TechSpot

Need help removing sirefef.y, possibly other viruses

By LABeaty
Aug 1, 2012
  1. My 64-bit Win 7 laptop is rebooting a couple of minutes after startup with a pop-up about a critical system error, save your work, etc. Microsoft Security Essentials found a number of viruses, but the one I think is big trouble is sirefef.y . Neither it nor a Kaspersky Rescue Disk were able to clean the computer - it continues to have the same symptom. After reading other posts, here, I have run FRST and will post the scan and search for services.exe below. Thanks in advance for any and all help....
     
  2. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 01-08-2012 15:38:48
    Running from G:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167960 2011-02-08] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391704 2011-02-08] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418328 2011-02-08] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11663464 2010-12-07] (Realtek Semiconductor)
    HKLM\...\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [19800 2010-12-09] (Fujitsu America, Inc..)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [199528 2010-11-13] (FUJITSU LIMITED)
    HKLM\...\Run: [snp2uvc] C:\windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
    HKLM\...\Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe [124776 2010-10-29] (FUJITSU LIMITED)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel(R) Corporation)
    HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2010-11-04] ()
    HKLM\...\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run [x]
    HKLM\...\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe [4213248 2011-02-16] (Softex Inc.)
    HKLM\...\Run: [FJAutoR] C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe [93032 2010-10-05] (FUJITSU LIMITED)
    HKLM\...\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe [157184 2010-01-13] (FUJITSU LIMITED)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartFujitsuPointingDeviceUtility] "C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe" [85104 2011-02-01] (FUJITSU LIMITED)
    HKLM-x32\...\Run: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [48752 2010-09-29] (FUJITSU LIMITED)
    HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-14] (Intel Corporation)
    HKLM-x32\...\Run: [snp2uvc] C:\windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" [136488 2010-06-20] (CyberLink)
    HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s [224352 2010-06-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [328 2012-08-01] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKLM-x32\...\Run: [SIECACST] C:\Program Files (x86)\Siemens\CardOS API\bin\siecacst.exe [131072 2010-05-25] (Siemens AG)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-21] (RealNetworks, Inc.)
    HKU\LABeaty\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-07-23] (Acresso Corporation)
    HKU\LABeaty\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
    HKU\LABeaty\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [x]
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    AppInit_DLLs: C:\windows\system32\nvinitx.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\LABeaty\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
    ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\natspeak.exe (Nuance Communications, Inc.)
    Startup: C:\Users\LABeaty\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
    ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
    Startup: C:\Users\LABeaty\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Services (Whitelisted) ======
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
    2 HPSLPSVC; C:\Users\LABeaty\AppData\Local\Temp\7zS4C63\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [42496 2011-02-16] (Softex Inc.)
    2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 Sierra Wireless QDL Service; C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [308592 2011-02-16] (Sierra Wireless, Inc.)
    2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5640048 2011-02-23] (Wacom Technology, Corp.)
    2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449904 2011-02-23] (Wacom Technology, Corp.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-01-14] (Intel Corporation)
    2 UpdateNaviInstallService; "C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe" [14336 2009-09-30] (FUJITSU LIMITED)
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    ========================== Drivers (Whitelisted) =============
    3 acpials; C:\Windows\System32\Drivers\acpials.sys [9728 2009-07-13] (Microsoft Corporation)
    3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [131112 2010-10-03] (Broadcom Corporation.)
    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-06-20] (Windows (R) Win 7 DDK provider)
    3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
    0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-23] (FUJITSU LIMITED)
    3 Fjbtndrv; C:\Windows\System32\Drivers\Fjbtndrv.sys [23040 2009-08-27] (Fujitsu America, Inc.)
    0 FJGSDisk; C:\Windows\System32\Drivers\FJGSDisk.sys [15208 2011-06-20] (FUJITSU LIMITED)
    3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [72640 2010-07-21] (FTDI Ltd.)
    3 FUJ02B1; C:\Windows\System32\Drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
    3 FUJ02E3; C:\Windows\System32\Drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
    3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1801216 2010-10-09] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-10] (Duplex Secure Ltd.)
    3 swg3kflt03; C:\Windows\System32\Drivers\swg3kflt03.sys [34432 2011-01-07] (Sierra Wireless Incorporated)
    3 swg3knmea03; C:\Windows\System32\Drivers\swg3knmea03.sys [254848 2010-12-24] (Sierra Wireless Incorporated)
    3 swg3kser03; C:\Windows\System32\Drivers\swg3kser03.sys [254848 2011-01-07] (Sierra Wireless Incorporated)
    3 wacomvthid; C:\Windows\System32\Drivers\wacomvthid.sys [16368 2010-12-02] (Wacom Technology)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-31 20:49 - 2012-07-31 20:49 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.7B6EF54FE2C04B8C
    2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.F841FB9219162BD5
    2012-07-31 20:39 - 2012-07-31 20:39 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D731AC556A37363D
    2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.4FA4845277AAE137
    2012-07-31 20:33 - 2012-07-31 20:33 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.8AB2DBA2D07EDAD4
    2012-07-31 20:30 - 2012-07-31 20:30 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.1ABA42A5BC993520
    2012-07-31 20:27 - 2012-07-31 20:27 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.5E97FF3E8A655DAE
    2012-07-31 20:22 - 2012-07-31 20:22 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D3B26E2D7256280F
    2012-07-31 20:19 - 2012-07-31 20:19 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.FBE8985CF2A4D9BC
    2012-07-31 20:18 - 2012-07-31 20:19 - 00000029 ___AC C:\Users\LABeaty\Desktop\noshutdown.bat
    2012-07-31 20:15 - 2012-07-31 20:15 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.F7FFE7AFA024D4AD
    2012-07-31 20:14 - 2012-07-31 20:14 - 00001266 ___AC C:\Users\LABeaty\Desktop\shutdown.exe -a.lnk
    2012-07-31 20:11 - 2012-07-31 20:11 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.E894A526E1F5DF25
    2012-07-31 20:08 - 2012-07-31 20:08 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.0788C3063D7CB639
    2012-07-31 20:05 - 2012-07-31 20:05 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.ED131D323D23AA38
