TechSpot

[A] Siref causing autoboot in win7

By Todd Katcher
Jul 19, 2012
  1. Same issues as others. I read that the logs need to be provided and not to use anyone else's "fixit" files.

    Files attached. I tried to cut and paste, but got a warning that it was too much info.
     

    Attached Files:

  2. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-19 17:05:05
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-19 12:16] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  3. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 19-07-2012 16:42:23
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [421016 2007-07-25] (Dell Inc.)
    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2008-08-11] (LogMeIn, Inc.)
    HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [377248 2009-06-22] (Acronis)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Dell MFP Color Laser Printer 3115cn Launcher] "C:\Program Files (x86)\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" /s [639896 2007-05-09] (Dell Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
    HKU\postgres\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
    HKU\tk\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9798776 2012-07-12] (SugarSync, Inc.)
    HKU\tk\...\Run: [SansaDispatch] C:\Users\tk\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-04-22] (SanDisk Corporation)
    HKU\tk\...\Run: [AdobeBridge] [x]
    HKU\tk\...\Run: [Spotify Web Helper] "C:\Users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-13] ()
    HKU\tk\...\Run: [googletalk] C:\Users\tk\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
    HKU\tk\...\Run: [Google Update] "C:\Users\tk\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-07-30] (Google Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    ==================== Services (Whitelisted) ======

    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [828864 2009-06-22] (Acronis)
    3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2010-03-27] (Adobe Systems Incorporated)
    2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-16] (AMD)
    2 ContentPlayerService; "C:\Program Files (x86)\Four Winds Interactive\Content Player\ContentPlayerService.exe" [45568 2010-03-24] (Four Winds Interactive, LLC)
    2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)
    2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-07] (Dell Inc.)
    2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32336 2012-01-30] (Sanford, L.P.)
    2 JBAS50SVC; "C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-5.0.0.GA\bin\jbosssvc.exe" -r JBAS50SVC [61440 2010-03-29] (Red Hat®, Inc.)
    2 KjsUpdateService2; "C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe" [12800 2010-02-13] (Kinetic Jump Software, LLC)
    2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.)
    2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.)
    2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
    2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
    2 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [315392 2011-09-09] (Alcatel-Lucent)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 Net-SNMP Trap Handler; C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\snmptrapd.exe -service [503808 2011-10-12] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NovacomD; C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [61440 2011-09-19] (Palm)
    2 OMPM Service; "C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe" [5690083 2012-05-15] ()
    2 OMPMWatchdogService; "C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe" [55804 2012-05-15] ()
    2 Palm_TCP_Relay; "C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe" [11776 2011-12-21] ()
    2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
    2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

    ========================== Drivers (Whitelisted) =============

    1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
    3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
    3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
    3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
    2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
    3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2008-08-11] (LogMeIn, Inc.)
    2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2008-08-11] (LogMeIn, Inc.)
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [222240 2012-04-29] (Acronis)
    3 swmsflt; C:\Windows\System32\Drivers\swmsflt.sys [47104 2010-12-15] ()
    3 swmsflt; C:\Windows\SysWow64\Drivers\swmsflt.sys [28808 2008-10-15] ()
    3 SWNC5E00; C:\Windows\System32\Drivers\SWNC5E00.sys [285696 2010-12-15] (Sierra Wireless Inc.)
    0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-04-29] (Acronis)
    2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [83488 2012-04-29] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [880160 2012-04-29] (Acronis)
    3 ATIXPGAA; \??\C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS [x]
    4 LMIRfsClientNP; [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-19 12:29 - 2012-07-19 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BC829C1B53C08AB
    2012-07-19 12:29 - 2012-07-19 12:29 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kkqjhgbg.sys
    2012-07-19 12:29 - 2012-07-19 12:29 - 00000000 ____D C:\FRST
    2012-07-19 12:22 - 2012-07-19 12:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7283B347993FE79F
    2012-07-19 12:18 - 2012-07-19 12:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70797EE0D88DDE33
    2012-07-19 12:01 - 2012-07-19 12:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB328166EEEE62B5
    2012-07-19 11:56 - 2012-07-19 11:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD30C735AB80758C
    2012-07-19 11:52 - 2012-07-19 11:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05424A7A1F940F1D
    2012-07-19 11:48 - 2012-07-19 11:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62C74E31FFE65BDE
    2012-07-19 11:44 - 2012-07-19 11:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE35E82A6BE804F4
    2012-07-19 11:39 - 2012-07-19 11:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3851A5CB6E0EDDB1
    2012-07-19 11:35 - 2012-07-19 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1771F544E00E31A0
    2012-07-19 11:31 - 2012-07-19 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078D2ACE6FC970BD
    2012-07-19 11:27 - 2012-07-19 11:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5E2305445EB8FFC
    2012-07-19 11:22 - 2012-07-19 11:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C14D2489A0877B6F
    2012-07-19 11:18 - 2012-07-19 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D9FF0229EB44F3
    2012-07-19 11:14 - 2012-07-19 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6909B42E8CFB777
    2012-07-19 11:10 - 2012-07-19 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF9CB0B97671049A
    2012-07-19 11:05 - 2012-07-19 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27BF181AEBC94E5D
    2012-07-19 11:01 - 2012-07-19 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BFD037613D2EC49
    2012-07-19 10:57 - 2012-07-19 10:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BDB6DDB2CAB9087
    2012-07-19 10:53 - 2012-07-19 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E06440BC5751669
    2012-07-19 10:49 - 2012-07-19 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550B702A075A6254
    2012-07-19 10:44 - 2012-07-19 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DC2DD7634EA9AB0
    2012-07-19 10:41 - 2012-07-19 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F0627BE3A491193
    2012-07-19 10:38 - 2012-07-19 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.371618A059E62427
    2012-07-19 10:35 - 2012-07-19 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2876BFDF63C09006
    2012-07-19 10:29 - 2012-07-19 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B09CE610A52DD4C
    2012-07-19 10:25 - 2012-07-19 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161EA0EF784EFA42
    2012-07-19 10:21 - 2012-07-19 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.943E27EF67447844
    2012-07-19 10:17 - 2012-07-19 10:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F50BCB0F332D0B3
    2012-07-19 10:12 - 2012-07-19 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C504180647D5FC3D
    2012-07-19 10:08 - 2012-07-19 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.101492269AE95CE4
    2012-07-19 10:04 - 2012-07-19 10:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B9B46427EFBDE3B
    2012-07-19 10:00 - 2012-07-19 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A14F5FF719C5171E
    2012-07-19 09:56 - 2012-07-19 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E942654E8B4BAF2C
    2012-07-19 09:52 - 2012-07-19 09:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBED8CA135EAFEB9
    2012-07-19 09:47 - 2012-07-19 09:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE05CB7BB126948F
    2012-07-19 09:43 - 2012-07-19 09:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B9CD719AA7A137F
    2012-07-19 09:40 - 2012-07-19 09:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A22B9B97F344D2E
    2012-07-19 04:32 - 2012-07-19 04:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B1A5CAC1A1F9E5
    2012-07-19 04:28 - 2012-07-19 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF61C687DB9F6DAB
    2012-07-19 04:24 - 2012-07-19 04:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C98EDA0F72FFBAE8
    2012-07-19 04:20 - 2012-07-19 04:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7621764D09C72118
    2012-07-19 04:11 - 2012-07-19 04:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4212A5DC0929300A
    2012-07-19 04:07 - 2012-07-19 04:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A8B60BC105F1506
    2012-07-19 04:03 - 2012-07-19 04:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D0CEDC79DF16AB4
    2012-07-19 03:59 - 2012-07-19 03:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB1EE666771D478F
    2012-07-19 03:55 - 2012-07-19 03:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BB6213B4C3EF0F0
    2012-07-19 03:51 - 2012-07-19 03:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B80CE919179DFBA
    2012-07-19 03:47 - 2012-07-19 03:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.664F0BABC2061262
    2012-07-19 03:43 - 2012-07-19 03:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53BC6922F1E5EC4F
    2012-07-19 03:39 - 2012-07-19 03:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53F030F8F25233D2
    2012-07-19 03:33 - 2012-07-19 03:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.997D718E97CB5825
    2012-07-19 03:29 - 2012-07-19 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75146DC3A7A66464
    2012-07-19 03:25 - 2012-07-19 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B73BE43EB5BC3C
    2012-07-19 03:21 - 2012-07-19 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F2AD6DEC40D6F61
    2012-07-19 03:16 - 2012-07-19 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54CDC00A34CD1320
    2012-07-19 03:12 - 2012-07-19 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7F940BF675570A1
    2012-07-19 03:08 - 2012-07-19 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FA2282316D81630
    2012-07-19 03:04 - 2012-07-19 03:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C21A2F17463EF1D4
    2012-07-19 02:43 - 2012-07-19 02:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB38C376C6060985
    2012-07-19 02:38 - 2012-07-19 02:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4CB794B3E0877C0
    2012-07-19 02:34 - 2012-07-19 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7F468E8D7C94C592
    2012-07-19 02:30 - 2012-07-19 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9C284C6550FFF77
    2012-07-19 02:26 - 2012-07-19 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16D17C8A9AB9B375
    2012-07-19 02:22 - 2012-07-19 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8BFB08741DAEE63
    2012-07-19 02:18 - 2012-07-19 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE13A155986B4FA1
    2012-07-19 02:14 - 2012-07-19 02:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6721482DFC973B9
    2012-07-19 02:10 - 2012-07-19 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.351F791D5A057244
    2012-07-19 02:05 - 2012-07-19 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B0F48A1311A39F5
    2012-07-19 02:01 - 2012-07-19 02:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86B137DB670D7709
    2012-07-19 01:57 - 2012-07-19 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D23698C89536A26
    2012-07-19 01:53 - 2012-07-19 01:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58D78131AFDD375C
    2012-07-19 01:46 - 2012-07-19 01:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3AFCA8ACA4D751D
    2012-07-19 01:33 - 2012-07-19 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96FDF96CFD2348BA
    2012-07-19 01:27 - 2012-07-19 01:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABAE76FD5180B83
    2012-07-19 01:22 - 2012-07-19 01:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.671FA62784A43FC8
    2012-07-19 01:18 - 2012-07-19 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCBFF3D4AF9E1A81
    2012-07-19 01:14 - 2012-07-19 01:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD95674F7B821EE0
    2012-07-19 01:10 - 2012-07-19 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3617C756DC7311B4
    2012-07-19 01:06 - 2012-07-19 01:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBDFE97B92324194
    2012-07-19 01:02 - 2012-07-19 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C216771FC7A223EA
    2012-07-19 00:58 - 2012-07-19 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DA55FB44A84299D
    2012-07-19 00:54 - 2012-07-19 00:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EE92C21A5607065
    2012-07-19 00:51 - 2012-07-19 00:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3F5A2665C3A0658
    2012-07-19 00:46 - 2012-07-19 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.953E21FD0913233B
    2012-07-19 00:43 - 2012-07-19 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17FA66126636632C
    2012-07-19 00:39 - 2012-07-19 00:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AB4956E2C299101
    2012-07-19 00:35 - 2012-07-19 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B29FCD312A8F795
    2012-07-19 00:31 - 2012-07-19 00:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59BB145B59BB794F
    2012-07-19 00:27 - 2012-07-19 00:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB43952D9BFFFDD9
    2012-07-19 00:23 - 2012-07-19 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BA036EB2F5FFC13
    2012-07-19 00:19 - 2012-07-19 00:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FCF829B32DDB943
    2012-07-19 00:15 - 2012-07-19 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1396F9BE238207AF
    2012-07-19 00:11 - 2012-07-19 00:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.992234CA4EFD095B
    2012-07-19 00:07 - 2012-07-19 00:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F17AE09814C1FEA6
    2012-07-19 00:03 - 2012-07-19 00:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AE09B28C0A16379
    2012-07-18 23:59 - 2012-07-18 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE6DCFDDB281F84
    2012-07-18 23:55 - 2012-07-18 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97037AB9CA326A18
    2012-07-18 23:51 - 2012-07-18 23:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72ABAAC643EB0956
    2012-07-18 23:47 - 2012-07-18 23:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A8C0D56EF53DF9D
    2012-07-18 23:43 - 2012-07-18 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161A85B8E10F93B4
    2012-07-18 23:39 - 2012-07-18 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7BCB55E3234EC0B4
    2012-07-18 23:36 - 2012-07-18 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBBE6F893D8AAB63
    2012-07-18 23:33 - 2012-07-18 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51F6EE6AA4F65E39
    2012-07-18 23:30 - 2012-07-18 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDF20EF89FF04E0E
    2012-07-18 23:26 - 2012-07-18 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5A7CCEF1E5AA53
    2012-07-18 23:23 - 2012-07-18 23:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9D1CAE3D1AE505D
    2012-07-18 23:19 - 2012-07-18 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09284ABAB96E4FD5
    2012-07-18 23:15 - 2012-07-18 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED6D21BC7A757C45
    2012-07-18 23:11 - 2012-07-18 23:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.121B0451ECBDFDD5
    2012-07-18 23:07 - 2012-07-18 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F4752F21AF4574D
    2012-07-18 23:03 - 2012-07-18 23:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09647A2B196D50A5
    2012-07-18 22:59 - 2012-07-18 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6832FF2C97DE59DB
    2012-07-18 22:55 - 2012-07-18 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDDA5E40CFD40E94
    2012-07-18 22:51 - 2012-07-18 22:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A905A39677D111FE
    2012-07-18 22:47 - 2012-07-18 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.293C2064873A7BAC
    2012-07-18 22:43 - 2012-07-18 22:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FE4159CBB221DC2
    2012-07-18 22:40 - 2012-07-18 22:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35A421A343C05253
    2012-07-18 22:36 - 2012-07-18 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BC48203204614F9
    2012-07-18 22:32 - 2012-07-18 22:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A9A44EE0BC2E761
    2012-07-18 22:28 - 2012-07-18 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C126081EDE45BA59
    2012-07-18 22:24 - 2012-07-18 22:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D3B817BCADDE2E4
    2012-07-18 22:20 - 2012-07-18 22:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.579AEFB3B183909E
    2012-07-18 22:16 - 2012-07-18 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1367D0B4429A6342
    2012-07-18 22:12 - 2012-07-18 22:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D9F601433E0FC57
    2012-07-18 22:09 - 2012-07-18 22:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD01DFE7DDAFB7E
    2012-07-18 22:05 - 2012-07-18 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E761630D42E3DD1B
    2012-07-18 22:01 - 2012-07-18 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C88F8569AA97F72
    2012-07-18 21:57 - 2012-07-18 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B638F9F243951054
    2012-07-18 21:53 - 2012-07-18 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4945F27025658434
    2012-07-18 21:49 - 2012-07-18 21:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2EA4DD7C01E3BF71
    2012-07-18 21:45 - 2012-07-18 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CBE46BFBBC6827C
    2012-07-18 21:41 - 2012-07-18 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2423E3D44F7C1A1
    2012-07-18 21:39 - 2012-07-18 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.098AD5A0B5C8E086
    2012-07-18 21:36 - 2012-07-18 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.300856C1C0B9E4F1
    2012-07-18 21:27 - 2012-07-18 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E01DE9AF724BC81
    2012-07-18 21:23 - 2012-07-18 21:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D20DE713E5D0E637
    2012-07-18 21:19 - 2012-07-18 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C2D7EB40E464786
    2012-07-18 21:15 - 2012-07-18 21:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3218472A43666043
    2012-07-18 21:11 - 2012-07-18 21:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFE2077D290A996F
    2012-07-18 21:07 - 2012-07-18 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D4E7E151F067656
    2012-07-18 21:04 - 2012-07-18 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E71541B724CE3868
    2012-07-18 21:00 - 2012-07-18 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B2C77A8F024BBF9
    2012-07-18 20:56 - 2012-07-18 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C1FCC0185652E0
    2012-07-18 20:52 - 2012-07-18 20:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D58086AE1398978
    2012-07-18 20:48 - 2012-07-18 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D667886F9AFF379
    2012-07-18 20:45 - 2012-07-18 20:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD0989D23972F88F
    2012-07-18 20:41 - 2012-07-18 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270F233F66B1B461
    2012-07-18 20:37 - 2012-07-18 20:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.588BE356B8B3CF67
    2012-07-18 20:33 - 2012-07-18 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60BB71AC54F79F4C
    2012-07-18 20:29 - 2012-07-18 20:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.08F106AF6BC49427
    2012-07-18 20:26 - 2012-07-18 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0686A70F7ADD20E8
    2012-07-18 20:22 - 2012-07-18 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A19B164C723AC09A
    2012-07-18 20:18 - 2012-07-18 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAEE3D72B870826A
    2012-07-18 20:14 - 2012-07-18 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A31842DD7D5F6BA
    2012-07-18 20:10 - 2012-07-18 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB93D1481CF823D4
    2012-07-18 20:07 - 2012-07-18 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A6FE9ECC9B3EBB
    2012-07-18 20:03 - 2012-07-18 20:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8265D7166AF0B345
    2012-07-18 19:59 - 2012-07-18 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CE41E113145762A
    2012-07-18 19:55 - 2012-07-18 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1CB169D4C66A6E8
    2012-07-18 19:52 - 2012-07-18 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FF7D657BA0F7000
    2012-07-18 19:48 - 2012-07-18 19:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C3E9119AA5943BF
    2012-07-18 19:44 - 2012-07-18 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D73916EC0BA5423
    2012-07-18 19:41 - 2012-07-18 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96FA4F5BC7FA83AA
    2012-07-18 19:37 - 2012-07-18 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9480E75336B6B2C
    2012-07-18 19:33 - 2012-07-18 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E2D4E59DB2A00CF
    2012-07-18 19:29 - 2012-07-18 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7EC7F7B2E3331EE
    2012-07-18 19:26 - 2012-07-18 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF308C93561FE889
    2012-07-18 19:19 - 2012-07-18 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63A03179C4976731
    2012-07-18 19:16 - 2012-07-18 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76E9808B86FA6F06
    2012-07-18 19:13 - 2012-07-18 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FAB7D2AEFF083AB
    2012-07-18 19:07 - 2012-07-18 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.697D46FD72B6E24D
    2012-07-18 19:04 - 2012-07-18 19:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DBC44946E3E915
    2012-07-18 19:00 - 2012-07-18 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F2D0B622835D1A4
    2012-07-18 18:56 - 2012-07-18 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.140C378DB7AC1D05
    2012-07-18 18:45 - 2012-07-18 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D51F8EA689083EC
    2012-07-18 18:41 - 2012-07-18 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.313B89F2F04C60FE
    2012-07-18 18:36 - 2012-07-18 18:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABE03E4AC5C30460
    2012-07-18 18:28 - 2012-07-18 18:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4F9BCFB31B6FFAB
    2012-07-18 18:25 - 2012-07-18 18:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6ADC9D02FE6F4C4D
    2012-07-18 18:21 - 2012-07-18 18:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB3DED18F99E952
    2012-07-18 18:17 - 2012-07-18 18:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9B39DD6C12C326E
    2012-07-18 18:12 - 2012-07-18 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36644E88DD9C620D
    2012-07-18 18:07 - 2012-07-18 18:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF69EEB6DBD3A289
    2012-07-18 17:57 - 2012-07-18 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-18 17:57 - 2012-07-18 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-18 15:13 - 2012-07-18 15:13 - 00000049 ____A C:\Users\tk\Desktop\AnviSoft.url
    2012-07-18 15:09 - 2012-07-18 15:09 - 00000000 ____D C:\Users\tk\AppData\Roaming\Malwarebytes
    2012-07-18 15:09 - 2012-07-18 15:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-18 15:01 - 2012-07-18 15:07 - 00001238 ____A C:\Users\tk\Desktop\FixExec.txt
    2012-07-18 15:01 - 2012-07-18 15:01 - 00457632 ____A (Bleeping Computer, LLC) C:\Users\tk\Desktop\FixExec.com
    2012-07-18 14:57 - 2012-07-18 14:57 - 00000000 ____D C:\Windows\Sun
    2012-07-18 14:54 - 2012-07-18 14:54 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-18 14:38 - 2012-07-18 14:38 - 00000000 ____D C:\Users\tk\AppData\Local\{D6BC88B6-D128-11E1-8270-B8AC6F996F26}
    2012-07-18 14:35 - 2012-07-18 14:37 - 00000000 ____D C:\Users\All Users\7531E8D00000287702F228E5F875F002
    2012-07-18 14:35 - 2012-07-18 14:35 - 00377344 ____A (Dogbert) C:\Users\tk\AppData\Roaming\sinen.dll
    2012-07-18 14:35 - 2012-07-18 14:35 - 00000000 ____D C:\Users\tk\AppData\Local\{D6BC578F-D128-11E1-8270-B8AC6F996F26}
    2012-07-18 13:35 - 2012-07-18 13:35 - 00012001 ____A C:\Users\tk\Desktop\Embed wordpress Blog to your website {Code} « (.htm
    2012-07-18 13:35 - 2012-07-18 13:35 - 00000000 ____D C:\Users\tk\Desktop\Embed wordpress Blog to your website {Code} « (_files
    2012-07-18 12:05 - 2012-07-18 12:36 - 00000000 ____A C:\Users\tk\Documents\Nuance Image Printer Writer Port
    2012-07-18 05:04 - 2012-07-18 05:04 - 00019806 ____A C:\Users\tk\Downloads\download
    2012-07-13 17:27 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-13 17:22 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-13 17:22 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-13 17:22 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-13 17:22 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-13 17:22 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-13 17:22 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-13 17:22 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-13 17:22 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-13 17:22 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-13 17:22 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-13 17:22 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-13 17:22 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-13 17:22 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-13 17:22 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-13 17:22 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-13 17:22 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-13 17:22 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-13 17:22 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-13 17:22 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-13 17:22 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-13 17:22 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-13 17:22 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-13 17:22 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-13 17:22 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-13 17:22 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-13 17:22 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-13 17:22 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-13 17:22 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-12 09:33 - 2012-07-12 09:33 - 00002061 ____A C:\Users\tk\Desktop\script_conference.txt
    2012-07-11 16:02 - 2012-07-11 16:02 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
     
