRoom-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
-
April 23rd, 2014, 01:03 PM
#17
Trojan infection from ComboFix.exe
McAfee people better check their heads...lol
OTL.txt log is incomplete.
Post entire log.
-
April 23rd, 2014, 06:16 PM
#18
OTL.txt was pasted into two different replies, one after the other because I couldn't get it to fit in one reply. It was telling me it is too long. Please check again as I broke it up in two replies.
-
April 23rd, 2014, 07:01 PM
#19
No. You posted same upper portion of OTL.txt twice.
-
April 23rd, 2014, 08:33 PM
#20
Hope this works........
OTL logfile created on: 4/23/2014 8:43:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nancy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.35 Gb Available Physical Memory | 69.04% Memory free
15.50 Gb Paging File | 13.00 Gb Available in Paging File | 83.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 306.91 Gb Free Space | 65.91% Space Free | Partition Type: NTFS
Computer Name: BLUEROOM-PC | User Name: Nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/23 08:42:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nancy\Downloads\OTL.exe
PRC - [2014/04/19 06:54:19 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/03/26 08:30:52 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/12 10:17:07 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/02/12 16:29:36 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/02/12 14:42:10 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/29 04:27:50 | 000,473,496 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
PRC - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/05/07 10:54:04 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
PRC - [2013/01/10 15:26:00 | 000,140,072 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/11/26 09:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/08/10 15:10:34 | 000,120,400 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2009/09/18 10:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2007/06/20 16:04:51 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
========== Modules (No Company Name) ==========
MOD - [2013/11/29 04:29:40 | 000,026,520 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
MOD - [2013/11/29 04:28:34 | 000,344,984 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
MOD - [2013/11/29 04:28:12 | 000,082,840 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/28 01:14:46 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/07 10:55:00 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/04/30 00:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2007/06/29 10:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2014/04/19 17:49:39 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/24 11:18:12 | 000,140,424 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/12 10:17:07 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/02/13 17:58:00 | 000,176,624 | ---- | M] (Coupons.com Inc.) [Auto | Running] -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe -- (CouponPrinterService)
SRV - [2014/02/12 16:29:36 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/02/12 14:42:10 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 20:21:06 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\MAHostService.exe -- (AT&T Troubleshoot & Resolve)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/09 20:22:18 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\drivers\XAudio64.exe -- (XAudioService)
SRV - [2013/09/09 20:22:18 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\FXSSVC.exe -- (Fax)
SRV - [2013/09/09 20:22:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2013/09/09 20:22:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mfevtps.exe -- (mfevtp)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/09/09 20:21:42 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/01/10 15:26:00 | 000,140,072 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/08/10 15:10:34 | 000,120,400 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012/06/20 13:45:06 | 000,032,368 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/08/20 08:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/28 20:25:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/05 17:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/02 15:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/02/02 15:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2007/06/29 10:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/20 05:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/06/20 05:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2007/06/20 05:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/19 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
-
April 23rd, 2014, 08:34 PM
#21