    2012-07-31 20:02 - 2012-07-31 20:02 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.86B74321DA554A2B
    2012-07-31 19:59 - 2012-07-31 19:59 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.2BBEFF9B8AAC7DD9
    2012-07-31 19:56 - 2012-07-31 19:56 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.CAE158610E1498C6
    2012-07-31 19:52 - 2012-07-31 19:52 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D87EC67CBEF5CBB1
    2012-07-31 19:48 - 2012-07-31 19:48 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.8AB4248BE94D4FA6
    2012-07-31 19:44 - 2012-07-31 19:44 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.5126A6592DBDCB47
    2012-07-31 19:41 - 2012-07-31 19:41 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.B1FF1F2CDEA787B6
    2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.6FFDF7400774FD67
    2012-07-31 19:31 - 2012-07-31 19:31 - 00000000 ___DC C:\Program Files\Microsoft Security Client
    2012-07-31 19:31 - 2012-07-31 19:31 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
    2012-07-31 17:17 - 2012-07-31 17:17 - 00000000 ___DC C:\Users\LABeaty\AppData\Roaming\RealNetworks
    2012-07-26 15:53 - 2012-07-26 15:53 - 00000000 ___DC C:\Program Files (x86)\Oracle
    2012-07-26 15:53 - 2012-07-05 19:06 - 00772544 ___AC (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-26 05:41 - 2012-07-26 05:41 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
    2012-07-21 21:05 - 2012-07-21 21:05 - 00000065 ___AC C:\Users\LABeaty\Desktop\Cloud Notes.txt
    2012-07-21 20:57 - 2012-07-21 20:57 - 00000391 ___AC C:\Users\LABeaty\Desktop\IEEE - IEEEXtreme 24-Hour Programming Competition.website
    2012-07-21 16:40 - 2012-07-21 17:25 - 00000000 __RDC C:\Users\LABeaty\Virtual Machines
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Windows\System32\Drivers\tr-TR
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Windows\System32\Drivers\th-TH
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Windows\System32\Drivers\ro-RO
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Windows\System32\Drivers\he-IL
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Windows\System32\Drivers\ar-SA
    2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ___DC C:\Program Files (x86)\Windows Virtual PC
    2012-07-20 15:30 - 2012-07-20 15:31 - 04514816 ____A (Microsoft Corporation) C:\Windows\System32\vpc.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 02264064 ____A (Microsoft Corporation) C:\Windows\System32\VPCWizard.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 01369600 ____A (Microsoft Corporation) C:\Windows\System32\VPCSettings.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 01210368 ____A (Microsoft Corporation) C:\Windows\System32\VMWindow.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 00936448 ____A (Microsoft Corporation) C:\Windows\System32\vmsal.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 00793600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
    2012-07-20 15:30 - 2012-07-20 15:31 - 00562176 ____A (Microsoft Corporation) C:\Windows\System32\VMCPropertyHandler.dll
    2012-07-20 15:30 - 2012-07-20 15:31 - 00360832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcvmm.sys
    2012-07-20 15:30 - 2012-07-20 15:31 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcnfltr.sys
    2012-07-20 15:30 - 2010-11-20 05:34 - 00194944 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\vpchbus.sys
    2012-07-20 15:30 - 2010-11-20 05:27 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\vpchbuspipe.dll
    2012-07-20 15:30 - 2010-11-20 03:35 - 00095232 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\vpcusb.sys
    2012-07-20 15:30 - 2010-11-20 03:35 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\vpcuxd.sys
    2012-07-20 15:17 - 2012-07-21 19:17 - 00000528 ___AC C:\Users\LABeaty\Desktop\Wix.com janesea created by janesea2012 based on nu-biz-trader.website
    2012-07-20 15:17 - 2012-07-20 15:17 - 00000343 ___AC C:\Users\LABeaty\Desktop\janeseatw5000 System Myfxbook.website
    2012-07-20 14:46 - 2012-07-20 14:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-20 14:46 - 2012-07-20 14:46 - 00263968 ___AC C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-20 14:35 - 2012-07-20 14:35 - 00000000 ___DC C:\Program Files\Windows XP Mode
    2012-07-17 18:09 - 2012-07-17 18:09 - 00000000 ___DC C:\Users\LABeaty\AppData\Roaming\Logitech
    2012-07-17 18:09 - 2012-07-17 18:09 - 00000000 ___DC C:\Users\LABeaty\AppData\Roaming\InstallShield
    2012-07-17 18:09 - 2012-07-17 18:09 - 00000000 ___DC C:\Program Files (x86)\Logitech
    2012-07-17 16:18 - 2012-07-31 17:22 - 00000000 ___DC C:\Users\LABeaty\Desktop\One-minute
    2012-07-15 16:59 - 2012-07-15 17:02 - 00000000 ___DC C:\Users\LABeaty\AppData\Roaming\Open Watcom
    2012-07-14 15:03 - 2012-07-20 15:09 - 00000417 ___AC C:\Users\LABeaty\Desktop\BigML - Machine Learning Made Easy.website
    2012-07-14 14:17 - 2012-07-20 14:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-14 14:17 - 2012-07-20 14:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-14 14:17 - 2012-07-20 14:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-14 14:17 - 2012-07-20 14:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-14 14:17 - 2012-07-20 14:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-14 14:17 - 2012-07-20 14:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-14 14:17 - 2012-07-20 14:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-14 14:17 - 2012-07-20 14:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-14 14:15 - 2012-07-20 14:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-14 14:15 - 2012-07-20 14:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-14 14:15 - 2012-07-20 14:43 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-14 14:15 - 2012-07-20 14:43 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-07-14 14:15 - 2012-07-20 14:43 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-07-14 14:15 - 2012-07-20 14:43 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-07-14 14:15 - 2012-07-20 14:41 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-14 14:15 - 2012-07-20 14:41 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-07-14 14:15 - 2012-07-20 14:41 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-07-14 14:15 - 2012-07-20 14:39 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-14 14:15 - 2012-07-20 14:39 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-14 14:15 - 2012-07-20 14:39 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-14 13:46 - 2012-07-20 14:43 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-14 13:46 - 2012-07-20 14:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-14 13:46 - 2012-07-20 14:43 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-14 13:46 - 2012-07-20 14:43 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-14 13:46 - 2012-07-20 14:41 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-07-14 13:45 - 2012-07-14 14:16 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-14 13:45 - 2012-07-14 14:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 19:16 - 2012-07-11 20:00 - 00002727 ___AC C:\Users\LABeaty\Desktop\ShamsGraduateSchoolRecommendation.txt
    2012-07-08 19:30 - 2012-07-08 19:30 - 00000000 ___DC C:\Users\LABeaty\AppData\Roaming\MetaQuotes
    2012-07-06 08:12 - 2012-07-31 19:35 - 00001648 ___AC C:\Users\LABeaty\Desktop\Notes.txt
    2012-07-04 06:50 - 2012-07-04 06:50 - 00000069 ___AC C:\Users\LABeaty\Desktop\Microsoft Lync - Wikipedia, the free encyclopedia.URL
    2012-07-04 06:48 - 2012-07-04 06:48 - 00000506 ___AC C:\Users\LABeaty\Desktop\BE CONNECTED To Effective Networking -- Networking training and networking opportunity.website