  4. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    2012-07-11 01:12 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 01:12 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 01:11 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 01:11 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 01:11 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 01:11 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 01:11 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 01:11 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 01:11 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 01:11 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 01:11 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 01:11 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 01:11 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 01:11 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 01:11 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 01:11 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 01:11 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 01:11 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 01:11 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-09 11:13 - 2012-07-09 11:13 - 01606064 ____A C:\Users\tk\Downloads\googletalk-setup.exe
    2012-07-09 11:13 - 2012-07-09 11:13 - 00000000 ____D C:\Users\tk\AppData\Roaming\Google
    2012-07-02 11:35 - 2012-07-02 10:15 - 00149909 ____A C:\Users\tk\Documents\vegas.doc_0.odt
    2012-07-01 16:24 - 2012-07-10 16:50 - 00000000 ____D C:\Users\tk\Documents\big dog
    2012-06-27 12:51 - 2012-07-10 13:36 - 01695405 ____A C:\Users\tk\Desktop\full-monthy.psd
    2012-06-25 15:56 - 2012-06-25 16:08 - 02351408 ____A C:\Users\tk\Desktop\exhibit.psd
    2012-06-23 12:58 - 2012-06-23 12:58 - 00000221 ____A C:\Users\Public\Desktop\OMPM.url
    2012-06-23 12:57 - 2012-06-23 12:58 - 00000000 ____D C:\Users\tk\AppData\Roaming\postgresql
    2012-06-23 12:57 - 2012-06-23 12:57 - 00001258 ____A C:\Users\Public\Desktop\OMPM v2.0 User Guide.lnk
    2012-06-23 12:57 - 2012-06-23 12:57 - 00000000 ____D C:\usr
    2012-06-23 12:34 - 2012-06-24 09:16 - 00000000 ____D C:\users\postgres
    2012-06-23 12:34 - 2012-06-23 12:34 - 00000020 __ASH C:\Users\postgres\ntuser.ini
    2012-06-23 12:34 - 2010-06-25 08:15 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
    2012-06-23 12:32 - 2012-06-23 12:32 - 00000000 ____D C:\Program Files (x86)\PostgreSQL
    2012-06-23 12:30 - 2012-06-23 12:31 - 00196608 ____A C:\Windows\ocsetup_install_Printing-Foundation-LPRPortMonitor.etl
    2012-06-23 12:30 - 2012-06-23 12:31 - 00028764 ____A C:\Windows\ocsetup_cbs_install_Printing-Foundation-LPRPortMonitor.txt
    2012-06-23 12:23 - 2012-06-23 12:23 - 00000000 ____D C:\Program Files (x86)\DELL
    2012-06-23 07:20 - 2012-06-23 07:20 - 00000000 ____D C:\Users\tk\AppData\Local\Macromedia
    2012-06-23 07:02 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-23 07:02 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-22 07:26 - 2012-06-22 07:25 - 07448122 ____A C:\Users\tk\Desktop\signlogix.air
    2012-06-20 23:12 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 23:12 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-20 23:12 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 23:12 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 23:12 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-20 23:12 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 23:12 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-20 23:12 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 23:12 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 15:31 - 2012-06-19 15:32 - 00000000 ____D C:\Program Files (x86)\Decompile Flash
    2012-06-19 15:23 - 2012-06-19 15:23 - 00000000 ____D C:\Users\tk\AppData\Roaming\PDAppFlex
    2012-06-19 15:22 - 2012-06-21 13:02 - 00000000 ____D C:\Users\tk\Documents\Adobe
    2012-06-19 15:22 - 2012-06-19 15:22 - 00000000 ____D C:\Users\tk\AppData\Roaming\PACE Anti-Piracy
    2012-06-19 15:22 - 2012-06-19 15:22 - 00000000 ____D C:\Users\tk\AppData\Local\PACE Anti-Piracy
    2012-06-19 15:22 - 2012-06-19 15:22 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
    2012-06-19 15:17 - 2012-06-19 15:17 - 00000000 ____A C:\templateaviwriter.avi
    2012-06-19 15:08 - 2012-06-21 06:36 - 00000000 ____D C:\Program Files (x86)\Flash-SWF to AVI-GIF
    2012-06-19 14:53 - 2012-06-21 05:53 - 00000000 ____D C:\Users\All Users\Eltima Software