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.6.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.6.13: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/04/09 06:53:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/13 13:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/03/12 10:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/03/12 10:18:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/13 13:41:31 | 000,000,000 | ---D | M]
[2014/02/13 18:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy\AppData\Roaming\Mozilla\Extensions
[2014/02/13 18:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
O1 HOSTS File: ([2014/04/22 19:22:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [ATT_McciTrayApp] C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (TomTom)
O4 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWOW64\StikyNot.exe ()
O4 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/mya...ownloader7.cab (Aurigma FileDownloader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A92809A3-D5CA-49A5-ABD0-315BC2CB208C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/23 07:45:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/22 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\Not Posted Yet
[2014/04/22 20:35:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/22 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\RK_Quarantine
[2014/04/22 19:22:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/22 19:09:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/22 19:09:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/22 19:09:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/22 18:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/04/22 18:27:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/22 18:27:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/22 18:13:27 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/04/22 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\Posted To VirtualDR
[2014/04/18 19:08:45 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Roaming\library_dir
[2014/04/17 10:29:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/17 10:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 10:28:47 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/17 10:28:47 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/17 10:28:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/17 10:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/17 08:17:53 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/04/17 08:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/04/15 09:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2014/04/14 09:43:57 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\New folder
[2014/04/12 20:25:59 | 000,000,000 | -HSD | C] -- C:\Users\Nancy\AppData\Local\EmieUserList
[2014/04/12 20:25:59 | 000,000,000 | -HSD | C] -- C:\Users\Nancy\AppData\Local\EmieSiteList
[2014/04/09 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\Pics
[2014/04/09 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Roaming\DisplayTune
[2014/04/09 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\DisplayTune
[2014/04/09 10:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portrait Displays
[2014/04/09 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Portrait Displays
[2014/04/09 10:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/04/09 10:42:49 | 000,000,000 | ---D | C] -- C:\Swsetup
[2014/03/28 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Nancy\Desktop\Menu For Taste Of Eastern Europe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/23 08:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/23 08:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/23 08:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/23 08:14:58 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 08:14:58 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 08:07:36 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{A92809A3-D5CA-49A5-ABD0-315BC2CB208C}
[2014/04/23 08:07:36 | 000,003,284 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\ANIWZCS{A92809A3-D5CA-49A5-ABD0-315BC2CB208C}
[2014/04/23 08:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/23 08:06:39 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/23 05:50:15 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/23 05:50:15 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/23 05:50:15 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/22 20:07:55 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/22 19:22:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/19 18:57:54 | 004,527,616 | ---- | M] () -- C:\Users\Nancy\Desktop\RogueKillerX64.exe
[2014/04/18 18:52:25 | 000,032,866 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\wklnhst.dat
[2014/04/18 18:15:06 | 000,016,558 | ---- | M] () -- C:\Users\Nancy\Desktop\Want to have the best house in Romeoville_ Here's your chance!.eml
[2014/04/17 14:46:40 | 000,018,511 | ---- | M] () -- C:\Users\Nancy\Desktop\Enter to win $25,000 in the Better Homes and Gardens Sweepstakes!.eml
[2014/04/17 10:29:07 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/17 10:00:16 | 000,023,713 | ---- | M] () -- C:\Users\Nancy\Desktop\Enter Every Day for a Chance to Win a House + $100,000.eml