    ============ 3 Months Modified Files ========================
    2012-08-01 12:34 - 2012-04-21 17:46 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-01 12:34 - 2012-01-19 20:17 - 00013907 ___AC C:\Windows\setupact.log
    2012-08-01 12:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-01 11:09 - 2011-06-20 21:17 - 00000896 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-01 05:56 - 2009-07-13 15:19 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-31 20:49 - 2012-07-31 20:49 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.7B6EF54FE2C04B8C
    2012-07-31 20:49 - 2009-07-13 21:13 - 00800220 ___AC C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 20:42 - 2012-07-31 20:42 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.F841FB9219162BD5
    2012-07-31 20:42 - 2011-06-20 21:17 - 00000900 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-31 20:39 - 2012-07-31 20:39 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D731AC556A37363D
    2012-07-31 20:36 - 2012-07-31 20:36 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.4FA4845277AAE137
    2012-07-31 20:33 - 2012-07-31 20:33 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.8AB2DBA2D07EDAD4
    2012-07-31 20:30 - 2012-07-31 20:30 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.1ABA42A5BC993520
    2012-07-31 20:27 - 2012-07-31 20:27 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.5E97FF3E8A655DAE
    2012-07-31 20:22 - 2012-07-31 20:22 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D3B26E2D7256280F
    2012-07-31 20:19 - 2012-07-31 20:19 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.FBE8985CF2A4D9BC
    2012-07-31 20:19 - 2012-07-31 20:18 - 00000029 ___AC C:\Users\LABeaty\Desktop\noshutdown.bat
    2012-07-31 20:15 - 2012-07-31 20:15 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.F7FFE7AFA024D4AD
    2012-07-31 20:14 - 2012-07-31 20:14 - 00001266 ___AC C:\Users\LABeaty\Desktop\shutdown.exe -a.lnk
    2012-07-31 20:11 - 2012-07-31 20:11 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.E894A526E1F5DF25
    2012-07-31 20:08 - 2012-07-31 20:08 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.0788C3063D7CB639
    2012-07-31 20:05 - 2012-07-31 20:05 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.ED131D323D23AA38
    2012-07-31 20:02 - 2012-07-31 20:02 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.86B74321DA554A2B
    2012-07-31 19:59 - 2012-07-31 19:59 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.2BBEFF9B8AAC7DD9
    2012-07-31 19:56 - 2012-07-31 19:56 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.CAE158610E1498C6
    2012-07-31 19:52 - 2012-07-31 19:52 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.D87EC67CBEF5CBB1
    2012-07-31 19:48 - 2012-07-31 19:48 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.8AB4248BE94D4FA6
    2012-07-31 19:44 - 2012-07-31 19:44 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.5126A6592DBDCB47
    2012-07-31 19:41 - 2012-07-31 19:41 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.B1FF1F2CDEA787B6
    2012-07-31 19:39 - 2011-06-20 21:34 - 00000390 RASHC C:\Users\All Users\ntuser.pol
    2012-07-31 19:37 - 2012-07-31 19:37 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.6FFDF7400774FD67
    2012-07-31 19:35 - 2012-07-06 08:12 - 00001648 ___AC C:\Users\LABeaty\Desktop\Notes.txt
    2012-07-31 19:32 - 2011-06-20 20:11 - 01874406 ___AC C:\Windows\WindowsUpdate.log
    2012-07-31 19:31 - 2011-07-01 15:55 - 00816624 ___AC C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-31 19:31 - 2011-07-01 15:55 - 00001945 ___AC C:\Windows\epplauncher.mif
    2012-07-29 19:46 - 2011-07-09 17:54 - 00002044 __AHC C:\Users\LABeaty\Documents\Default.rdp
    2012-07-26 21:11 - 2012-04-21 17:46 - 00426184 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-26 21:11 - 2011-07-10 17:22 - 00070344 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-26 15:53 - 2012-01-17 21:56 - 00227824 ___AC (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-26 15:53 - 2012-01-17 21:56 - 00174064 ___AC (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-26 15:53 - 2012-01-17 21:56 - 00174064 ___AC (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-21 21:20 - 2009-07-13 20:45 - 00017616 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 21:20 - 2009-07-13 20:45 - 00017616 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-21 21:05 - 2012-07-21 21:05 - 00000065 ___AC C:\Users\LABeaty\Desktop\Cloud Notes.txt
    2012-07-21 20:57 - 2012-07-21 20:57 - 00000391 ___AC C:\Users\LABeaty\Desktop\IEEE - IEEEXtreme 24-Hour Programming Competition.website
    2012-07-21 19:17 - 2012-07-20 15:17 - 00000528 ___AC C:\Users\LABeaty\Desktop\Wix.com janesea created by janesea2012 based on nu-biz-trader.website
    2012-07-20 15:31 - 2012-07-20 15:30 - 04514816 ____A (Microsoft Corporation) C:\Windows\System32\vpc.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 02264064 ____A (Microsoft Corporation) C:\Windows\System32\VPCWizard.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 01369600 ____A (Microsoft Corporation) C:\Windows\System32\VPCSettings.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 01210368 ____A (Microsoft Corporation) C:\Windows\System32\VMWindow.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 00936448 ____A (Microsoft Corporation) C:\Windows\System32\vmsal.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 00793600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
    2012-07-20 15:31 - 2012-07-20 15:30 - 00562176 ____A (Microsoft Corporation) C:\Windows\System32\VMCPropertyHandler.dll
    2012-07-20 15:31 - 2012-07-20 15:30 - 00360832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcvmm.sys
    2012-07-20 15:31 - 2012-07-20 15:30 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcnfltr.sys
    2012-07-20 15:23 - 2009-07-13 20:45 - 00427616 ___AC C:\Windows\System32\FNTCACHE.DAT
    2012-07-20 15:17 - 2012-07-20 15:17 - 00000343 ___AC C:\Users\LABeaty\Desktop\janeseatw5000 System Myfxbook.website
    2012-07-20 15:09 - 2012-07-14 15:03 - 00000417 ___AC C:\Users\LABeaty\Desktop\BigML - Machine Learning Made Easy.website
    2012-07-20 14:47 - 2012-07-20 14:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-20 14:46 - 2012-07-20 14:46 - 00263968 ___AC C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-20 14:46 - 2012-07-14 14:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-20 14:46 - 2012-07-14 14:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-20 14:46 - 2012-07-14 14:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-20 14:46 - 2012-07-14 14:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-20 14:46 - 2012-07-14 14:15 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-20 14:46 - 2012-07-14 14:15 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-20 14:43 - 2012-07-14 14:15 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-20 14:43 - 2012-07-14 14:15 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-20 14:43 - 2012-07-14 14:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-07-20 14:43 - 2012-07-14 14:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-07-20 14:43 - 2012-07-14 14:15 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-07-20 14:43 - 2012-07-14 13:46 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-20 14:43 - 2012-07-14 13:46 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-20 14:43 - 2012-07-14 13:46 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-20 14:43 - 2012-07-14 13:46 