    ============ 3 Months Modified Files ========================

    2012-07-19 12:30 - 2009-07-13 21:13 - 00729706 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-19 12:29 - 2012-07-19 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BC829C1B53C08AB
    2012-07-19 12:29 - 2012-07-19 12:29 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kkqjhgbg.sys
    2012-07-19 12:25 - 2010-03-27 07:15 - 01917382 ____A C:\Windows\WindowsUpdate.log
    2012-07-19 12:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-19 12:24 - 2009-07-13 20:51 - 00081579 ____A C:\Windows\setupact.log
    2012-07-19 12:22 - 2012-07-19 12:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7283B347993FE79F
    2012-07-19 12:18 - 2012-07-19 12:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70797EE0D88DDE33
    2012-07-19 12:16 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-19 12:12 - 2011-07-31 19:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-19 12:03 - 2012-04-11 05:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-19 12:01 - 2012-07-19 12:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB328166EEEE62B5
    2012-07-19 11:56 - 2012-07-19 11:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD30C735AB80758C
    2012-07-19 11:52 - 2012-07-19 11:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05424A7A1F940F1D
    2012-07-19 11:48 - 2012-07-19 11:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62C74E31FFE65BDE
    2012-07-19 11:44 - 2012-07-19 11:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE35E82A6BE804F4
    2012-07-19 11:43 - 2011-07-31 19:03 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-19 11:39 - 2012-07-19 11:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3851A5CB6E0EDDB1
    2012-07-19 11:35 - 2012-07-19 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1771F544E00E31A0
    2012-07-19 11:32 - 2010-07-30 11:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001UA.job
    2012-07-19 11:31 - 2012-07-19 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078D2ACE6FC970BD
    2012-07-19 11:27 - 2012-07-19 11:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5E2305445EB8FFC
    2012-07-19 11:22 - 2012-07-19 11:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C14D2489A0877B6F
    2012-07-19 11:18 - 2012-07-19 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D9FF0229EB44F3
    2012-07-19 11:14 - 2012-07-19 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6909B42E8CFB777
    2012-07-19 11:10 - 2012-07-19 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF9CB0B97671049A
    2012-07-19 11:05 - 2012-07-19 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27BF181AEBC94E5D
    2012-07-19 11:01 - 2012-07-19 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BFD037613D2EC49
    2012-07-19 10:57 - 2012-07-19 10:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BDB6DDB2CAB9087
    2012-07-19 10:53 - 2012-07-19 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E06440BC5751669
    2012-07-19 10:49 - 2012-07-19 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550B702A075A6254
    2012-07-19 10:44 - 2012-07-19 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DC2DD7634EA9AB0
    2012-07-19 10:41 - 2012-07-19 10:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F0627BE3A491193
    2012-07-19 10:38 - 2012-07-19 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.371618A059E62427
    2012-07-19 10:35 - 2012-07-19 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2876BFDF63C09006
    2012-07-19 10:29 - 2012-07-19 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B09CE610A52DD4C
    2012-07-19 10:25 - 2012-07-19 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161EA0EF784EFA42
    2012-07-19 10:21 - 2012-07-19 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.943E27EF67447844
    2012-07-19 10:17 - 2012-07-19 10:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F50BCB0F332D0B3
    2012-07-19 10:12 - 2012-07-19 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C504180647D5FC3D
    2012-07-19 10:08 - 2012-07-19 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.101492269AE95CE4
    2012-07-19 10:04 - 2012-07-19 10:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B9B46427EFBDE3B
    2012-07-19 10:00 - 2012-07-19 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A14F5FF719C5171E
    2012-07-19 09:56 - 2012-07-19 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E942654E8B4BAF2C
    2012-07-19 09:52 - 2012-07-19 09:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBED8CA135EAFEB9
    2012-07-19 09:47 - 2012-07-19 09:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE05CB7BB126948F
    2012-07-19 09:43 - 2012-07-19 09:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B9CD719AA7A137F
    2012-07-19 09:41 - 2008-09-19 03:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
    2012-07-19 09:40 - 2012-07-19 09:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A22B9B97F344D2E
    2012-07-19 04:32 - 2012-07-19 04:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B1A5CAC1A1F9E5
    2012-07-19 04:28 - 2012-07-19 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF61C687DB9F6DAB
    2012-07-19 04:24 - 2012-07-19 04:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C98EDA0F72FFBAE8
    2012-07-19 04:20 - 2012-07-19 04:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7621764D09C72118
    2012-07-19 04:11 - 2012-07-19 04:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4212A5DC0929300A
    2012-07-19 04:07 - 2012-07-19 04:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A8B60BC105F1506
    2012-07-19 04:03 - 2012-07-19 04:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D0CEDC79DF16AB4
    2012-07-19 03:59 - 2012-07-19 03:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB1EE666771D478F
    2012-07-19 03:55 - 2012-07-19 03:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BB6213B4C3EF0F0
    2012-07-19 03:51 - 2012-07-19 03:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B80CE919179DFBA
    2012-07-19 03:47 - 2012-07-19 03:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.664F0BABC2061262
    2012-07-19 03:43 - 2012-07-19 03:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53BC6922F1E5EC4F
    2012-07-19 03:39 - 2012-07-19 03:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53F030F8F25233D2
    2012-07-19 03:33 - 2012-07-19 03:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.997D718E97CB5825
    2012-07-19 03:29 - 2012-07-19 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75146DC3A7A66464
    2012-07-19 03:25 - 2012-07-19 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73B73BE43EB5BC3C
    2012-07-19 03:21 - 2012-07-19 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F2AD6DEC40D6F61
    2012-07-19 03:16 - 2012-07-19 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54CDC00A34CD1320
    2012-07-19 03:12 - 2012-07-19 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7F940BF675570A1
    2012-07-19 03:08 - 2012-07-19 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FA2282316D81630
    2012-07-19 03:04 - 2012-07-19 03:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C21A2F17463EF1D4
    2012-07-19 02:43 - 2012-07-19 02:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB38C376C6060985
    2012-07-19 02:38 - 2012-07-19 02:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4CB794B3E0877C0
    2012-07-19 02:34 - 2012-07-19 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7F468E8D7C94C592
    2012-07-19 02:30 - 2012-07-19 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9C284C6550FFF77
    2012-07-19 02:26 - 2012-07-19 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16D17C8A9AB9B375
    2012-07-19 02:22 - 2012-07-19 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8BFB08741DAEE63
    2012-07-19 02:18 - 2012-07-19 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE13A155986B4FA1
    2012-07-19 02:14 - 2012-07-19 02:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6721482DFC973B9
    2012-07-19 02:10 - 2012-07-19 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.351F791D5A057244
    2012-07-19 02:05 - 2012-07-19 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B0F48A1311A39F5
    2012-07-19 02:01 - 2012-07-19 02:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86B137DB670D7709
    2012-07-19 01:57 - 2012-07-19 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D23698C89536A26
    2012-07-19 01:53 - 2012-07-19 01:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58D78131AFDD375C
    2012-07-19 01:46 - 2012-07-19 01:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3AFCA8ACA4D751D
    2012-07-19 01:33 - 2012-07-19 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96FDF96CFD2348BA
    2012-07-19 01:27 - 2012-07-19 01:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABAE76FD5180B83
    2012-07-19 01:22 - 2012-07-19 01:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.671FA62784A43FC8
    2012-07-19 01:18 - 2012-07-19 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCBFF3D4AF9E1A81
    2012-07-19 01:14 - 2012-07-19 01:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD95674F7B821EE0
    2012-07-19 01:10 - 2012-07-19 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3617C756DC7311B4
    2012-07-19 01:06 - 2012-07-19 01:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBDFE97B92324194
    2012-07-19 01:02 - 2012-07-19 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C216771FC7A223EA
    2012-07-19 00:58 - 2012-07-19 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DA55FB44A84299D
    2012-07-19 00:54 - 2012-07-19 00:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EE92C21A5607065
    2012-07-19 00:51 - 2012-07-19 00:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3F5A2665C3A0658
    2012-07-19 00:46 - 2012-07-19 00:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.953E21FD0913233B
    2012-07-19 00:43 - 2012-07-19 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17FA66126636632C
    2012-07-19 00:39 - 2012-07-19 00:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AB4956E2C299101
    2012-07-19 00:35 - 2012-07-19 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B29FCD312A8F795
    2012-07-19 00:31 - 2012-07-19 00:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59BB145B59BB794F
    2012-07-19 00:27 - 2012-07-19 00:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB43952D9BFFFDD9
    2012-07-19 00:23 - 2012-07-19 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BA036EB2F5FFC13
    2012-07-19 00:19 - 2012-07-19 00:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FCF829B32DDB943
    2012-07-19 00:15 - 2012-07-19 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1396F9BE238207AF
    2012-07-19 00:11 - 2012-07-19 00:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.992234CA4EFD095B
    2012-07-19 00:07 - 2012-07-19 00:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F17AE09814C1FEA6
    2012-07-19 00:03 - 2012-07-19 00:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AE09B28C0A16379
    2012-07-18 23:59 - 2012-07-18 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE6DCFDDB281F84
    2012-07-18 23:55 - 2012-07-18 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97037AB9CA326A18
    2012-07-18 23:51 - 2012-07-18 23:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72ABAAC643EB0956
    2012-07-18 23:47 - 2012-07-18 23:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A8C0D56EF53DF9D
    2012-07-18 23:43 - 2012-07-18 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.161A85B8E10F93B4
    2012-07-18 23:39 - 2012-07-18 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7BCB55E3234EC0B4
    2012-07-18 23:36 - 2012-07-18 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBBE6F893D8AAB63
    2012-07-18 23:33 - 2012-07-18 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51F6EE6AA4F65E39
    =============
     