[2014/04/17 06:56:02 | 000,000,089 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\WB.CFG
[2014/04/15 17:41:15 | 000,036,595 | ---- | M] () -- C:\Users\Nancy\Desktop\10178126_616277111783639_1989169542_n.jpg
[2014/04/15 09:22:53 | 007,210,233 | ---- | M] () -- C:\Users\Nancy\Desktop\Dark Horse- Ft Juicy J.mp3
[2014/04/15 09:15:13 | 000,001,134 | ---- | M] () -- C:\Users\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.7.lnk
[2014/04/12 20:56:29 | 000,421,575 | ---- | M] () -- C:\Users\Nancy\Desktop\iCalendar.ics
[2014/04/10 09:42:40 | 000,432,688 | ---- | M] () -- C:\Users\Nancy\Desktop\Old Pictures 1.jpg
[2014/04/10 09:34:22 | 000,442,530 | ---- | M] () -- C:\Users\Nancy\Desktop\Old Pictures 2.jpg
[2014/04/10 09:13:07 | 000,949,735 | ---- | M] () -- C:\Users\Nancy\Desktop\scan0001.jpg
[2014/04/10 08:17:14 | 000,051,712 | ---- | M] () -- C:\Users\Nancy\Desktop\Medicare Premiums and Deductibles for 2014.wps
[2014/04/10 07:53:53 | 000,015,175 | ---- | M] () -- C:\Users\Nancy\Desktop\Enter for a Chance to Win Expert Home Renovations and More!.eml
[2014/04/09 11:07:26 | 000,019,456 | ---- | M] () -- C:\Users\Nancy\Desktop\Cell Phone.wps
[2014/04/09 10:56:48 | 000,001,717 | ---- | M] () -- C:\Users\Nancy\Desktop\HP My Display.lnk
[2014/04/08 08:59:24 | 000,019,592 | ---- | M] () -- C:\Users\Nancy\Desktop\web-ad.png
[2014/04/07 09:51:28 | 000,014,592 | ---- | M] () -- C:\Users\Nancy\Desktop\$50,000 Landscape Sweepstakes_ Enter Every Day!.eml
[2014/04/03 18:34:15 | 000,187,881 | ---- | M] () -- C:\Users\Nancy\Desktop\10003479_843378232343511_291846803_n.png
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/01 08:25:07 | 000,032,111 | ---- | M] () -- C:\Users\Nancy\Desktop\1240440_252897228226194_699691124_n.jpg
[2014/03/30 19:33:57 | 001,420,313 | ---- | M] () -- C:\Users\Nancy\Desktop\Repair Part List - W10222396.pdf
[2014/03/30 10:20:59 | 000,037,077 | ---- | M] () -- C:\Users\Nancy\Desktop\Bourbon Street.jpg
[2014/03/29 09:31:05 | 000,011,776 | ---- | M] () -- C:\Users\Nancy\Desktop\Monthly Budget (April).xlr
[2014/03/26 11:01:25 | 000,039,822 | ---- | M] () -- C:\Users\Nancy\Desktop\Nancy, We’re Giving Away 10 Dream Vacations! Enter for Your Chance to Win.eml
[2014/03/26 11:00:37 | 000,014,931 | ---- | M] () -- C:\Users\Nancy\Desktop\You could win $10,000 in IKEA gift cards!.eml
[2014/03/26 10:45:38 | 000,004,777 | ---- | M] () -- C:\Users\Nancy\Desktop\Your $5,000 Deck Out Your Backyard Sweepstakes entry….eml
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/22 19:09:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/22 19:09:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/22 19:09:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/22 19:09:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/22 19:09:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/19 18:58:52 | 004,527,616 | ---- | C] () -- C:\Users\Nancy\Desktop\RogueKillerX64.exe
[2014/04/19 17:49:40 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/18 18:15:05 | 000,016,558 | ---- | C] () -- C:\Users\Nancy\Desktop\Want to have the best house in Romeoville_ Here's your chance!.eml
[2014/04/17 14:46:39 | 000,018,511 | ---- | C] () -- C:\Users\Nancy\Desktop\Enter to win $25,000 in the Better Homes and Gardens Sweepstakes!.eml
[2014/04/17 10:29:07 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/17 10:00:14 | 000,023,713 | ---- | C] () -- C:\Users\Nancy\Desktop\Enter Every Day for a Chance to Win a House + $100,000.eml
[2014/04/17 08:17:25 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/04/15 17:41:36 | 000,036,595 | ---- | C] () -- C:\Users\Nancy\Desktop\10178126_616277111783639_1989169542_n.jpg
[2014/04/15 09:22:53 | 007,210,233 | ---- | C] () -- C:\Users\Nancy\Desktop\Dark Horse- Ft Juicy J.mp3
[2014/04/15 09:15:13 | 000,001,134 | ---- | C] () -- C:\Users\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.7.lnk
[2014/04/12 20:56:29 | 000,421,575 | ---- | C] () -- C:\Users\Nancy\Desktop\iCalendar.ics
[2014/04/10 09:39:32 | 000,432,688 | ---- | C] () -- C:\Users\Nancy\Desktop\Old Pictures 1.jpg
[2014/04/10 09:34:22 | 000,442,530 | ---- | C] () -- C:\Users\Nancy\Desktop\Old Pictures 2.jpg
[2014/04/10 09:13:09 | 000,949,735 | ---- | C] () -- C:\Users\Nancy\Desktop\scan0001.jpg
[2014/04/10 08:17:14 | 000,051,712 | ---- | C] () -- C:\Users\Nancy\Desktop\Medicare Premiums and Deductibles for 2014.wps
[2014/04/10 07:53:53 | 000,015,175 | ---- | C] () -- C:\Users\Nancy\Desktop\Enter for a Chance to Win Expert Home Renovations and More!.eml
[2014/04/09 11:07:26 | 000,019,456 | ---- | C] () -- C:\Users\Nancy\Desktop\Cell Phone.wps
[2014/04/09 10:56:48 | 000,001,717 | ---- | C] () -- C:\Users\Nancy\Desktop\HP My Display.lnk
[2014/04/09 10:46:01 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2014/04/08 08:59:58 | 000,019,592 | ---- | C] () -- C:\Users\Nancy\Desktop\web-ad.png