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-20 14:43 - 2012-07-14 13:46 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-20 14:43 - 2012-07-14 13:46 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-20 14:43 - 2012-07-14 13:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-20 14:43 - 2012-07-14 13:46 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-20 14:43 - 2012-07-14 13:46 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-20 14:41 - 2012-07-14 14:15 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-20 14:41 - 2012-07-14 14:15 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-07-20 14:41 - 2012-07-14 14:15 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-07-20 14:41 - 2012-07-14 13:46 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-20 14:39 - 2012-07-14 14:15 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-20 14:39 - 2012-07-14 14:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-20 14:38 - 2012-07-14 14:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-20 14:38 - 2012-07-14 14:17 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-20 14:38 - 2012-07-14 14:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-20 14:38 - 2012-07-14 14:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-20 14:38 - 2012-07-14 14:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-20 14:38 - 2012-07-14 14:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-20 14:38 - 2012-07-14 14:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-15 19:21 - 2011-07-10 17:29 - 00024705 ___AC C:\Users\LABeaty\_viminfo
    2012-07-14 14:16 - 2012-07-14 13:45 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-14 14:16 - 2012-07-14 13:45 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 20:00 - 2012-07-11 19:16 - 00002727 ___AC C:\Users\LABeaty\Desktop\ShamsGraduateSchoolRecommendation.txt
    2012-07-10 22:49 - 2012-06-18 18:12 - 00000600 ___AC C:\Users\LABeaty\AppData\Local\PUTTY.RND
    2012-07-05 19:06 - 2012-07-26 15:53 - 00772544 ___AC (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-04 06:53 - 2011-03-05 10:51 - 00268200 ___AC C:\Windows\PFRO.log
    2012-07-04 06:50 - 2012-07-04 06:50 - 00000069 ___AC C:\Users\LABeaty\Desktop\Microsoft Lync - Wikipedia, the free encyclopedia.URL
    2012-07-04 06:48 - 2012-07-04 06:48 - 00000506 ___AC C:\Users\LABeaty\Desktop\BE CONNECTED To Effective Networking -- Networking training and networking opportunity.website
    2012-07-03 00:19 - 2011-06-26 07:56 - 59701280 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-29 18:09 - 2012-06-29 18:09 - 01189461 ___AC C:\Users\LABeaty\Downloads\Rock_Sol_10_pip_day_strat.rar
    2012-06-28 20:43 - 2011-10-06 19:08 - 00000121 ___AC C:\Windows\TomsRegistration.INI
    2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-21 20:35 - 2011-12-11 07:22 - 00272896 ___AC (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-06-21 20:35 - 2011-12-11 07:22 - 00006656 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-06-21 20:35 - 2011-12-11 07:22 - 00005632 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-06-21 20:35 - 2011-09-11 18:32 - 00198832 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 17:55 - 2012-06-20 17:55 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-20 17:55 - 2012-06-20 17:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-17 10:00 - 2012-06-17 09:59 - 31009058 ___AC C:\Users\LABeaty\Desktop\Test1.xps
    2012-06-01 08:37 - 2012-06-01 08:37 - 00002002 ___AC C:\Users\LABeaty\Desktop\Yahoo! SiteBuilder.lnk
    2012-06-01 08:37 - 2012-06-01 08:37 - 00002002 ____A C:\Users\UpdatusUser\Desktop\Yahoo! SiteBuilder.lnk
    2012-05-31 22:12 - 2011-06-25 20:42 - 00004474 ___AC C:\Users\LABeaty\AppData\Roaming\FjMenu1.XML
    2012-05-30 05:34 - 2011-10-01 21:04 - 00000952 _ASHC C:\Windows\SysWOW64\KGyGaAvL.sys
    2012-05-20 20:59 - 2011-07-17 14:35 - 00001795 ___AC C:\Users\LABeaty\AppData\Roaming\SAS7_000.DAT
    2012-05-18 16:24 - 2012-05-18 16:04 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-05-18 16:24 - 2012-05-18 16:04 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-05-18 16:24 - 2009-07-13 18:34 - 00000478 ___AC C:\Windows\win.ini
    2012-05-18 16:15 - 2012-05-18 16:15 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-05-18 16:15 - 2012-05-18 16:15 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-05-18 16:15 - 2012-05-18 16:15 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-05-18 16:15 - 2012-05-18 16:15 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-05-18 16:15 - 2012-05-18 16:15 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-05-18 16:15 - 2012-05-18 16:15 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-05-18 16:15 - 2012-05-18 16:15 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-05-18 16:15 - 2012-05-18 16:04 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
    2012-05-18 16:15 - 2012-05-18 16:04 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2012-05-18 16:15 - 2012-05-18 16:04 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-05-18 16:15 - 2012-05-18 16:04 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
    2012-05-18 16:14 - 2012-05-18 16:04 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-05-18 15:32 - 2012-05-18 15:32 - 00311296 ___AC C:\Windows\SysWOW64\siecaces.dll
    2012-05-18 15:32 - 2012-05-18 15:32 - 00184320 ___AC C:\Windows\SysWOW64\gmp4_2_1.dll
    2012-05-18 15:32 - 2012-05-18 15:32 - 00118784 ___AC (Siemens AG) C:\Windows\SysWOW64\siecacpc.dll
    2012-05-18 15:32 - 2012-05-18 15:32 - 00028672 ___AC C:\Windows\SysWOW64\siecacsp.dll
    2012-05-18 15:32 - 2012-05-18 15:32 - 00000136 ___AC C:\Windows\SysWOW64\siecacsp.sig
    2012-05-15 21:14 - 2011-10-16 18:59 - 00013582 ___AC C:\Users\LABeaty\.octave_hist
    2012-05-13 20:11 - 2012-05-13 20:11 - 02075357 ___AC C:\Users\LABeaty\Downloads\MQl4BookEnglish.chm
    ZeroAccess:
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\@
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\L
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\U
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\U\00000001.@
    ZeroAccess:
    C:\Users\LABeaty\AppData\Local\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}
    C:\Users\LABeaty\AppData\Local\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\@
    C:\Users\LABeaty\AppData\Local\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\L
    C:\Users\LABeaty\AppData\Local\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 16%
    Total physical RAM: 3983.05 MB
    Available physical RAM: 3338.45 MB
    Total Pagefile: 3981.2 MB
    Available Pagefile: 3339.52 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:103.04 GB) (Free:8.7 GB) NTFS
    2 Drive e: () (Fixed) (Total:16 GB) (Free:3.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:1.91 GB) (Free:1.86 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 119 GB 1024 KB
    Disk 1 Online 1954 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 16 GB 1024 KB
    Partition 2 Primary 200 MB 16 GB
    Partition 3 Primary 103 GB 16 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 16 GB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 200 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 103 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1954 MB 0 B
    ==================================================================================
    Disk: 1
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-27 22:27
    ======================= End Of Log ==========================
     