  5. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    2012-07-18 23:32 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-18 23:30 - 2012-07-18 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDF20EF89FF04E0E
    2012-07-18 23:26 - 2012-07-18 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A5A7CCEF1E5AA53
    2012-07-18 23:23 - 2012-07-18 23:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9D1CAE3D1AE505D
    2012-07-18 23:19 - 2012-07-18 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09284ABAB96E4FD5
    2012-07-18 23:15 - 2012-07-18 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED6D21BC7A757C45
    2012-07-18 23:11 - 2012-07-18 23:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.121B0451ECBDFDD5
    2012-07-18 23:07 - 2012-07-18 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F4752F21AF4574D
    2012-07-18 23:03 - 2012-07-18 23:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09647A2B196D50A5
    2012-07-18 22:59 - 2012-07-18 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6832FF2C97DE59DB
    2012-07-18 22:55 - 2012-07-18 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDDA5E40CFD40E94
    2012-07-18 22:51 - 2012-07-18 22:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A905A39677D111FE
    2012-07-18 22:47 - 2012-07-18 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.293C2064873A7BAC
    2012-07-18 22:43 - 2012-07-18 22:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FE4159CBB221DC2
    2012-07-18 22:40 - 2012-07-18 22:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35A421A343C05253
    2012-07-18 22:36 - 2012-07-18 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BC48203204614F9
    2012-07-18 22:32 - 2012-07-18 22:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A9A44EE0BC2E761
    2012-07-18 22:28 - 2012-07-18 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C126081EDE45BA59
    2012-07-18 22:24 - 2012-07-18 22:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D3B817BCADDE2E4
    2012-07-18 22:20 - 2012-07-18 22:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.579AEFB3B183909E
    2012-07-18 22:16 - 2012-07-18 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1367D0B4429A6342
    2012-07-18 22:12 - 2012-07-18 22:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D9F601433E0FC57
    2012-07-18 22:09 - 2012-07-18 22:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD01DFE7DDAFB7E
    2012-07-18 22:05 - 2012-07-18 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E761630D42E3DD1B
    2012-07-18 22:01 - 2012-07-18 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C88F8569AA97F72
    2012-07-18 21:57 - 2012-07-18 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B638F9F243951054
    2012-07-18 21:53 - 2012-07-18 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4945F27025658434
    2012-07-18 21:49 - 2012-07-18 21:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2EA4DD7C01E3BF71
    2012-07-18 21:45 - 2012-07-18 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CBE46BFBBC6827C
    2012-07-18 21:41 - 2012-07-18 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2423E3D44F7C1A1
    2012-07-18 21:39 - 2012-07-18 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.098AD5A0B5C8E086
    2012-07-18 21:36 - 2012-07-18 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.300856C1C0B9E4F1
    2012-07-18 21:27 - 2012-07-18 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E01DE9AF724BC81
    2012-07-18 21:23 - 2012-07-18 21:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D20DE713E5D0E637
    2012-07-18 21:19 - 2012-07-18 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C2D7EB40E464786
    2012-07-18 21:15 - 2012-07-18 21:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3218472A43666043
    2012-07-18 21:11 - 2012-07-18 21:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFE2077D290A996F
    2012-07-18 21:07 - 2012-07-18 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D4E7E151F067656
    2012-07-18 21:04 - 2012-07-18 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E71541B724CE3868
    2012-07-18 21:00 - 2012-07-18 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B2C77A8F024BBF9
    2012-07-18 20:56 - 2012-07-18 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C1FCC0185652E0
    2012-07-18 20:52 - 2012-07-18 20:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D58086AE1398978
    2012-07-18 20:48 - 2012-07-18 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D667886F9AFF379
    2012-07-18 20:45 - 2012-07-18 20:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD0989D23972F88F
    2012-07-18 20:41 - 2012-07-18 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270F233F66B1B461
    2012-07-18 20:37 - 2012-07-18 20:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.588BE356B8B3CF67
    2012-07-18 20:33 - 2012-07-18 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.60BB71AC54F79F4C
    2012-07-18 20:29 - 2012-07-18 20:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.08F106AF6BC49427
    2012-07-18 20:26 - 2012-07-18 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0686A70F7ADD20E8
    2012-07-18 20:22 - 2012-07-18 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A19B164C723AC09A
    2012-07-18 20:18 - 2012-07-18 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAEE3D72B870826A
    2012-07-18 20:14 - 2012-07-18 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A31842DD7D5F6BA
    2012-07-18 20:10 - 2012-07-18 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB93D1481CF823D4
    2012-07-18 20:07 - 2012-07-18 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A6FE9ECC9B3EBB
    2012-07-18 20:03 - 2012-07-18 20:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8265D7166AF0B345
    2012-07-18 19:59 - 2012-07-18 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CE41E113145762A
    2012-07-18 19:55 - 2012-07-18 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1CB169D4C66A6E8
    2012-07-18 19:52 - 2012-07-18 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FF7D657BA0F7000
    2012-07-18 19:48 - 2012-07-18 19:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C3E9119AA5943BF
    2012-07-18 19:44 - 2012-07-18 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D73916EC0BA5423
    2012-07-18 19:41 - 2012-07-18 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96FA4F5BC7FA83AA
    2012-07-18 19:37 - 2012-07-18 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9480E75336B6B2C
    2012-07-18 19:33 - 2012-07-18 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E2D4E59DB2A00CF
    2012-07-18 19:29 - 2012-07-18 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7EC7F7B2E3331EE
    2012-07-18 19:26 - 2012-07-18 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF308C93561FE889
    2012-07-18 19:19 - 2012-07-18 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63A03179C4976731
    2012-07-18 19:16 - 2012-07-18 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76E9808B86FA6F06
    2012-07-18 19:13 - 2012-07-18 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FAB7D2AEFF083AB
    2012-07-18 19:07 - 2012-07-18 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.697D46FD72B6E24D
    2012-07-18 19:04 - 2012-07-18 19:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DBC44946E3E915
    2012-07-18 19:00 - 2012-07-18 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F2D0B622835D1A4
    2012-07-18 18:56 - 2012-07-18 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.140C378DB7AC1D05
    2012-07-18 18:45 - 2012-07-18 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D51F8EA689083EC
    2012-07-18 18:41 - 2012-07-18 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.313B89F2F04C60FE
    2012-07-18 18:36 - 2012-07-18 18:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABE03E4AC5C30460
    2012-07-18 18:28 - 2012-07-18 18:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4F9BCFB31B6FFAB
    2012-07-18 18:25 - 2012-07-18 18:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6ADC9D02FE6F4C4D
    2012-07-18 18:21 - 2012-07-18 18:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB3DED18F99E952
    2012-07-18 18:17 - 2012-07-18 18:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9B39DD6C12C326E
    2012-07-18 18:12 - 2012-07-18 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36644E88DD9C620D
    2012-07-18 18:07 - 2012-07-18 18:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF69EEB6DBD3A289
    2012-07-18 17:58 - 2011-08-19 14:49 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-18 17:58 - 2011-08-19 14:47 - 00743364 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 17:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 17:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 17:48 - 2010-03-27 15:48 - 00866940 ____A C:\Windows\PFRO.log
    2012-07-18 15:13 - 2012-07-18 15:13 - 00000049 ____A C:\Users\tk\Desktop\AnviSoft.url
    2012-07-18 15:07 - 2012-07-18 15:01 - 00001238 ____A C:\Users\tk\Desktop\FixExec.txt
    2012-07-18 15:01 - 2012-07-18 15:01 - 00457632 ____A (Bleeping Computer, LLC) C:\Users\tk\Desktop\FixExec.com
    2012-07-18 14:47 - 2009-07-13 20:45 - 05007960 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-18 14:46 - 2011-03-04 06:46 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-07-18 14:44 - 2012-04-23 04:37 - 00000320 ____A C:\Windows\Tasks\HPCeeScheduleFortk.job
    2012-07-18 14:35 - 2012-07-18 14:35 - 00377344 ____A (Dogbert) C:\Users\tk\AppData\Roaming\sinen.dll
    2012-07-18 14:34 - 2011-04-27 12:05 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-07-18 13:35 - 2012-07-18 13:35 - 00012001 ____A C:\Users\tk\Desktop\Embed wordpress Blog to your website {Code} « (.htm
    2012-07-18 12:36 - 2012-07-18 12:05 - 00000000 ____A C:\Users\tk\Documents\Nuance Image Printer Writer Port
    2012-07-18 05:04 - 2012-07-18 05:04 - 00019806 ____A C:\Users\tk\Downloads\download
    2012-07-17 23:32 - 2010-07-30 11:29 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001Core.job
    2012-07-16 14:36 - 2012-06-01 06:14 - 00001456 ____A C:\Users\tk\AppData\Local\Adobe Save for Web 13.0 Prefs
    2012-07-16 14:28 - 2010-03-27 07:16 - 00098672 ____A C:\Users\tk\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-15 23:08 - 2011-12-26 00:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-15 23:08 - 2010-03-28 07:18 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-13 17:23 - 2010-03-27 19:04 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-12 09:33 - 2012-07-12 09:33 - 00002061 ____A C:\Users\tk\Desktop\script_conference.txt
    2012-07-11 16:02 - 2012-07-11 16:02 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-07-11 16:02 - 2012-04-11 05:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 16:02 - 2011-05-16 16:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 11:07 - 2010-04-02 06:52 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
    2012-07-11 11:07 - 2010-04-02 06:52 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
    2012-07-11 11:07 - 2010-04-02 06:52 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
    2012-07-10 13:36 - 2012-06-27 12:51 - 01695405 ____A C:\Users\tk\Desktop\full-monthy.psd
    2012-07-09 11:13 - 2012-07-09 11:13 - 01606064 ____A C:\Users\tk\Downloads\googletalk-setup.exe
    2012-07-02 10:15 - 2012-07-02 11:35 - 00149909 ____A C:\Users\tk\Documents\vegas.doc_0.odt
    2012-06-30 08:32 - 2010-03-27 07:16 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2012-06-27 06:58 - 2012-05-14 12:36 - 00002362 ___AH C:\Users\tk\Documents\maxdesk.ini
    2012-06-27 06:54 - 2012-05-14 12:34 - 02361504 ___AH C:\Users\tk\Documents\PPThumbs.ptn
    2012-06-26 14:39 - 2012-03-14 18:03 - 00004357 ____A C:\Users\tk\Desktop\screens.txt
    2012-06-25 16:08 - 2012-06-25 15:56 - 02351408 ____A C:\Users\tk\Desktop\exhibit.psd
    2012-06-23 12:58 - 2012-06-23 12:58 - 00000221 ____A C:\Users\Public\Desktop\OMPM.url
    2012-06-23 12:57 - 2012-06-23 12:57 - 00001258 ____A C:\Users\Public\Desktop\OMPM v2.0 User Guide.lnk
    2012-06-23 12:34 - 2012-06-23 12:34 - 00000020 __ASH C:\Users\postgres\ntuser.ini
    2012-06-23 12:31 - 2012-06-23 12:30 - 00196608 ____A C:\Windows\ocsetup_install_Printing-Foundation-LPRPortMonitor.etl
    2012-06-23 12:31 - 2012-06-23 12:30 - 00028764 ____A C:\Windows\ocsetup_cbs_install_Printing-Foundation-LPRPortMonitor.txt
    2012-06-22 07:25 - 2012-06-22 07:26 - 07448122 ____A C:\Users\tk\Desktop\signlogix.air
    2012-06-19 15:17 - 2012-06-19 15:17 - 00000000 ____A C:\templateaviwriter.avi
    2012-06-11 19:08 - 2012-07-13 17:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 01:11 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 01:11 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-08 12:36 - 2012-06-08 12:35 - 00892912 ____A (Oracle Corporation) C:\Users\tk\Downloads\jre-7u4-windows-i586-iftw.exe
    2012-06-07 11:52 - 2011-08-29 16:16 - 00060304 ____A C:\Users\tk\g2mdlhlpx.exe
    2012-06-05 22:06 - 2012-07-11 01:12 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 01:12 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 01:11 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 01:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 01:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 01:11 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 06:53 - 2012-06-05 06:53 - 00000752 ____A C:\Windows\KB893803v2.log
    2012-06-05 05:36 - 2012-06-05 05:28 - 487666616 ____A (Adobe Systems Incorporated) C:\Users\tk\Downloads\AcrobatPro_10_Web_WWEFD.exe
    2012-06-05 05:25 - 2012-06-05 05:25 - 08727880 ____A C:\Users\tk\Downloads\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
    2012-06-04 07:38 - 2012-06-04 07:38 - 00003166 ____A C:\Users\tk\Downloads\lastlands.xml
    2012-06-02 14:19 - 2012-06-20 23:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 23:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-20 23:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 23:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-20 23:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-20 23:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-20 23:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:46 - 2012-06-02 11:46 - 00040508 ____A C:\Users\tk\Downloads\PTS55F-webfont.eot
    2012-06-02 11:46 - 2012-06-02 11:46 - 00040508 ____A C:\Users\tk\Downloads\PTS55F-webfont (1).eot
    2012-06-02 11:46 - 2012-06-02 11:46 - 00040324 ____A C:\Users\tk\Downloads\PTS55F-webfont.ttf
    2012-06-02 11:46 - 2012-06-02 11:46 - 00025548 ____A C:\Users\tk\Downloads\PTS55F-webfont.woff
    2012-06-02 11:19 - 2012-06-20 23:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-20 23:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-13 17:22 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-13 17:22 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-13 17:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-13 17:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-13 17:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-13 17:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-13 17:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-13 17:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-13 17:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-13 17:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-13 17:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-13 17:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-13 17:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-13 17:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-13 17:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-13 17:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-13 17:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-13 17:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-13 17:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-13 17:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-13 17:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-13 17:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-13 17:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-13 17:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-13 17:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-13 17:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-13 17:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-13 17:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-11 01:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 01:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 01:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 01:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 01:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 01:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 01:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 01:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 01:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 06:40 - 2012-06-01 06:40 - 01912583 ____A C:\Users\tk\Downloads\vectorstock_369021.zip
    2012-06-01 06:32 - 2012-06-01 06:32 - 03073790 ____A C:\Users\tk\Downloads\vectorstock_203555.zip
    2012-06-01 06:26 - 2012-06-01 06:26 - 01212748 ____A C:\Users\tk\Downloads\vectorstock_263347.zip
    2012-05-30 16:17 - 2012-05-30 16:17 - 01714367 ____A C:\Users\tk\Desktop\Adobe CS6-Crack and serial .zip
    2012-05-30 14:49 - 2009-11-10 17:23 - 00026744 ____A C:\Windows\DPINST.LOG
    2012-05-29 12:50 - 2012-05-29 12:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-05-28 11:09 - 2012-05-29 12:08 - 12336672 ____A C:\Users\tk\Downloads\update-cm-9-20120522-NIGHTLY-tenderloin-signed.zip
    2012-05-28 11:08 - 2012-05-29 12:09 - 33305989 ____A C:\Users\tk\Downloads\Gapps ICS 4.0.3 11.12.22.zip
    2012-05-28 11:06 - 2012-05-29 12:53 - 09097417 ____A C:\Users\tk\Downloads\ACMEInstaller2
    2012-05-28 11:06 - 2012-05-29 12:10 - 05183006 ____A C:\Users\tk\Downloads\update-cwm_tenderloin-1012.zip
    2012-05-28 11:06 - 2012-05-29 11:57 - 00043240 ____A C:\Users\tk\Downloads\moboot_0.3.5.zip
    2012-05-28 11:04 - 2012-05-29 12:00 - 00232221 ____A C:\Users\tk\Downloads\UniversalNovacomInstaller.jar
    2012-05-22 02:34 - 2010-04-02 06:52 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2012-05-18 09:20 - 2012-05-18 07:35 - 00506787 ____A C:\Users\tk\Downloads\mediaplayer.zip
    2012-05-07 11:43 - 2012-05-07 11:43 - 00095232 ____A C:\Users\tk\Desktop\all shallow dive emails.xls
    2012-05-04 03:06 - 2012-06-12 17:23 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-23 07:02 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-12 17:23 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 17:23 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-23 07:02 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 11:31 - 2012-04-28 17:03 - 00018487 ____A C:\Users\tk\Documents\calories.ods
    2012-05-03 04:41 - 2012-05-03 04:41 - 00018967 ____A C:\Users\tk\Downloads\setres.zip
    2012-04-30 21:40 - 2012-06-12 17:23 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 12:21 - 2012-04-29 12:21 - 01462304 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm228.sys
    2012-04-29 12:21 - 2012-04-29 12:21 - 00880160 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2012-04-29 12:21 - 2012-04-29 12:21 - 00222240 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2012-04-29 12:21 - 2012-04-29 12:21 - 00083488 ____A (Acronis) C:\Windows\System32\Drivers\tifsfilt.sys
    2012-04-29 12:21 - 2012-04-29 12:21 - 00001177 ____A C:\Users\tk\Desktop\Acronis True Image Home 2009.lnk
    2012-04-29 11:53 - 2012-04-29 12:23 - 00017878 ____A C:\Users\tk\Documents\asbury%20florida.xls_1.ods
    2012-04-27 19:55 - 2012-06-12 17:23 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-12 17:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 17:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 17:23 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 17:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 17:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 17:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 17:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 17:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 17:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ZeroAccess:
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\@
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\L
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\U
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\U\00000001.@
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\U\800000cb.@

    ZeroAccess:
    C:\Users\tk\AppData\Local\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}
    C:\Users\tk\AppData\Local\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\@
    C:\Users\tk\AppData\Local\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\L
    C:\Users\tk\AppData\Local\{c1ef92ef-c509-2f09-fdf3-dcf359a65723}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 7927.89 MB
    Available physical RAM: 6779.16 MB
    Total Pagefile: 7926.04 MB
    Available Pagefile: 6847.66 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:686.19 GB) (Free:447.42 GB) NTFS
    2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.34 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.67 GB) FAT32
    5 Drive h: (SimpleDrive) (Fixed) (Total:232.88 GB) (Free:83.67 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
    11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 2048 KB
    Disk 1 Online 3824 MB 0 B
    Disk 2 Online 232 GB 1024 KB
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 98 MB 1024 KB
    Partition 2 Primary 686 GB 101 MB
    Partition 3 Primary 12 GB 686 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 98 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C HP NTFS Partition 686 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E FACTORY_IMA NTFS Partition 12 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 536 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G KINGSTON FAT32 Removable 3823 MB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H SimpleDrive NTFS Partition 232 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-13 18:01

    ======================= End Of Log =============
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  7. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    thank you. combofix creating restore. will post logs soon.
     
  8. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    it has now rebooted. and has been on a screen that says "do not run any programs until ComboFix has finished" for the last 10 minutes.

    interesting the desktop icons are all in different order and the background is just plain black.

    the hard drive light is on -- and I can hear it working. So, I assume that waiting until complete -- whenever that is.

    Please let me know if I'm missing anything.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Be patient.
     