[2014/04/07 09:51:27 | 000,014,592 | ---- | C] () -- C:\Users\Nancy\Desktop\$50,000 Landscape Sweepstakes_ Enter Every Day!.eml
[2014/04/03 18:35:05 | 000,187,881 | ---- | C] () -- C:\Users\Nancy\Desktop\10003479_843378232343511_291846803_n.png
[2014/04/01 08:45:12 | 000,032,111 | ---- | C] () -- C:\Users\Nancy\Desktop\1240440_252897228226194_699691124_n.jpg
[2014/03/30 19:33:57 | 001,420,313 | ---- | C] () -- C:\Users\Nancy\Desktop\Repair Part List - W10222396.pdf
[2014/03/30 10:20:59 | 000,037,077 | ---- | C] () -- C:\Users\Nancy\Desktop\Bourbon Street.jpg
[2014/03/26 11:01:25 | 000,039,822 | ---- | C] () -- C:\Users\Nancy\Desktop\Nancy, We’re Giving Away 10 Dream Vacations! Enter for Your Chance to Win.eml
[2014/03/26 11:00:37 | 000,014,931 | ---- | C] () -- C:\Users\Nancy\Desktop\You could win $10,000 in IKEA gift cards!.eml
[2014/03/26 10:45:37 | 000,004,777 | ---- | C] () -- C:\Users\Nancy\Desktop\Your $5,000 Deck Out Your Backyard Sweepstakes entry….eml
[2014/03/25 08:49:37 | 000,011,776 | ---- | C] () -- C:\Users\Nancy\Desktop\Monthly Budget (April).xlr
[2014/02/25 18:57:00 | 000,000,089 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\WB.CFG
[2014/01/27 08:39:11 | 000,000,258 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\ANICONFIG_{A92809A3-D5CA-49A5-ABD0-315BC2CB208C}.ini
[2013/09/09 20:57:59 | 000,719,287 | ---- | C] () -- C:\Users\Nancy\AppData\Local\census.cache
[2013/09/09 20:57:29 | 000,126,789 | ---- | C] () -- C:\Users\Nancy\AppData\Local\ars.cache
[2013/09/09 20:22:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2013/09/09 20:22:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WUDFHost.exe
[2013/09/09 20:22:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2013/09/09 20:22:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2013/09/09 20:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\XAudio64.exe
[2013/09/09 20:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\StikyNot.exe
[2013/09/09 20:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FXSSVC.exe
[2013/09/09 20:22:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2013/09/09 20:22:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mfevtps.exe
[2013/09/09 20:22:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\atieclxx.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/09/09 20:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\atiesrxx.exe
[2013/09/09 20:20:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/09/09 19:54:42 | 000,000,036 | ---- | C] () -- C:\Users\Nancy\AppData\Local\housecall.guid.cache
[2013/05/18 08:39:41 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2013/05/14 18:18:22 | 000,007,625 | ---- | C] () -- C:\Users\Nancy\AppData\Local\Resmon.ResmonCfg
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/04/24 10:59:36 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2013/04/18 17:31:48 | 000,003,284 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\ANIWZCS{A92809A3-D5CA-49A5-ABD0-315BC2CB208C}
[2013/04/18 17:31:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2013/04/18 17:30:49 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2013/04/18 17:30:49 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2013/04/18 17:30:49 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2013/04/18 17:30:49 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2013/04/18 17:30:28 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2013/04/18 17:30:00 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2013/04/18 17:29:59 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2013/04/18 17:29:59 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2013/03/27 12:42:48 | 000,000,000 | ---- | C] () -- C:\Users\Nancy\AppData\Local\rx_image32.Cache
[2013/02/28 11:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Nancy\format
[2013/01/15 15:56:19 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/01/13 14:37:08 | 000,032,866 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\wklnhst.dat
[2013/01/13 13:36:42 | 000,208,446 | ---- | C] () -- C:\Windows\hpoins43.dat
[2013/01/13 13:36:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2013/01/12 20:59:32 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/12 19:50:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/15 15:50:12 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Audacity
[2013/01/15 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\CopyTrans
[2014/04/09 10:49:17 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\DisplayTune
[2013/04/12 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\DVDVideoSoft
[2013/02/27 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\FamilyTreeMaker
[2014/02/12 20:22:01 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Garmin
[2013/05/05 10:28:00 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\GetGo Software
[2014/04/18 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\library_dir
[2014/04/15 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\MP3Rocket