  3. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-01 15:40:24
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-08-01 05:56] - 0328704 ___AC (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4
    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    I ran the FRST64 fix, log posted below.
    Then I ran combofix. It complained that Microsoft Security Essentials was still running - it was, but wasn't in the tray, so I didn't know it was running. I got it's GUI to come up and clicked off the real-time protection, then continued combofix. It complained again, so I found the MSE service and stopped it with "net stop", then let combofix continue. The combofix log is posted below.
     
  6. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-01 18:39:31 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.7B6EF54FE2C04B8C moved successfully.
    C:\Windows\System32\services.exe.F841FB9219162BD5 moved successfully.
    C:\Windows\System32\services.exe.D731AC556A37363D moved successfully.
    C:\Windows\System32\services.exe.4FA4845277AAE137 moved successfully.
    C:\Windows\System32\services.exe.8AB2DBA2D07EDAD4 moved successfully.
    C:\Windows\System32\services.exe.1ABA42A5BC993520 moved successfully.
    C:\Windows\System32\services.exe.5E97FF3E8A655DAE moved successfully.
    C:\Windows\System32\services.exe.D3B26E2D7256280F moved successfully.
    C:\Windows\System32\services.exe.FBE8985CF2A4D9BC moved successfully.
    C:\Users\LABeaty\Desktop\noshutdown.bat moved successfully.
    C:\Windows\System32\services.exe.F7FFE7AFA024D4AD moved successfully.
    C:\Users\LABeaty\Desktop\shutdown.exe -a.lnk moved successfully.
    C:\Windows\System32\services.exe.E894A526E1F5DF25 moved successfully.
    C:\Windows\System32\services.exe.0788C3063D7CB639 moved successfully.
    C:\Windows\System32\services.exe.ED131D323D23AA38 moved successfully.
    C:\Windows\System32\services.exe.86B74321DA554A2B moved successfully.
    C:\Windows\System32\services.exe.2BBEFF9B8AAC7DD9 moved successfully.
    C:\Windows\System32\services.exe.CAE158610E1498C6 moved successfully.
    C:\Windows\System32\services.exe.D87EC67CBEF5CBB1 moved successfully.
    C:\Windows\System32\services.exe.8AB4248BE94D4FA6 moved successfully.
    C:\Windows\System32\services.exe.5126A6592DBDCB47 moved successfully.
    C:\Windows\System32\services.exe.B1FF1F2CDEA787B6 moved successfully.
    C:\Windows\System32\services.exe.6FFDF7400774FD67 moved successfully.
    C:\Windows\Installer\{8dce6d9d-999f-362e-2d92-f3e85d27dccb} moved successfully.
    C:\Users\LABeaty\AppData\Local\{8dce6d9d-999f-362e-2d92-f3e85d27dccb} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  7. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    ComboFix 12-07-31.03 - LABeaty 08/01/2012 18:48:50.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3983.2194 [GMT -5:00]
    Running from: c:\users\LABeaty\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Roaming
    c:\users\LABeaty\AppData\Local\Temp\7zS4C63\HPSLPSVC64.DLL
    c:\users\LABeaty\g2mdlhlpx.exe
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_HPSLPSVC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 23:38 . 2012-08-01 23:38 -------- dc----w- C:\FRST
    2012-08-01 03:34 . 2012-02-09 19:17 927800 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E74C40BC-C8A7-46AC-A60F-73BB89542261}\gapaengine.dll
    2012-08-01 03:33 . 2012-07-16 07:40 9133488 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313BBB98-CC48-4E4F-AD98-2D4F7C0750EE}\mpengine.dll
    2012-08-01 03:31 . 2012-08-01 03:31 -------- dc----w- c:\program files (x86)\Microsoft Security Client
    2012-08-01 03:31 . 2012-08-01 03:31 -------- dc----w- c:\program files\Microsoft Security Client
    2012-08-01 01:17 . 2012-08-01 01:17 -------- dc----w- c:\users\LABeaty\AppData\Roaming\RealNetworks
    2012-07-26 23:54 . 2012-07-26 23:54 -------- dc----w- c:\program files (x86)\Common Files\Java
    2012-07-26 23:53 . 2012-07-26 23:53 -------- dc----w- c:\program files (x86)\Oracle
    2012-07-26 23:53 . 2012-07-06 03:06 772544 -c--a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-26 13:41 . 2012-07-26 13:41 -------- dcsh--w- c:\windows\system32\%APPDATA%
    2012-07-22 00:40 . 2012-07-22 01:25 -------- dc----r- c:\users\LABeaty\Virtual Machines
    2012-07-20 23:30 . 2012-07-20 23:31 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
    2012-07-20 22:46 . 2012-07-20 22:47 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-20 22:35 . 2012-07-20 22:35 -------- dc----w- c:\program files\Windows XP Mode
    2012-07-18 02:09 . 2012-07-18 02:09 -------- dc----w- c:\users\LABeaty\AppData\Roaming\Logitech
    2012-07-18 02:09 . 2012-07-18 02:09 -------- dc----w- c:\program files (x86)\Logitech
    2012-07-18 02:09 . 2012-07-18 02:09 -------- dc----w- c:\users\LABeaty\AppData\Roaming\InstallShield
    2012-07-16 00:59 . 2012-07-16 01:02 -------- dc----w- c:\users\LABeaty\AppData\Roaming\Open Watcom
    2012-07-14 22:15 . 2012-07-20 22:46 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-14 21:46 . 2012-07-20 22:43 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-14 21:46 . 2012-07-20 22:43 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-07-14 21:46 . 2012-07-20 22:43 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-14 21:46 . 2012-07-20 22:43 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-07-14 21:46 . 2012-07-20 22:43 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-14 21:46 . 2012-07-20 22:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-07-14 21:46 . 2012-07-20 22:43 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-14 21:46 . 2012-07-20 22:43 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-07-14 21:46 . 2012-07-20 22:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-07-14 21:46 . 2012-07-20 22:41 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-09 03:30 . 2012-07-09 03:30 -------- dc----w- c:\users\LABeaty\AppData\Roaming\MetaQuotes
    2012-07-07 19:46 . 2012-07-07 19:46 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-07 19:46 . 2012-07-07 19:46 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-05 23:45 . 2012-07-05 23:45 5030088 -c--a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 05:11 . 2012-04-22 01:46 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 05:11 . 2011-07-11 01:22 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 08:19 . 2011-06-26 15:56 59701280 -c--a-w- c:\windows\system32\MRT.exe