  10. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    combo fix

    ComboFix 12-07-19.02 - tk 07/19/2012 21:07:27.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.5710 [GMT -4:00]
    Running from: c:\users\tk\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\tk\AppData\Roaming\sinen.dll
    c:\users\tk\g2mdlhlpx.exe
    .
    ----- File Replicators -----
    .
    c:\users\tk\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
    c:\windows\Installer\{0284181F-355D-C4E1-B483-41992C48490E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
    c:\windows\Installer\{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    c:\windows\Installer\{14A4957E-46DB-4821-528D-8381B4376FE2}\ARPPRODUCTICON.exe
    c:\windows\Installer\{22139F5D-9405-455A-BDEB-658B1A4E4861}\ARPPRODUCTICON.exe
    c:\windows\Installer\{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}\ARPPRODUCTICON.exe
    c:\windows\Installer\{36B90A24-CE03-79C6-3DEE-1EFEE456377F}\ARPPRODUCTICON.exe
    c:\windows\Installer\{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{4377068C-A88F-53F7-EDAF-DBD7990AEB93}\ARPPRODUCTICON.exe
    c:\windows\Installer\{4907BDCE-4DF2-350C-24B2-9C509F004F1D}\ARPPRODUCTICON.exe
    c:\windows\Installer\{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{628690B9-A523-B37A-E001-D8E4581D573D}\ARPPRODUCTICON.exe
    c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
    c:\windows\Installer\{7371196E-FA5B-43AE-1AE2-875E98869B47}\ARPPRODUCTICON.exe
    c:\windows\Installer\{83907548-56BB-D892-1CAC-2F5EC0939B37}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9062CED6-AECC-E6C6-E6A0-A654CE167554}\ARPPRODUCTICON.exe
    c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{97E32194-C626-92E1-9AB9-64AA00CC7380}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
    c:\windows\Installer\{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}\ARPPRODUCTICON.exe
    c:\windows\Installer\{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}\ARPPRODUCTICON.exe
    c:\windows\Installer\{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D16193A3-921A-4134-B381-597C8F4B8EBD}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D781BE32-516F-957C-C080-8365111CAC18}\ARPPRODUCTICON.exe
    c:\windows\Installer\{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}\ARPPRODUCTICON.exe
    c:\windows\Installer\{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F86145F7-BF40-33F0-F07B-D10BE04F98AA}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 01:28 . 2012-07-20 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-20 00:43 . 2012-07-20 00:43 328704 ----a-w- c:\windows\system32\services.exe.26D3E8AD16DFCAD1
    2012-07-20 00:34 . 2012-07-20 00:34 328704 ----a-w- c:\windows\system32\services.exe.A835BEAECE3456D1
    2012-07-20 00:31 . 2012-07-20 00:31 328704 ----a-w- c:\windows\system32\services.exe.FF91A5CEF1605C2E
    2012-07-20 00:15 . 2012-07-20 00:15 328704 ----a-w- c:\windows\system32\services.exe.234A7E02F2424AA0
    2012-07-19 23:49 . 2012-07-19 23:49 328704 ----a-w- c:\windows\system32\services.exe.955237CFF998602B
    2012-07-19 23:45 . 2012-07-19 23:45 328704 ----a-w- c:\windows\system32\services.exe.5C8AC115B5409668
    2012-07-19 23:42 . 2012-07-19 23:42 328704 ----a-w- c:\windows\system32\services.exe.345BBCA812ED2D81
    2012-07-19 23:35 . 2012-07-19 23:35 328704 ----a-w- c:\windows\system32\services.exe.E7B30496335A5821
    2012-07-19 23:31 . 2012-07-19 23:31 328704 ----a-w- c:\windows\system32\services.exe.1B09D186E144C8C4
    2012-07-19 23:28 . 2012-07-19 23:28 328704 ----a-w- c:\windows\system32\services.exe.F95FC57405985162
    2012-07-19 23:24 . 2012-07-19 23:24 328704 ----a-w- c:\windows\system32\services.exe.232C25FB5636845B
    2012-07-19 23:20 . 2012-07-19 23:20 328704 ----a-w- c:\windows\system32\services.exe.6D883E4C20D5DB66
    2012-07-19 23:17 . 2012-07-19 23:17 328704 ----a-w- c:\windows\system32\services.exe.82317FD9AF76294F
    2012-07-19 23:14 . 2012-07-19 23:14 328704 ----a-w- c:\windows\system32\services.exe.EC298AEA8051F928
    2012-07-19 23:10 . 2012-07-19 23:10 328704 ----a-w- c:\windows\system32\services.exe.1097D186EA245C8E
    2012-07-19 23:10 . 2012-07-19 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 23:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-19 23:10 . 2012-07-20 01:30 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C1271D-08DF-483F-B279-07B35F8E8B8D}\offreg.dll
    2012-07-19 20:58 . 2012-07-19 20:58 328704 ----a-w- c:\windows\system32\services.exe.ACE4CB4773CD0145
    2012-07-19 20:29 . 2012-07-19 20:29 -------- d-----w- C:\FRST
    2012-07-19 02:03 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DED17D2-2873-4D34-B8D3-50C8910650FB}\gapaengine.dll
    2012-07-19 02:03 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C1271D-08DF-483F-B279-07B35F8E8B8D}\mpengine.dll
    2012-07-19 01:57 . 2012-07-19 01:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-19 01:57 . 2012-07-19 01:58 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-18 23:09 . 2012-07-18 23:09 -------- d-----w- c:\users\tk\AppData\Roaming\Malwarebytes
    2012-07-18 23:09 . 2012-07-18 23:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 22:57 . 2012-07-18 22:57 -------- d-----w- c:\windows\Sun
    2012-07-18 22:54 . 2012-07-18 22:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-18 22:38 . 2012-07-18 22:38 -------- d-----w- c:\users\tk\AppData\Local\{D6BC88B6-D128-11E1-8270-B8AC6F996F26}
    2012-07-18 22:35 . 2012-07-18 22:37 -------- d-----w- c:\programdata\7531E8D00000287702F228E5F875F002
    2012-07-18 22:35 . 2012-07-18 22:35 -------- d-----w- c:\users\tk\AppData\Local\{D6BC578F-D128-11E1-8270-B8AC6F996F26}
    2012-07-14 01:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 00:02 . 2012-07-12 00:02 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-11 09:12 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 09:12 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-23 20:57 . 2012-06-23 20:57 -------- d-----w- C:\usr
    2012-06-23 20:57 . 2012-06-23 20:58 -------- d-----w- c:\users\tk\AppData\Roaming\postgresql
    2012-06-23 20:34 . 2012-06-24 17:16 -------- d-----w- c:\users\postgres
    2012-06-23 20:32 . 2012-06-23 20:32 -------- d-----w- c:\program files (x86)\PostgreSQL
    2012-06-23 20:23 . 2012-06-23 20:23 -------- d-----w- c:\program files (x86)\DELL
    2012-06-23 15:20 . 2012-06-23 15:20 -------- d-----w- c:\users\tk\AppData\Local\Macromedia
    2012-06-23 15:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-23 15:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-21 14:49 . 2012-06-21 14:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-21 07:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 07:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 07:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 07:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 07:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 07:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 07:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 07:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 07:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-14 01:23 . 2010-03-28 03:04 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-12 00:02 . 2012-04-11 13:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 00:02 . 2011-05-17 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 19:07 . 2010-04-02 14:52 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-11 19:07 . 2010-04-02 14:52 34720 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-11 19:07 . 2010-04-02 14:52 80800 ----a-w- c:\windows\system32\LMIinit.dll
    2012-05-22 10:34 . 2010-04-02 14:52 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2012-05-04 11:06 . 2012-06-13 01:23 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 01:23 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 01:23 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 01:23 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-29 20:21 . 2012-04-29 20:21 1462304 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
    2012-04-29 20:21 . 2012-04-29 20:21 880160 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-04-29 20:21 . 2012-04-29 20:21 83488 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2012-04-29 20:21 . 2012-04-29 20:21 222240 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-04-28 03:55 . 2012-06-13 01:23 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 01:23 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 01:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 01:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 01:23 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 01:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 01:23 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 01:23 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 01:23 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 01:23 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-07-13 9798776]
    "Spotify Web Helper"="c:\users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-14 1192664]
    "googletalk"="c:\users\tk\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
    "Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files (x86)\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-10 639896]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    R2 Net-SNMP Trap Handler;Net-SNMP Trap Handler;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\snmptrapd.exe [2011-10-12 503808]
    R2 OMPM Service;OMPM Service;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe [2012-05-15 5690083]
    R2 OMPMWatchdogService;OMPM Watchdog Service;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe [2012-05-15 55804]
    R2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
    R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-28 288112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
    R3 ATIXPGAA;ATIXPGAA;c:\program files\PC-Doctor for Windows\ATIXPGAA.SYS [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 01/06/2010,0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2012-04-29 1462304]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
    S2 ContentPlayerService;Content Player Service;c:\program files (x86)\Four Winds Interactive\Content Player\ContentPlayerService.exe [2010-03-24 45568]
    S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-01-30 32336]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 JBAS50SVC;JBoss Application Server 5.0;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-5.0.0.GA\bin\jbosssvc.exe [2010-03-29 61440]
    S2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [2010-02-13 12800]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
    S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2011-09-09 315392]
    S2 NovacomD;Palm Novacom;c:\program files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [2011-09-19 61440]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 21072]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-22 452200]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:02]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 03:03]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 03:03]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001Core.job
    - c:\users\tk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 19:29]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001UA.job
    - c:\users\tk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 19:29]
    .
    2012-07-18 c:\windows\Tasks\HPCeeScheduleFortk.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
    .
    2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 421016]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: LastPass - file://c:\users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}\34963736F60363533333: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ------- File Associations -------
    .
    JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
    AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
    @Denied: (A 2 3) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
    @="%SystemRoot%\\Explorer.exe"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
    @="DAO.Client"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
    @="{C8618CE4-0624-1620-8336-6A6B696C7474}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Java\jre6\bin\java.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-19 22:00:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-20 02:00
    .
    Pre-Run: 479,653,744,640 bytes free
    Post-Run: 495,404,126,208 bytes free
    .
    - - End Of File - - CEEE5B039EEFAA6C4E8B0D2D1E800B59
     
  11. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    fixlog ---------------

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-19 20:56:37 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.0BC829C1B53C08AB moved successfully.
    C:\Windows\System32\Drivers\kkqjhgbg.sys not found.
    C:\Windows\System32\services.exe.7283B347993FE79F moved successfully.
    C:\Windows\System32\services.exe.70797EE0D88DDE33 moved successfully.
    C:\Windows\System32\services.exe.BB328166EEEE62B5 moved successfully.
    C:\Windows\System32\services.exe.CD30C735AB80758C moved successfully.
    C:\Windows\System32\services.exe.05424A7A1F940F1D moved successfully.
    C:\Windows\System32\services.exe.62C74E31FFE65BDE moved successfully.
    C:\Windows\System32\services.exe.FE35E82A6BE804F4 moved successfully.
    C:\Windows\System32\services.exe.3851A5CB6E0EDDB1 moved successfully.
    C:\Windows\System32\services.exe.1771F544E00E31A0 moved successfully.
    C:\Windows\System32\services.exe.078D2ACE6FC970BD moved successfully.
    C:\Windows\System32\services.exe.D5E2305445EB8FFC moved successfully.
    C:\Windows\System32\services.exe.C14D2489A0877B6F moved successfully.
    C:\Windows\System32\services.exe.E9D9FF0229EB44F3 moved successfully.
    C:\Windows\System32\services.exe.E6909B42E8CFB777 moved successfully.
    C:\Windows\System32\services.exe.FF9CB0B97671049A moved successfully.
    C:\Windows\System32\services.exe.27BF181AEBC94E5D moved successfully.
    C:\Windows\System32\services.exe.8BFD037613D2EC49 moved successfully.
    C:\Windows\System32\services.exe.3BDB6DDB2CAB9087 moved successfully.
    C:\Windows\System32\services.exe.0E06440BC5751669 moved successfully.
    C:\Windows\System32\services.exe.550B702A075A6254 moved successfully.
    C:\Windows\System32\services.exe.4DC2DD7634EA9AB0 moved successfully.
    C:\Windows\System32\services.exe.4F0627BE3A491193 moved successfully.
    C:\Windows\System32\services.exe.371618A059E62427 moved successfully.
    C:\Windows\System32\services.exe.2876BFDF63C09006 moved successfully.
    C:\Windows\System32\services.exe.9B09CE610A52DD4C moved successfully.
    C:\Windows\System32\services.exe.161EA0EF784EFA42 moved successfully.
    C:\Windows\System32\services.exe.943E27EF67447844 moved successfully.
    C:\Windows\System32\services.exe.4F50BCB0F332D0B3 moved successfully.
    C:\Windows\System32\services.exe.C504180647D5FC3D moved successfully.
    C:\Windows\System32\services.exe.101492269AE95CE4 moved successfully.
    C:\Windows\System32\services.exe.7B9B46427EFBDE3B moved successfully.
    C:\Windows\System32\services.exe.A14F5FF719C5171E moved successfully.
    C:\Windows\System32\services.exe.E942654E8B4BAF2C moved successfully.
    C:\Windows\System32\services.exe.EBED8CA135EAFEB9 moved successfully.
    C:\Windows\System32\services.exe.CE05CB7BB126948F moved successfully.
    C:\Windows\System32\services.exe.1B9CD719AA7A137F moved successfully.
    C:\Windows\System32\services.exe.3A22B9B97F344D2E moved successfully.
    C:\Windows\System32\services.exe.A2B1A5CAC1A1F9E5 moved successfully.
    C:\Windows\System32\services.exe.CF61C687DB9F6DAB moved successfully.
    C:\Windows\System32\services.exe.C98EDA0F72FFBAE8 moved successfully.
    C:\Windows\System32\services.exe.7621764D09C72118 moved successfully.
    C:\Windows\System32\services.exe.4212A5DC0929300A moved successfully.
    C:\Windows\System32\services.exe.6A8B60BC105F1506 moved successfully.
    C:\Windows\System32\services.exe.1D0CEDC79DF16AB4 moved successfully.
    C:\Windows\System32\services.exe.EB1EE666771D478F moved successfully.
    C:\Windows\System32\services.exe.9BB6213B4C3EF0F0 moved successfully.
    C:\Windows\System32\services.exe.4B80CE919179DFBA moved successfully.
    C:\Windows\System32\services.exe.664F0BABC2061262 moved successfully.
    C:\Windows\System32\services.exe.53BC6922F1E5EC4F moved successfully.
    C:\Windows\System32\services.exe.53F030F8F25233D2 moved successfully.
    C:\Windows\System32\services.exe.997D718E97CB5825 moved successfully.
    C:\Windows\System32\services.exe.75146DC3A7A66464 moved successfully.
    C:\Windows\System32\services.exe.73B73BE43EB5BC3C moved successfully.
    C:\Windows\System32\services.exe.8F2AD6DEC40D6F61 moved successfully.
    C:\Windows\System32\services.exe.54CDC00A34CD1320 moved successfully.
    C:\Windows\System32\services.exe.F7F940BF675570A1 moved successfully.
    C:\Windows\System32\services.exe.3FA2282316D81630 moved successfully.
    C:\Windows\System32\services.exe.C21A2F17463EF1D4 moved successfully.
    C:\Windows\System32\services.exe.DB38C376C6060985 moved successfully.
    C:\Windows\System32\services.exe.B4CB794B3E0877C0 moved successfully.
    C:\Windows\System32\services.exe.7F468E8D7C94C592 moved successfully.
    C:\Windows\System32\services.exe.A9C284C6550FFF77 moved successfully.
    C:\Windows\System32\services.exe.16D17C8A9AB9B375 moved successfully.
    C:\Windows\System32\services.exe.F8BFB08741DAEE63 moved successfully.
    C:\Windows\System32\services.exe.DE13A155986B4FA1 moved successfully.
    C:\Windows\System32\services.exe.C6721482DFC973B9 moved successfully.
    C:\Windows\System32\services.exe.351F791D5A057244 moved successfully.
    C:\Windows\System32\services.exe.1B0F48A1311A39F5 moved successfully.
    C:\Windows\System32\services.exe.86B137DB670D7709 moved successfully.
    C:\Windows\System32\services.exe.8D23698C89536A26 moved successfully.
    C:\Windows\System32\services.exe.58D78131AFDD375C moved successfully.
    C:\Windows\System32\services.exe.D3AFCA8ACA4D751D moved successfully.
    C:\Windows\System32\services.exe.96FDF96CFD2348BA moved successfully.
    C:\Windows\System32\services.exe.BABAE76FD5180B83 moved successfully.
    C:\Windows\System32\services.exe.671FA62784A43FC8 moved successfully.
    C:\Windows\System32\services.exe.CCBFF3D4AF9E1A81 moved successfully.
    C:\Windows\System32\services.exe.BD95674F7B821EE0 moved successfully.
    C:\Windows\System32\services.exe.3617C756DC7311B4 moved successfully.
    C:\Windows\System32\services.exe.EBDFE97B92324194 moved successfully.
    C:\Windows\System32\services.exe.C216771FC7A223EA moved successfully.
    C:\Windows\System32\services.exe.1DA55FB44A84299D moved successfully.
    C:\Windows\System32\services.exe.1EE92C21A5607065 moved successfully.
    C:\Windows\System32\services.exe.C3F5A2665C3A0658 moved successfully.
    C:\Windows\System32\services.exe.953E21FD0913233B moved successfully.
    C:\Windows\System32\services.exe.17FA66126636632C moved successfully.
    C:\Windows\System32\services.exe.7AB4956E2C299101 moved successfully.
    C:\Windows\System32\services.exe.7B29FCD312A8F795 moved successfully.
    C:\Windows\System32\services.exe.59BB145B59BB794F moved successfully.
    C:\Windows\System32\services.exe.EB43952D9BFFFDD9 moved successfully.
    C:\Windows\System32\services.exe.3BA036EB2F5FFC13 moved successfully.
    C:\Windows\System32\services.exe.3FCF829B32DDB943 moved successfully.
    C:\Windows\System32\services.exe.1396F9BE238207AF moved successfully.
    C:\Windows\System32\services.exe.992234CA4EFD095B moved successfully.
    C:\Windows\System32\services.exe.F17AE09814C1FEA6 moved successfully.
    C:\Windows\System32\services.exe.8AE09B28C0A16379 moved successfully.
    C:\Windows\System32\services.exe.2AE6DCFDDB281F84 moved successfully.
    C:\Windows\System32\services.exe.97037AB9CA326A18 moved successfully.
    C:\Windows\System32\services.exe.72ABAAC643EB0956 moved successfully.
    C:\Windows\System32\services.exe.8A8C0D56EF53DF9D moved successfully.
    C:\Windows\System32\services.exe.161A85B8E10F93B4 moved successfully.
    C:\Windows\System32\services.exe.7BCB55E3234EC0B4 moved successfully.
    C:\Windows\System32\services.exe.CBBE6F893D8AAB63 moved successfully.
    C:\Windows\System32\services.exe.51F6EE6AA4F65E39 moved successfully.
    C:\Windows\System32\services.exe.EDF20EF89FF04E0E moved successfully.
    C:\Windows\System32\services.exe.4A5A7CCEF1E5AA53 moved successfully.
    C:\Windows\System32\services.exe.C9D1CAE3D1AE505D moved successfully.
    C:\Windows\System32\services.exe.09284ABAB96E4FD5 moved successfully.
    C:\Windows\System32\services.exe.ED6D21BC7A757C45 moved successfully.
    C:\Windows\System32\services.exe.121B0451ECBDFDD5 moved successfully.
    C:\Windows\System32\services.exe.5F4752F21AF4574D moved successfully.
    C:\Windows\System32\services.exe.09647A2B196D50A5 moved successfully.
    C:\Windows\System32\services.exe.6832FF2C97DE59DB moved successfully.
    C:\Windows\System32\services.exe.EDDA5E40CFD40E94 moved successfully.
    C:\Windows\System32\services.exe.A905A39677D111FE moved successfully.
    C:\Windows\System32\services.exe.293C2064873A7BAC moved successfully.
    C:\Windows\System32\services.exe.2FE4159CBB221DC2 moved successfully.
    C:\Windows\System32\services.exe.35A421A343C05253 moved successfully.
    C:\Windows\System32\services.exe.9BC48203204614F9 moved successfully.
    C:\Windows\System32\services.exe.8A9A44EE0BC2E761 moved successfully.
    C:\Windows\System32\services.exe.C126081EDE45BA59 moved successfully.
    C:\Windows\System32\services.exe.3D3B817BCADDE2E4 moved successfully.
    C:\Windows\System32\services.exe.579AEFB3B183909E moved successfully.
    C:\Windows\System32\services.exe.1367D0B4429A6342 moved successfully.
    C:\Windows\System32\services.exe.5D9F601433E0FC57 moved successfully.
    C:\Windows\System32\services.exe.DBD01DFE7DDAFB7E moved successfully.
    C:\Windows\System32\services.exe.E761630D42E3DD1B moved successfully.
    C:\Windows\System32\services.exe.7C88F8569AA97F72 moved successfully.
    C:\Windows\System32\services.exe.B638F9F243951054 moved successfully.
    C:\Windows\System32\services.exe.4945F27025658434 moved successfully.
    C:\Windows\System32\services.exe.2EA4DD7C01E3BF71 moved successfully.
    C:\Windows\System32\services.exe.5CBE46BFBBC6827C moved successfully.
    C:\Windows\System32\services.exe.D2423E3D44F7C1A1 moved successfully.
    C:\Windows\System32\services.exe.098AD5A0B5C8E086 moved successfully.
    C:\Windows\System32\services.exe.300856C1C0B9E4F1 moved successfully.
    C:\Windows\System32\services.exe.2E01DE9AF724BC81 moved successfully.
    C:\Windows\System32\services.exe.D20DE713E5D0E637 moved successfully.
    C:\Windows\System32\services.exe.2C2D7EB40E464786 moved successfully.
    C:\Windows\System32\services.exe.3218472A43666043 moved successfully.
    C:\Windows\System32\services.exe.BFE2077D290A996F moved successfully.
    C:\Windows\System32\services.exe.5D4E7E151F067656 moved successfully.
    C:\Windows\System32\services.exe.E71541B724CE3868 moved successfully.
    C:\Windows\System32\services.exe.6B2C77A8F024BBF9 moved successfully.
    C:\Windows\System32\services.exe.96C1FCC0185652E0 moved successfully.
    C:\Windows\System32\services.exe.0D58086AE1398978 moved successfully.
    C:\Windows\System32\services.exe.5D667886F9AFF379 moved successfully.
    C:\Windows\System32\services.exe.FD0989D23972F88F moved successfully.
    C:\Windows\System32\services.exe.270F233F66B1B461 moved successfully.
    C:\Windows\System32\services.exe.588BE356B8B3CF67 moved successfully.
    C:\Windows\System32\services.exe.60BB71AC54F79F4C moved successfully.
    C:\Windows\System32\services.exe.08F106AF6BC49427 moved successfully.
    C:\Windows\System32\services.exe.0686A70F7ADD20E8 moved successfully.
    C:\Windows\System32\services.exe.A19B164C723AC09A moved successfully.
    C:\Windows\System32\services.exe.DAEE3D72B870826A moved successfully.
    C:\Windows\System32\services.exe.7A31842DD7D5F6BA moved successfully.
    C:\Windows\System32\services.exe.BB93D1481CF823D4 moved successfully.
    C:\Windows\System32\services.exe.A2A6FE9ECC9B3EBB moved successfully.
    C:\Windows\System32\services.exe.8265D7166AF0B345 moved successfully.
    C:\Windows\System32\services.exe.4CE41E113145762A moved successfully.
    C:\Windows\System32\services.exe.F1CB169D4C66A6E8 moved successfully.
    C:\Windows\System32\services.exe.9FF7D657BA0F7000 moved successfully.
    C:\Windows\System32\services.exe.9C3E9119AA5943BF moved successfully.
    C:\Windows\System32\services.exe.6D73916EC0BA5423 moved successfully.
    C:\Windows\System32\services.exe.96FA4F5BC7FA83AA moved successfully.
    C:\Windows\System32\services.exe.A9480E75336B6B2C moved successfully.
    C:\Windows\System32\services.exe.4E2D4E59DB2A00CF moved successfully.
    C:\Windows\System32\services.exe.C7EC7F7B2E3331EE moved successfully.
    C:\Windows\System32\services.exe.EF308C93561FE889 moved successfully.
    C:\Windows\System32\services.exe.63A03179C4976731 moved successfully.
    C:\Windows\System32\services.exe.76E9808B86FA6F06 moved successfully.
    C:\Windows\System32\services.exe.2FAB7D2AEFF083AB moved successfully.
    C:\Windows\System32\services.exe.697D46FD72B6E24D moved successfully.
    C:\Windows\System32\services.exe.26DBC44946E3E915 moved successfully.
    C:\Windows\System32\services.exe.8F2D0B622835D1A4 moved successfully.
    C:\Windows\System32\services.exe.140C378DB7AC1D05 moved successfully.
    C:\Windows\System32\services.exe.6D51F8EA689083EC moved successfully.
    C:\Windows\System32\services.exe.313B89F2F04C60FE moved successfully.
    C:\Windows\System32\services.exe.ABE03E4AC5C30460 moved successfully.
    C:\Windows\System32\services.exe.A4F9BCFB31B6FFAB moved successfully.
    C:\Windows\System32\services.exe.6ADC9D02FE6F4C4D moved successfully.
    C:\Windows\System32\services.exe.2BB3DED18F99E952 moved successfully.
    C:\Windows\System32\services.exe.C9B39DD6C12C326E moved successfully.
    C:\Windows\System32\services.exe.36644E88DD9C620D moved successfully.
    C:\Windows\System32\services.exe.EF69EEB6DBD3A289 moved successfully.
    C:\Windows\Installer\{c1ef92ef-c509-2f09-fdf3-dcf359a65723} moved successfully.
    C:\Users\tk\AppData\Local\{c1ef92ef-c509-2f09-fdf3-dcf359a65723} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    I have no idea what that all means. But everything seems to be working.