[2013/12/21 09:34:31 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\npm
[2013/06/23 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Oracle
[2013/07/19 06:49:06 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\RoboForm
[2013/10/01 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Samsung
[2013/01/13 15:17:17 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Simple Star
[2013/01/13 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Template
[2014/02/13 18:49:59 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\TomTom
[2013/01/13 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Windows Live Writer
[2013/01/15 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\WindSolutions
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 949 bytes -> C:\Users\Nancy\Desktop\Nancy, Win A New Laptop Or A Keurig Brewer.eml:OECustomProperty
@Alternate Data Stream - 1165 bytes -> C:\Users\Nancy\Desktop\Enter for a Chance to Win Expert Home Renovations and More!.eml:OECustomProperty
@Alternate Data Stream - 1145 bytes -> C:\Users\Nancy\Desktop\Enter to win $25,000 in the Better Homes and Gardens Sweepstakes!.eml:OECustomProperty
@Alternate Data Stream - 1133 bytes -> C:\Users\Nancy\Desktop\Want to have the best house in Romeoville_ Here's your chance!.eml:OECustomProperty
@Alternate Data Stream - 1117 bytes -> C:\Users\Nancy\Desktop\$50,000 Landscape Sweepstakes_ Enter Every Day!.eml:OECustomProperty
@Alternate Data Stream - 1113 bytes -> C:\Users\Nancy\Desktop\Nancy, We’re Giving Away 10 Dream Vacations! Enter for Your Chance to Win.eml:OECustomProperty
@Alternate Data Stream - 1065 bytes -> C:\Users\Nancy\Desktop\Your $5,000 Deck Out Your Backyard Sweepstakes entry….eml:OECustomProperty
@Alternate Data Stream - 1053 bytes -> C:\Users\Nancy\Desktop\Enter Every Day for a Chance to Win a House + $100,000.eml:OECustomProperty
@Alternate Data Stream - 1017 bytes -> C:\Users\Nancy\Desktop\You could win $10,000 in IKEA gift cards!.eml:OECustomProperty
< End of report >
-
April 23rd, 2014, 08:45 PM
#22
 Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O15 - HKU\S-1-5-21-2912744265-1680788630-2871304238-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
@Alternate Data Stream - 949 bytes -> C:\Users\Nancy\Desktop\Nancy, Win A New Laptop Or A Keurig Brewer.eml:OECustomProperty
@Alternate Data Stream - 1165 bytes -> C:\Users\Nancy\Desktop\Enter for a Chance to Win Expert Home Renovations and More!.eml:OECustomProperty
@Alternate Data Stream - 1145 bytes -> C:\Users\Nancy\Desktop\Enter to win $25,000 in the Better Homes and Gardens Sweepstakes!.eml:OECustomProperty
@Alternate Data Stream - 1133 bytes -> C:\Users\Nancy\Desktop\Want to have the best house in Romeoville_ Here's your chance!.eml:OECustomProperty
@Alternate Data Stream - 1117 bytes -> C:\Users\Nancy\Desktop\$50,000 Landscape Sweepstakes_ Enter Every Day!.eml:OECustomProperty
@Alternate Data Stream - 1113 bytes -> C:\Users\Nancy\Desktop\Nancy, We’re Giving Away 10 Dream Vacations! Enter for Your Chance to Win.eml:OECustomProperty
@Alternate Data Stream - 1065 bytes -> C:\Users\Nancy\Desktop\Your $5,000 Deck Out Your Backyard Sweepstakes entry….eml:OECustomProperty
@Alternate Data Stream - 1053 bytes -> C:\Users\Nancy\Desktop\Enter Every Day for a Chance to Win a House + $100,000.eml:OECustomProperty
@Alternate Data Stream - 1017 bytes -> C:\Users\Nancy\Desktop\You could win $10,000 in IKEA gift cards!.eml:OECustomProperty
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
April 24th, 2014, 02:06 PM
#23
Farbar Service Scanner Version: 25-02-2014
Ran by Nancy (administrator) on 24-04-2014 at 10:26:19
Running from "C:\Users\Nancy\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6001)
Java 7 Update 55
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Files\Folders moved on Reboot...
C:\Users\Nancy\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Nancy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5387ZBM\dgdTycPTSRj[2].htm moved successfully.
File\Folder C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5387ZBM\sharebutton[1].htm not found!
File\Folder C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KGNBJUXO\dgdTycPTSRj[2].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
No threats were found in Eset scan.
-
April 24th, 2014, 03:11 PM
#24
Your computer is clean
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642
12. Please, let me know, how your computer is doing.
-
April 24th, 2014, 05:07 PM
#25
Thank you Broni for all your help and patience with me trying to get these tests done right. I already use Secunia PSI and it works great except for updating Adobe Flash Player. It is a little difficult to find the update when there is one available. My computer started working better and better through all the testing and deleting process. My videos and games are working properly again and it is more stable after all this.
-
April 25th, 2014, 05:15 PM
#26
Way to go!!
Good luck and stay safe 
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