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 -c--a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-21 01:55 . 2012-06-21 01:55 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 01:55 . 2012-06-21 01:55 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 01:55 . 2012-06-21 01:55 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 01:55 . 2012-06-21 01:55 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 01:55 . 2012-06-21 01:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 01:55 . 2012-06-21 01:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 01:55 . 2012-06-21 01:55 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 01:55 . 2012-06-21 01:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 01:55 . 2012-06-21 01:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-05-20 00:14 . 2012-05-09 03:24 112832 -c--a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-05-19 00:24 . 2012-05-19 00:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-19 00:24 . 2012-05-19 00:04 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-19 00:15 . 2012-05-19 00:04 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-19 00:15 . 2012-05-19 00:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-05-19 00:15 . 2012-05-19 00:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-05-19 00:15 . 2012-05-19 00:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-05-19 00:15 . 2012-05-19 00:15 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-05-19 00:15 . 2012-05-19 00:15 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-05-19 00:15 . 2012-05-19 00:15 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-05-19 00:15 . 2012-05-19 00:15 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-05-19 00:15 . 2012-05-19 00:15 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-05-19 00:15 . 2012-05-19 00:15 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-05-19 00:15 . 2012-05-19 00:15 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-05-19 00:14 . 2012-05-19 00:04 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-18 23:32 . 2012-05-18 23:32 28672 -c--a-w- c:\windows\SysWow64\siecacsp.dll
    2012-05-18 23:32 . 2012-05-18 23:32 118784 -c--a-w- c:\windows\SysWow64\siecacpc.dll
    2012-05-18 23:32 . 2012-05-18 23:32 311296 -c--a-w- c:\windows\SysWow64\siecaces.dll
    2012-05-18 23:32 . 2012-05-18 23:32 184320 -c--a-w- c:\windows\SysWow64\gmp4_2_1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartFujitsuPointingDeviceUtility"="c:\program files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe" [2011-02-02 85104]
    "IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-14 112152]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2010-06-20 136488]
    "YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2010-06-20 224352]
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    "SIECACST"="c:\program files (x86)\Siemens\CardOS API\bin\siecacst.exe" [2010-05-25 131072]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-22 296056]
    .
    c:\users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dragon NaturallySpeaking.lnk - c:\program files (x86)\Nuance\NaturallySpeaking11\Program\natspeak.exe [2011-7-25 4106160]
    Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2012-1-18 303456]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-27 1997416]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-14 2656280]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-06-02 2734400]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2010-10-04 131112]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
    R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys [2011-09-06 177920]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-07 113120]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
    R3 swg3kflt03;Sierra Wireless USB Composite Device Filter 03;c:\windows\system32\drivers\swg3kflt03.sys [2011-01-07 34432]
    R3 swg3knmea03;Sierra Wireless QMI NMEA Communication - Fujitsu;c:\windows\system32\drivers\swg3knmea03.sys [2010-12-24 254848]
    R3 swg3kser03;Sierra Wireless QMI USB Device for Legacy Serial Communication - Fujitsu;c:\windows\system32\drivers\swg3kser03.sys [2011-01-07 254848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-24 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
    S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2011-06-21 15208]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-27 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
    S2 Sierra Wireless QDL Service;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-02-16 308592]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-02-23 5640048]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2011-02-23 449904]
    S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-09-30 14336]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
    S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-03 770152]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-20 32880]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-21 316080]
    S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2009-08-28 23040]
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [2011-01-03 74984]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys [2011-01-17 74088]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2010-12-02 16368]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 05:11]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 05:17]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 05:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-08 418328]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-08 11663464]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
    "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2010-12-09 19800]
    "PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
    "FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2010-10-29 124776]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
    "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2011-02-16 4213248]
    "FJAutoR"="c:\program files\Fujitsu\AutoRotation\AutoRotation.exe" [2010-10-05 93032]
    "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2010-01-13 157184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF9484.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\LABeaty\AppData\Roaming\Mozilla\Firefox\Profiles\0d8ctrvv.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
    Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-C0MM4NDT-L00K-FXFX-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
    AddRemove-F0RX34SY-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
    AddRemove-ST34M1NG-N3WS-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
    AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    AddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1 - c:\program files (x86)\GlobalTec Solutions
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1226845524-514418154-198263103-1001\Software\SecuROM\License information*]
    "datasecu"=hex:42,02,ab,9e,6e,db,25,72,75,b0,12,92,8d,5f,3e,b1,c8,93,31,41,f0,
    be,61,b0,b2,9d,c6,e4,01,b1,80,93,7c,34,a9,d7,0d,89,b5,99,cd,8e,6f,4c,2b,fe,\
    "rkeysecu"=hex:06,9e,4b,55,b1,22,75,fc,96,26,8a,99,6e,d4,1e,3f
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files\Softex\OmniPass\hook\OpHook32BitProcess.exe
    c:\program files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files (x86)\Nuance\NaturallySpeaking11\Program\dnsspserver.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-01 18:55:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-01 23:55
    .
    Pre-Run: 9,341,607,936 bytes free
    Post-Run: 8,901,758,976 bytes free
    .
    - - End Of File - - FD184106616BB813528CEB0C1969E8FF
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    The computer seems mostly OK (at least, it's not shutting down every couple of minutes), but there's a couple of issues. There are website shortcuts on the desktop, and the IE icon on those shortcuts has changed. It's still a blue lower-case "e", but there's a white box around the blue "e". No big deal; I will fix it later, but just mention it in case it's related to the things you're looking for.