    Please advise.

    Thank you.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    :)

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.1097D186EA245C8E
    c:\windows\system32\services.exe.EC298AEA8051F928
    c:\windows\system32\services.exe.82317FD9AF76294F
    c:\windows\system32\services.exe.6D883E4C20D5DB66
    c:\windows\system32\services.exe.232C25FB5636845B
    c:\windows\system32\services.exe.F95FC57405985162
    c:\windows\system32\services.exe.1B09D186E144C8C4
    c:\windows\system32\services.exe.E7B30496335A5821
    c:\windows\system32\services.exe.345BBCA812ED2D81
    c:\windows\system32\services.exe.5C8AC115B5409668
    c:\windows\system32\services.exe.955237CFF998602B
    c:\windows\system32\services.exe.234A7E02F2424AA0
    c:\windows\system32\services.exe.FF91A5CEF1605C2E
    c:\windows\system32\services.exe.A835BEAECE3456D1
    c:\windows\system32\services.exe.26D3E8AD16DFCAD1
    c:\windows\system32\services.exe.ACE4CB4773CD0145
    
    
    DDS::
    Trusted Zone: $talisma_url$
    uInternet Settings,ProxyOverride = <local>
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  14. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    ComboFix 12-07-19.02 - tk 07/19/2012 23:05:14.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.5389 [GMT -4:00]
    Running from: c:\users\tk\Desktop\ComboFix.exe
    Command switches used :: F:\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\services.exe.1097D186EA245C8E"
    "c:\windows\system32\services.exe.1B09D186E144C8C4"
    "c:\windows\system32\services.exe.232C25FB5636845B"
    "c:\windows\system32\services.exe.234A7E02F2424AA0"
    "c:\windows\system32\services.exe.26D3E8AD16DFCAD1"
    "c:\windows\system32\services.exe.345BBCA812ED2D81"
    "c:\windows\system32\services.exe.5C8AC115B5409668"
    "c:\windows\system32\services.exe.6D883E4C20D5DB66"
    "c:\windows\system32\services.exe.82317FD9AF76294F"
    "c:\windows\system32\services.exe.955237CFF998602B"
    "c:\windows\system32\services.exe.A835BEAECE3456D1"
    "c:\windows\system32\services.exe.ACE4CB4773CD0145"
    "c:\windows\system32\services.exe.E7B30496335A5821"
    "c:\windows\system32\services.exe.EC298AEA8051F928"
    "c:\windows\system32\services.exe.F95FC57405985162"
    "c:\windows\system32\services.exe.FF91A5CEF1605C2E"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.1097D186EA245C8E
    c:\windows\system32\services.exe.1B09D186E144C8C4
    c:\windows\system32\services.exe.232C25FB5636845B
    c:\windows\system32\services.exe.234A7E02F2424AA0
    c:\windows\system32\services.exe.26D3E8AD16DFCAD1
    c:\windows\system32\services.exe.345BBCA812ED2D81
    c:\windows\system32\services.exe.5C8AC115B5409668
    c:\windows\system32\services.exe.6D883E4C20D5DB66
    c:\windows\system32\services.exe.82317FD9AF76294F
    c:\windows\system32\services.exe.955237CFF998602B
    c:\windows\system32\services.exe.A835BEAECE3456D1
    c:\windows\system32\services.exe.ACE4CB4773CD0145
    c:\windows\system32\services.exe.E7B30496335A5821
    c:\windows\system32\services.exe.EC298AEA8051F928
    c:\windows\system32\services.exe.F95FC57405985162
    c:\windows\system32\services.exe.FF91A5CEF1605C2E
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 03:47 . 2012-07-20 03:47 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C1271D-08DF-483F-B279-07B35F8E8B8D}\offreg.dll
    2012-07-20 03:45 . 2012-07-20 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-19 23:10 . 2012-07-19 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 23:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-19 20:29 . 2012-07-19 20:29 -------- d-----w- C:\FRST
    2012-07-19 02:03 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DED17D2-2873-4D34-B8D3-50C8910650FB}\gapaengine.dll
    2012-07-19 02:03 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C1271D-08DF-483F-B279-07B35F8E8B8D}\mpengine.dll
    2012-07-19 01:57 . 2012-07-19 01:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-19 01:57 . 2012-07-19 01:58 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-18 23:09 . 2012-07-18 23:09 -------- d-----w- c:\users\tk\AppData\Roaming\Malwarebytes
    2012-07-18 23:09 . 2012-07-18 23:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 22:57 . 2012-07-18 22:57 -------- d-----w- c:\windows\Sun
    2012-07-18 22:54 . 2012-07-18 22:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-18 22:38 . 2012-07-18 22:38 -------- d-----w- c:\users\tk\AppData\Local\{D6BC88B6-D128-11E1-8270-B8AC6F996F26}
    2012-07-18 22:35 . 2012-07-18 22:37 -------- d-----w- c:\programdata\7531E8D00000287702F228E5F875F002
    2012-07-18 22:35 . 2012-07-18 22:35 -------- d-----w- c:\users\tk\AppData\Local\{D6BC578F-D128-11E1-8270-B8AC6F996F26}
    2012-07-14 01:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 00:02 . 2012-07-12 00:02 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-11 09:12 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 09:12 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-23 20:57 . 2012-06-23 20:57 -------- d-----w- C:\usr
    2012-06-23 20:57 . 2012-06-23 20:58 -------- d-----w- c:\users\tk\AppData\Roaming\postgresql
    2012-06-23 20:34 . 2012-06-24 17:16 -------- d-----w- c:\users\postgres
    2012-06-23 20:32 . 2012-06-23 20:32 -------- d-----w- c:\program files (x86)\PostgreSQL
    2012-06-23 20:23 . 2012-06-23 20:23 -------- d-----w- c:\program files (x86)\DELL
    2012-06-23 15:20 . 2012-06-23 15:20 -------- d-----w- c:\users\tk\AppData\Local\Macromedia
    2012-06-23 15:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-23 15:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-21 14:49 . 2012-06-21 14:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-21 07:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 07:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 07:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 07:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 07:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 07:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 07:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 07:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 07:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-14 01:23 . 2010-03-28 03:04 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-12 00:02 . 2012-04-11 13:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 00:02 . 2011-05-17 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 19:07 . 2010-04-02 14:52 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-11 19:07 . 2010-04-02 14:52 34720 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-11 19:07 . 2010-04-02 14:52 80800 ----a-w- c:\windows\system32\LMIinit.dll
    2012-05-22 10:34 . 2010-04-02 14:52 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2012-05-04 11:06 . 2012-06-13 01:23 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 01:23 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 01:23 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 01:23 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-29 20:21 . 2012-04-29 20:21 1462304 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
    2012-04-29 20:21 . 2012-04-29 20:21 880160 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-04-29 20:21 . 2012-04-29 20:21 83488 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2012-04-29 20:21 . 2012-04-29 20:21 222240 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-04-28 03:55 . 2012-06-13 01:23 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 01:23 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 01:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 01:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 01:23 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 01:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 01:23 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 01:23 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 01:23 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 01:23 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-20_01.32.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-07-20 01:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-07-20 03:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-07-20 01:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-20 03:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-07-20 01:30 . 2012-07-20 01:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-20 03:47 . 2012-07-20 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-20 01:30 . 2012-07-20 01:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-20 03:47 . 2012-07-20 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-07-20 01:06 626290 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-20 03:52 626290 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-20 03:52 107566 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-07-20 01:06 107566 c:\windows\system32\perfc009.dat
    - 2010-03-27 15:12 . 2012-07-20 01:27 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-03-27 15:12 . 2012-07-20 01:31 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-07-20 01:31 917504 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-20 01:27 917504 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:01 . 2012-07-20 01:29 463064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-20 03:46 463064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:54 . 2012-07-20 01:31 5193728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-20 03:48 5193728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-03-27 15:12 . 2012-07-20 01:31 1867776 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-03-27 15:12 . 2012-07-20 01:27 1867776 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-03-27 23:47 . 2012-07-20 01:29 3653640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003169334-4286608264-3245350533-1001-8192.dat
    + 2010-03-27 23:47 . 2012-07-20 03:46 3653640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003169334-4286608264-3245350533-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-07-13 9798776]
    "Spotify Web Helper"="c:\users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-14 1192664]
    "googletalk"="c:\users\tk\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
    "Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files (x86)\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-10 639896]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
    R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-28 288112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
    R3 ATIXPGAA;ATIXPGAA;c:\program files\PC-Doctor for Windows\ATIXPGAA.SYS [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 01/06/2010,0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2012-04-29 1462304]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
    S2 ContentPlayerService;Content Player Service;c:\program files (x86)\Four Winds Interactive\Content Player\ContentPlayerService.exe [2010-03-24 45568]
    S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-01-30 32336]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 JBAS50SVC;JBoss Application Server 5.0;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-5.0.0.GA\bin\jbosssvc.exe [2010-03-29 61440]
    S2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [2010-02-13 12800]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
    S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2011-09-09 315392]
    S2 Net-SNMP Trap Handler;Net-SNMP Trap Handler;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\snmptrapd.exe [2011-10-12 503808]
    S2 NovacomD;Palm Novacom;c:\program files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [2011-09-19 61440]
    S2 OMPM Service;OMPM Service;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe [2012-05-15 5690083]
    S2 OMPMWatchdogService;OMPM Watchdog Service;c:\program files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe [2012-05-15 55804]
    S2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 21072]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-22 452200]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:02]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 03:03]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 03:03]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001Core.job
    - c:\users\tk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 19:29]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001UA.job
    - c:\users\tk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 19:29]
    .
    2012-07-18 c:\windows\Tasks\HPCeeScheduleFortk.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
    .
    2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 421016]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: LastPass - file://c:\users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}\34963736F60363533333: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
    @Denied: (A 2 3) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
    @="%SystemRoot%\\Explorer.exe"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
    @="DAO.Client"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
    @="{C8618CE4-0624-1620-8336-6A6B696C7474}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Java\jre6\bin\java.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\SysWOW64\WinMsgBalloonServer.exe
    c:\windows\SysWOW64\WinMsgBalloonClient.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-20 07:28:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-20 11:28
    ComboFix2.txt 2012-07-20 02:00
    .
    Pre-Run: 501,376,671,744 bytes free
    Post-Run: 495,960,170,496 bytes free
    .
    - - End Of File - - F7F5430F0A76A73CFBA794190D398942
     