    More importantly, there's a Windows update that needs to be installed, but the Windows Update fails with "Code 80246008, unknown error". An MSDN article says to go start the Background Intelligent Transfer Service (BITS), but it's not listed in the services.msc window. I'll post the MBAM and OTL files, then I'm done for the day... will look at it more tomorrow.

    Thanks for all the help so far.
     
  10. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.02.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    LABeaty :: THREEPOINTHITCH [administrator]
    Protection: Disabled
    8/1/2012 8:09:40 PM
    mbam-log-2012-08-01 (20-09-40).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222616
    Time elapsed: 44 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Leave Windows updates alone for now.
    Go on with OTL.
     
  12. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    OTL Extras logfile created on: 8/1/2012 8:13:24 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\LABeaty\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.62% Memory free
    7.78 Gb Paging File | 5.73 Gb Available in Paging File | 73.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 103.04 Gb Total Space | 7.85 Gb Free Space | 7.62% Space Free | Partition Type: NTFS
    Drive D: | 1.91 Gb Total Space | 1.84 Gb Free Space | 96.58% Space Free | Partition Type: FAT32
    Drive Y: | 103.04 Gb Total Space | 7.85 Gb Free Space | 7.62% Space Free | Partition Type: CSC-CACHE
    Drive Z: | 149.04 Gb Total Space | 44.40 Gb Free Space | 29.79% Space Free | Partition Type: NTFS