  15. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    I tried to open up explorer -- and received an error message about explorer.exe was not valid.

    I'm not an expert, but it seems I have a lot of stuff "running"
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Windows Explorer?
    What is the exact message?
    Is only Windows Explorer affected?
     
  17. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    I restarted and all seems to be working OK.

    It was shortcuts that were throwing off the error before. Not sure if that is indicative of anything.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Combofix log looks good.

    Any other issues?

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    No issues. But will look again and post requested in the AM.
    Thank you.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  21. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    undefinedMalwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    tk :: TK-HOME [administrator]

    Protection: Disabled

    7/21/2012 11:39:22 AM
    mbam-log-2012-07-21 (11-39-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214798
    Time elapsed: 3 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  22. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 7/21/2012 11:45:26 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\tk\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.74 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 61.92% Memory free
    15.48 Gb Paging File | 12.01 Gb Available in Paging File | 77.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.19 Gb Total Space | 462.69 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
    Drive D: | 12.34 Gb Total Space | 2.23 Gb Free Space | 18.11% Space Free | Partition Type: NTFS
    Drive G: | 232.88 Gb Total Space | 83.67 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

    Computer Name: TK-HOME | User Name: tk | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/21 11:43:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\tk\Desktop\OTL.exe
    PRC - [2012/07/17 18:59:36 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    PRC - [2012/07/13 21:12:30 | 001,192,664 | ---- | M] () -- C:\Users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/07/13 01:30:52 | 009,798,776 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2012/05/15 12:34:28 | 005,690,083 | ---- | M] () -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe
    PRC - [2012/05/15 12:33:44 | 000,055,804 | ---- | M] () -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe
    PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2012/03/14 22:27:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
    PRC - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/21 16:28:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
    PRC - [2011/10/12 19:27:08 | 000,503,808 | ---- | M] () -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\snmptrapd.exe
    PRC - [2011/09/19 18:59:06 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
    PRC - [2011/09/09 10:00:28 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    PRC - [2011/09/09 10:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2010/03/29 06:35:36 | 000,061,440 | ---- | M] (Red Hat®, Inc.) -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-5.0.0.GA\bin\jbosssvc.exe
    PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/20 15:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/06/22 18:57:20 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/03/16 04:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    PRC - [2009/03/16 04:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    PRC - [2009/03/16 04:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    PRC - [2009/03/16 04:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    PRC - [2008/09/15 05:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe
    PRC - [2007/05/09 23:42:48 | 000,639,896 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe
    PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\tk\AppData\Roaming\Google\Google Talk\googletalk.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/17 18:59:37 | 001,936,352 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
    MOD - [2012/07/17 18:59:37 | 000,162,784 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
    MOD - [2012/07/17 18:59:37 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
    MOD - [2012/07/13 21:12:30 | 001,192,664 | ---- | M] () -- C:\Users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2010/06/13 17:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2011/06/30 03:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/03/27 15:35:20 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/12/07 17:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
    SRV:64bit: - [2006/12/07 17:52:32 | 000,107,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
    SRV - [2012/07/13 21:10:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/11 20:02:42 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/11 15:07:54 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/07/11 15:07:43 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/15 12:34:28 | 005,690,083 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe -- (OMPM Service)
    SRV - [2012/05/15 12:33:44 | 000,055,804 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe -- (OMPMWatchdogService)
    SRV - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2012/01/30 18:19:30 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/21 16:28:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe -- (Palm_TCP_Relay)
    SRV - [2011/10/12 19:27:08 | 000,503,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\snmptrapd.exe -- (Net-SNMP Trap Handler)
    SRV - [2011/09/19 18:59:06 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
    SRV - [2011/09/16 15:10:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2011/09/09 10:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
    SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
    SRV - [2010/03/29 06:35:36 | 000,061,440 | ---- | M] (Red Hat®, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-5.0.0.GA\bin\jbosssvc.exe -- (JBAS50SVC)
    SRV - [2010/03/27 20:02:42 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2010/03/27 15:33:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/24 13:37:16 | 000,045,568 | ---- | M] (Four Winds Interactive, LLC) [Auto | Running] -- C:\Program Files (x86)\Four Winds Interactive\Content Player\ContentPlayerService.exe -- (ContentPlayerService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/13 18:25:42 | 000,012,800 | ---- | M] (Kinetic Jump Software, LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe -- (KjsUpdateService2)
    SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/22 18:59:10 | 000,828,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/16 04:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
    SRV - [2008/09/15 05:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS -- (ATIXPGAA)
    DRV:64bit: - [2012/07/11 15:07:44 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/29 16:21:51 | 001,462,304 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm228.sys -- (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228)
    DRV:64bit: - [2012/04/29 16:21:44 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/04/29 16:21:44 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
    DRV:64bit: - [2012/04/29 16:21:39 | 000,222,240 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/09/09 10:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2011/09/09 10:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/06/30 05:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/06/30 05:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/30 03:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/21 22:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/15 16:38:30 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV:64bit: - [2010/12/15 16:38:30 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
    DRV:64bit: - [2010/12/15 16:38:28 | 000,047,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
    DRV:64bit: - [2010/12/15 16:38:22 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2010/11/29 07:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/29 18:11:08 | 000,021,072 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
    DRV:64bit: - [2010/07/29 02:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/06/20 23:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2010/06/20 23:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2010/06/20 23:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2010/06/20 23:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2010/03/27 19:50:54 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2009/07/31 07:10:58 | 000,237,936 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2007/03/20 06:33:28 | 000,016,896 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
    DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2011/09/09 10:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2011/09/09 10:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/03/27 19:50:54 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/10/15 13:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [1999/09/10 14:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


    ========== Standard Registry (SafeList) ==========
     
  23. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
    IE:64bit: - HKLM\..\SearchScopes\{2EE5CA33-7F7B-4907-A662-BAEBBF574746}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
    IE - HKLM\..\SearchScopes\{2EE5CA33-7F7B-4907-A662-BAEBBF574746}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{8C09759C-FF89-41B2-A68A-65E451D4BF21}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.1
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.2.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.664
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.3
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.74.0
    FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1.2
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tk\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tk\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tk\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2012/07/13 21:10:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/24 20:21:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 18:11:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/03/30 09:40:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D6BC578F-D128-11E1-8270-B8AC6F996F26}: C:\Users\tk\AppData\Local\{D6BC578F-D128-11E1-8270-B8AC6F996F26}\ [2012/07/18 18:35:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2012/07/13 21:10:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins

    [2010/04/19 20:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tk\AppData\Roaming\Mozilla\Extensions
    [2010/03/27 15:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tk\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/04/19 20:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tk\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/07/18 18:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\extensions
    [2012/01/05 21:52:12 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\extensions\DeviceDetection@logitech.com
    [2011/07/06 16:12:29 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\extensions\LogMeInClient@logmein.com
    [2012/06/23 11:40:02 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\extensions\support@lastpass.com
    [2010/12/26 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default - Copy\extensions
    [2010/12/26 21:11:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default - Copy\extensions\support@lastpass.com
    [2009/07/07 21:31:53 | 000,002,164 | ---- | M] () -- C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\jfsbpm3e.default\searchplugins\bing.xml
    [2011/05/13 14:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/25 13:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/21 17:42:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/28 21:16:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/10 09:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2012/07/18 18:35:15 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\TK\APPDATA\LOCAL\{D6BC578F-D128-11E1-8270-B8AC6F996F26}
    [2012/07/18 18:53:42 | 000,186,203 | ---- | M] () (No name found) -- C:\USERS\TK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFSBPM3E.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
    [2012/07/13 21:10:18 | 000,095,026 | ---- | M] () (No name found) -- C:\USERS\TK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFSBPM3E.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
    [2012/06/05 20:14:59 | 000,027,538 | ---- | M] () (No name found) -- C:\USERS\TK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFSBPM3E.DEFAULT\EXTENSIONS\GVOICE@ELIJAHCLARK.COM.XPI
    [2012/04/14 14:33:38 | 000,088,244 | ---- | M] () (No name found) -- C:\USERS\TK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFSBPM3E.DEFAULT\EXTENSIONS\SENDTOPHONE@MARTINEZDELIZARRONDO.COM.XPI
    [2012/03/23 12:59:52 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\TK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFSBPM3E.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - homepage: http://www.yahoo.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.yahoo.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\Application\21.0.1180.49\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Live Connect Command Line (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklccl.dll
    CHR - plugin: Live Connect Desktop Thumbnail (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcdt.dll
    CHR - plugin: Live Connect Event Logging (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcel.dll
    CHR - plugin: Live Connect File Manager (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcfm.dll
    CHR - plugin: Live Connect Message Protocol (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcmp.dll
    CHR - plugin: Live Connect Registry Editor (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcre.dll
    CHR - plugin: Live Connect Relay (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcrl.dll
    CHR - plugin: Live Connect Task Manager (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklctm.dll
    CHR - plugin: Live Connect Local Users and Groups (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\npklcug.dll
    CHR - plugin: NPLastPass (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\tk\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\tk\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: Entanglement = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: PriceBlink = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.4_0\
    CHR - Extension: YouTube = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: History 2 = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp\0.6.0_0\
    CHR - Extension: LiveConnect = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjhjioljdmpccdcnhhfhjfeclagkope\1.0.0.1_0\
    CHR - Extension: Google Search = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AT_ChuckAnderson = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3\
    CHR - Extension: TweetDeck = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.5.3_0\
    CHR - Extension: LastPass = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.7_0\
    CHR - Extension: Google Voice (by Google) = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
    CHR - Extension: InvisibleHand = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.7.11_0\
    CHR - Extension: Poppit = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Google Chrome to Phone Extension = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
    CHR - Extension: Gmail = C:\Users\tk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/20 07:25:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\tk\AppData\Roaming\LastPass\LPBar64.dll (LastPass)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\tk\AppData\Roaming\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\tk\AppData\Roaming\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\tk\AppData\Roaming\LastPass\LPBar.dll (LastPass)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files (x86)\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [googletalk] C:\Users\tk\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\tk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8:64bit: - Extra context menu item: LastPass - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: LastPass - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms File not found
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\tk\AppData\Roaming\LastPass\LPBar64.dll (LastPass)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\tk\AppData\Roaming\LastPass\LPBar.dll (LastPass)
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Users\tk\AppData\Roaming\LastPass\LPBar.dll (LastPass)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/x64/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6974D860-D8A9-4F74-9BB9-40E166DBEBB2}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E154A30-3923-4398-9806-32B4BE6CB820}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/21 11:43:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\tk\Desktop\OTL.exe
    [2012/07/20 07:25:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/19 21:04:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/19 21:04:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/19 21:04:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/19 21:03:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/19 21:01:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/19 20:59:28 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\tk\Desktop\ComboFix.exe
    [2012/07/19 19:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/19 19:10:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/19 19:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/19 16:29:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/18 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/18 21:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/18 19:09:27 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Roaming\Malwarebytes
    [2012/07/18 19:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/18 18:57:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/07/18 18:54:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/18 18:38:16 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Local\{D6BC88B6-D128-11E1-8270-B8AC6F996F26}
    [2012/07/18 18:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D00000287702F228E5F875F002
    [2012/07/18 18:35:15 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Local\{D6BC578F-D128-11E1-8270-B8AC6F996F26}
    [2012/07/13 21:22:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/07/13 21:22:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/07/13 21:22:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/07/13 21:22:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/07/13 21:22:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/07/13 21:22:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/07/13 21:22:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/07/13 21:22:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/07/13 21:22:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/07/13 21:22:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/07/13 21:22:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/07/13 21:22:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/07/13 21:22:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/07/11 20:02:08 | 009,822,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2012/07/11 05:11:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2012/07/11 05:11:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2012/07/11 05:11:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/07/11 05:11:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
    [2012/07/11 05:11:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
    [2012/07/09 15:13:15 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
    [2012/07/09 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Roaming\Google
    [2012/07/01 20:24:27 | 000,000,000 | ---D | C] -- C:\Users\tk\Documents\big dog
    [2012/06/23 16:57:26 | 000,000,000 | ---D | C] -- C:\usr
    [2012/06/23 16:57:24 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Roaming\postgresql
    [2012/06/23 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
    [2012/06/23 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL
    [2012/06/23 16:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DELL
    [2012/06/23 11:20:46 | 000,000,000 | ---D | C] -- C:\Users\tk\AppData\Local\Macromedia
    [2012/06/23 11:02:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/06/23 11:02:02 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/07/21 11:49:42 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/07/21 11:43:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\tk\Desktop\OTL.exe
    [2012/07/21 11:43:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/21 11:32:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001UA.job
    [2012/07/21 11:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/21 03:32:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3003169334-4286608264-3245350533-1001Core.job
    [2012/07/20 20:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/20 17:35:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/20 17:35:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/20 17:32:10 | 000,729,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/20 17:32:10 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/20 17:32:10 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/20 17:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/20 17:26:25 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/20 07:25:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/19 21:31:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/07/19 19:17:22 | 000,000,036 | ---- | M] () -- C:\Users\tk\AppData\Local\housecall.guid.cache
    [2012/07/19 17:09:36 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\tk\Desktop\ComboFix.exe
    [2012/07/18 21:58:15 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/18 21:58:01 | 000,743,364 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/18 18:47:09 | 005,007,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/18 18:44:43 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortk.job
    [2012/07/18 16:36:51 | 000,000,000 | ---- | M] () -- C:\Users\tk\Documents\Nuance Image Printer Writer Port
    [2012/07/17 18:59:41 | 000,002,116 | ---- | M] () -- C:\Users\tk\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2012/07/16 18:36:11 | 000,001,456 | ---- | M] () -- C:\Users\tk\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2012/07/13 21:10:17 | 000,002,153 | ---- | M] () -- C:\Users\tk\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2012/07/11 20:02:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/07/11 20:02:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/11 20:02:08 | 009,822,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2012/07/11 15:07:44 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2012/07/11 15:07:43 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2012/07/11 15:07:43 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2012/07/10 17:36:59 | 001,695,405 | ---- | M] () -- C:\Users\tk\Desktop\full-monthy.psd
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/30 12:32:47 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2012/06/27 10:58:09 | 000,002,362 | -H-- | M] () -- C:\Users\tk\Documents\maxdesk.ini
    [2012/06/27 10:54:49 | 002,361,504 | -H-- | M] () -- C:\Users\tk\Documents\PPThumbs.ptn
    [2012/06/27 10:54:49 | 000,260,394 | ---- | M] () -- C:\Users\tk\Documents\Document.pdf
    [2012/06/25 20:08:05 | 002,351,408 | ---- | M] () -- C:\Users\tk\Desktop\exhibit.psd
    [2012/06/25 20:04:49 | 000,107,744 | ---- | M] () -- C:\Users\tk\Desktop\exhibit.png
    [2012/06/23 16:31:55 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_Printing-Foundation-LPRPortMonitor.etl
    [2012/06/22 11:25:37 | 007,448,122 | ---- | M] () -- C:\Users\tk\Desktop\signlogix.air

    ========== Files Created - No Company Name ==========

    [2012/07/19 21:04:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/19 21:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/19 21:04:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/19 21:04:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/19 21:04:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/19 19:17:22 | 000,000,036 | ---- | C] () -- C:\Users\tk\AppData\Local\housecall.guid.cache
    [2012/07/18 21:58:06 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/18 16:05:32 | 000,000,000 | ---- | C] () -- C:\Users\tk\Documents\Nuance Image Printer Writer Port
    [2012/06/27 16:51:18 | 001,695,405 | ---- | C] () -- C:\Users\tk\Desktop\full-monthy.psd
    [2012/06/27 10:54:48 | 000,260,394 | ---- | C] () -- C:\Users\tk\Documents\Document.pdf
    [2012/06/25 20:04:48 | 000,107,744 | ---- | C] () -- C:\Users\tk\Desktop\exhibit.png
    [2012/06/25 19:56:08 | 002,351,408 | ---- | C] () -- C:\Users\tk\Desktop\exhibit.psd
    [2012/06/23 16:30:53 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_Printing-Foundation-LPRPortMonitor.etl
    [2012/06/22 11:26:00 | 007,448,122 | ---- | C] () -- C:\Users\tk\Desktop\signlogix.air
    [2012/06/01 10:14:40 | 000,001,456 | ---- | C] () -- C:\Users\tk\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2011/12/01 22:01:45 | 000,000,067 | ---- | C] () -- C:\Windows\A1 DVD Ripper.INI
    [2011/12/01 21:40:30 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
    [2011/11/21 18:24:17 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\nLame.dll
    [2011/11/21 18:24:17 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
    [2011/11/03 19:19:31 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/09/11 20:21:57 | 000,003,722 | ---- | C] () -- C:\Windows\sp321544.dat
    [2011/09/11 19:16:38 | 000,000,056 | ---- | C] () -- C:\Users\tk\AppData\Roaming\TMSetp.dbf
    [2011/08/19 18:47:27 | 000,743,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/11 20:44:14 | 000,001,854 | ---- | C] () -- C:\Users\tk\AppData\Roaming\GhostObjGAFix.xml
    [2011/05/20 00:51:13 | 000,001,940 | ---- | C] () -- C:\Users\tk\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/03/04 10:46:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/23 23:58:22 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/05/01 11:32:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:FB1B13D8
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:60466E88

    < End of report >
     
  24. Todd Katcher

    Todd Katcher TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 7/21/2012 11:45:26 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\tk\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.74 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 61.92% Memory free
    15.48 Gb Paging File | 12.01 Gb Available in Paging File | 77.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.19 Gb Total Space | 462.69 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
    Drive D: | 12.34 Gb Total Space | 2.23 Gb Free Space | 18.11% Space Free | Partition Type: NTFS
    Drive G: | 232.88 Gb Total Space | 83.67 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

    Computer Name: TK-HOME | User Name: tk | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)
    .txt [@ = txtfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsefile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    wshfile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    jsefile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    wshfile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{30FFC5DF-E165-4B1C-B750-CC7D5BC5C563}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{322F6BE2-1BCF-4532-8883-7AD1B8FB5024}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{52F6DB36-874B-41EB-A702-F362E8A1980E}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{58B487C3-95E4-485F-B4F8-16831AA1016F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{871C92E6-023B-40D6-B9FC-FCFD43636691}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9859901A-78A0-4B82-8BEA-0B2872C12BD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A380948B-E365-455C-B406-4881DAFEC4D2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BD2A9102-88C6-43DE-9DED-C235DA740054}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D41E745C-988E-4494-9FCA-08DEC1381FAD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{DB0E7BB9-F878-451D-9BD1-0B7536E98075}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4A9934D4-782F-4468-86BA-E45D05691B18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6EA59B00-B10F-4C25-BB86-9EE94EE08BFE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7B826190-570D-4201-9958-F269046D4599}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{92BC0FE3-F790-467B-BFBD-A0BEE86D5A75}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |
    "{93D00474-2714-4C98-AECD-55DA0AA70555}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{99E61780-10F6-4785-8360-4B3A20696BB9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EC228440-62C6-4EB6-96BE-410B37F28510}" = protocol=58 | dir=in | app=system |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BF3A357-3C4F-49EE-B16C-D45D7D7F1819}" = EasyTether
    "{53A97E00-7252-4ED0-A1EB-9F9712FC0AC9}" = HP webOS SDK
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
    "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "SP6" = Logitech SetPoint 6.32
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A7245F9-B454-4FAA-9A94-61617B6039A1}" = OMPM v2.0
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
    "{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
    "{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
    "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3F143DF7-BC6E-416C-95EE-C54DFC2197F6}" = Dell Open Print Driver
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
    "{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59FAEAC8-F8E4-491E-6173-635FBC2B2CCB}" = SignageStudio
    "{5A4D7437-5BDF-4D2B-97BA-00BA8A27995D}" = Content Player
    "{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
    "{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
    "{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{854FCA42-5318-47CA-95D7-7394B1A16616}" = ScanSoft PaperPort 10
    "{86CEBAE9-5752-414A-86BC-170154E30E2A}" = Dell MFP Laser 3115cn Utilities Ver.1.0.2.1
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "{8DA7286C-FBF6-48E4-A24A-FA9481EF4C0F}" = Dell MFP Laser 3115cn ScanButton Manager Ver.1.1.0.1
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
    "{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
    "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
    "{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
    "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AF5F99B8-1A9A-4B21-AE64-72A984A08314}" = Content Manager
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
    "{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
    "{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
    "{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
    "{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
    "{F670955C-E0B2-4678-B417-738059514CF5}" = StuffIt Expander 2011
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
    "{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FDEC0704-D15E-4DB8-A624-2256DD4C65D7}" = Dell MFP Laser 3115cn Scanner Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
    "Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.3.9
    "ATT-SST" = AT&T Troubleshoot & Resolve Tool
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "Cisco Connect" = Cisco Connect
    "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "Decompile Flash Free Version_is1" = Decompile Flash Free Version 2.1.3.20
    "DYMO Label v.8" = DYMO Label v.8
    "FastStone Image Viewer" = FastStone Image Viewer 4.6
    "ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
    "FileZilla Client" = FileZilla Client 3.3.3
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
    "FrostWire" = FrostWire 4.21.5
    "Homepage Protection" = Homepage Protection
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{0A7245F9-B454-4FAA-9A94-61617B6039A1}" = OMPM v2.0
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Jawbone Updater" = Jawbone Updater
    "LimeWire" = LimeWire 5.5.16
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
    "Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1" = SignageStudio
    "Smart File Advisor_is1" = Smart File Advisor 1.1.1
    "Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
    "SplashID Standalone" = SplashID Standalone 5.2
    "SugarSync" = SugarSync Manager
    "TeamViewer 7" = TeamViewer 7
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WOW Slider" = WOW Slider

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "ActiveTouchMeetingClient" = WebEx
    "Akamai" = Akamai NetSession Interface
    "bd4d3a0508d364f5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.2.0.952
    "JoinMe" = join.me
    "LastPass" = LastPass (uninstall only)
    "Sansa Updater" = Sansa Updater
    "Spotify" = Spotify
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/18/2012 4:00:44 PM | Computer Name = TK-Home | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
    String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
    Files\SDM Consulting, LLC.QBW;ENG=QB_data_engine_20;DBN=f03ee6925e63483385d50351ca3bd4

    Error - 7/18/2012 4:00:44 PM | Computer Name = TK-Home | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks Pro 2010": DBConnPool::HandleConnectionError
    errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from
    function:'DBMgr::DBConnPool::ini

    Error - 7/18/2012 7:07:21 PM | Computer Name = TK-Home | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
    on a computer running in safe mode. Your computer is currently running in safe
    mode. To install Security Essentials, your computer must be running in normal mode.
    Please restart your computer in normal mode, and then try to run the Security Essentials
    Setup Wizard again. Error code:0x8004FF11.

    Error - 7/18/2012 9:49:29 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: 'dbf670f1b2337ae44012d25d28d5af85'.

    Error - 7/18/2012 10:30:58 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: '82c0a2520fb4363777f43c5ac73b0c39'.

    Error - 7/18/2012 10:39:11 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: 'bdbbacae78e65e9f37477e41a4e2f06a'.

    Error - 7/18/2012 10:43:37 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: '059e93987a1e5d179130286e5dc5003f'.

    Error - 7/18/2012 10:48:06 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: '114b66d8ff6abf4776843aecec44ba33'.

    Error - 7/18/2012 10:51:50 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: 'cb8fc348036063b68c43dac38e56772d'.

    Error - 7/18/2012 10:58:35 PM | Computer Name = TK-Home | Source = LogMeIn Guardian | ID = 131176
    Description = LogMeIn Guardian has detected a problem with the LogMeIn software
    installed on this machine. The problem is locally identified by the following reference
    ID: 'ce1fa1b3a0ea12bcaa788b623319c5eb'.

    [ Hewlett-Packard Events ]
    Error - 11/10/2010 4:09:58 AM | Computer Name = TK-Home | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/10/2010 4:09:58 AM | Computer Name = TK-Home | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/11/2011 8:44:11 PM | Computer Name = TK-Home | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071111074408.xml
    File not created by asset agent

    Error - 9/19/2011 8:12:21 PM | Computer Name = TK-Home | Source = Hewlett-Packard | ID = 0
    Description =

    Error - 10/22/2011 11:10:17 PM | Computer Name = TK-Home | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101122101014.xml
    File not created by asset agent

    Error - 7/2/2012 3:04:49 AM | Computer Name = TK-Home | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 7/2/2012 3:05:12 AM | Computer Name = TK-Home | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/19/2012 9:27:13 PM | Computer Name = TK-Home | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
    startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
    at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
    Illegal operation attempted on a registry key that has been marked for deletion StackTrace:
    at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)

    at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
    task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
    (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    Format:
    en-US RAM: 7927 Ram Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


    [ System Events ]
    Error - 7/21/2012 10:34:37 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =

    Error - 7/21/2012 11:38:37 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 31004
    Description =

    Error - 7/21/2012 11:38:40 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =

    Error - 7/21/2012 11:45:14 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 31004
    Description =

    Error - 7/21/2012 11:45:16 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =

    Error - 7/21/2012 11:47:03 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =

    Error - 7/21/2012 11:47:41 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 31004
    Description =

    Error - 7/21/2012 11:47:43 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =

    Error - 7/21/2012 11:49:38 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 31004
    Description =

    Error - 7/21/2012 11:49:42 AM | Computer Name = TK-Home | Source = ipnathlp | ID = 30013
    Description =


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You didn't answer my question:
    [​IMG]

    ===================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS -- (ATIXPGAA)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O8:64bit: - Extra context menu item: LastPass - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass File not found
      O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms File not found
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O8 - Extra context menu item: LastPass - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=lastpass File not found
      O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\tk\AppData\Roaming\LastPass\context.html?cmd=fillforms File not found
      [2012/07/19 16:29:35 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:FB1B13D8
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:60466E88
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...