    Computer Name: THREEPOINTHITCH | User Name: LABeaty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CBCBA86A-5A18-4ABD-853D-448561EEA867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F70ABBC1-FF01-44F1-B361-3D8C2F202C0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04724488-A91A-4638-836A-FE3913A1281D}" = Fujitsu Fingerprint Authentication Library
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E3AB08B-4203-4CDD-9F15-C016F1BC6453}" = Inst5672
    "{5CB9660D-919E-421A-AE17-DD6C925E1AF3}" = O2Micro Flash Memory Card Windows Driver
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9D90DF69-ABFF-4A8D-8B0D-27FA46509DE3}" = Auto Rotation Utility
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.40
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.40
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
    "{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
    "{ED6D1938-2629-4298-9B31-8A75F7CEC8A0}" = Fujitsu Button Utilities
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "C1556C282D8A9FB37C3F3925E582B76545A344EF" = Windows Driver Package - Fujitsu America, Inc. (FjBtnDrv) HIDClass (08/27/2009 4.2.0827.2009)
    "ISD Tablet Driver" = ISD Tablet
    "LSI Soft Modem" = LSI HDA Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "ProInst" = Intel PROSet Wireless
    "SSD_Defrag_Off" = SSD_Defrag_Off
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Vim 7.3" = Vim 7.3 (self-installing)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C14B653-ED68-4BA3-B28B-9D84DC824531}" = DAK Wave MP3 Editor PRO v7.1b
    "{1054208F-DD88-43C9-8B3A-CA3D9786E52B}" = Battery Utility
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel Application for Supervisor
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19E00662-723E-4049-5CC5-000000000004}" = PKI Basic Client 4.0.1.38
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{373E9361-D16B-4527-8E52-D5B63AD08F58}" = AND Doctor Pro 3 Lite
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXDD - MetaTrader 4.00
    "{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel Application
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}" = GameSpy Comrade
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{85C5E551-9210-4851-AC69-86E30112B463}_is1" = SkyRemote 1.6.0.0
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD91DCC0-3FE4-469A-AE48-01F607898049}" = Corel Grafigo 2
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
    "{DDC49774-40B9-47AE-9C63-5569C08C4082}" = Pointing Device Utility
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBA345D9-FA6B-49B4-9855-F6F638622E85}" = EudoraProject
    "{EC2CF745-2AC8-4C8E-A9E1-78EEAE306F17}" = Eudora
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EEE717AC-C109-422F-9563-FE98889F91F7}" = Teamcenter's Application Sharing
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F478B039-7202-428F-9B94-7B2115E3AA9E}" = Registerdllsetup
    "{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Creator LJ
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
    "BPLab" = BPLab
    "Brain Fitness Program" = Brain Fitness Program
    "C0MM4NDT-L00K-FXFX-H3R3-UN1NST4LLTH3_is1" = CommandTRADE FX
    "CamStudio" = CamStudio
    "Digital Editions" = Adobe Digital Editions
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD-Cloner 9_is1" = DVD-Cloner V9.00 Build 1100
    "Elemental Trader_is1" = Elemental Trader 1.5
    "F0RX34SY-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1" = Wizetrade® FOREX
    "Forex Catapult F" = Forex Catapult F
    "Foxit PDF Editor" = Foxit PDF Editor
    "Google Chrome" = Google Chrome
    "Hello World_is1" = Hello World 0.1
    "IDroo" = IDroo 1.0.0.154
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel for Supervisor
    "InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
    "InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{5CB9660D-919E-421A-AE17-DD6C925E1AF3}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
    "InstallShield_{9D90DF69-ABFF-4A8D-8B0D-27FA46509DE3}" = Auto Rotation Utility
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
    "InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}" = Pointing Device Utility
    "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
    "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Numeric-py2.5" = Python 2.5 Numeric-24.2
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "Posit Science InSight" = Posit Science InSight
    "pygame-py2.5" = Python 2.5 pygame-1.7.1release
    "PythonCard-py2.5" = Python 2.5 PythonCard-0.8.2
    "RealPlayer 15.0" = RealPlayer
    "ST34M1NG-N3WS-1T1Z-H3R3-UN1NST4LLTH3_is1" = Wizetrade® Streaming News
    "Stani's Python Editor_is1" = SPE
    "Starry Night Pro" = Starry Night Pro
    "Steam App 39000" = Moonbase Alpha
    "SWIFujitsuDrvInstaller" = Sierra Wireless QMI Fujitsu Driver Package
    "TeamViewer 7" = TeamViewer 7
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Tom's EA_is1" = Tom's EA
    "W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1" = WizeFeed 2.1.5
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.6.2
    "World of Warcraft" = World of Warcraft
    "wxPython2.8-unicode-py25_is1" = wxPython 2.8.7.1 (unicode) for Python 2.5
    "XMind" = XMind
    "Yahoo! SiteBuilder" = Yahoo! SiteBuilder
    "Yugma90" = Yugma

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1226845524-514418154-198263103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/1/2012 7:51:55 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:53:53 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:53:53 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:53:56 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:53:56 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:54:02 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:54:02 PM | Computer Name = ThreePointHitch | Source = DragonSvc | ID = 0
    Description = Error: Execution of 'dnsspregister.exe' process failed with 0x800703FA
    error and 0xFFFFFFFF exit code

    Error - 8/1/2012 7:54:04 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 7:57:03 PM | Computer Name = ThreePointHitch | Source = nview | ID = 1
    Description = invalid grid count of 0

    Error - 8/1/2012 8:22:58 PM | Computer Name = ThreePointHitch | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ Media Center Events ]
    Error - 8/26/2011 11:45:29 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 10:45:26 PM - Error connecting to the internet. 10:45:26 PM - Unable
    to contact server..

    Error - 8/31/2011 9:29:54 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 8:29:51 PM - Error connecting to the internet. 8:29:51 PM - Unable
    to contact server..

    Error - 12/31/2011 4:09:04 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 2:09:04 PM - Failed to retrieve SportsV2 (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

    Error - 1/24/2012 11:25:37 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 9:25:33 PM - Error connecting to the internet. 9:25:33 PM - Unable
    to contact server..

    Error - 1/25/2012 7:56:35 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 5:56:32 PM - Error connecting to the internet. 5:56:32 PM - Unable
    to contact server..

    Error - 1/27/2012 8:27:36 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 6:27:34 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 1/29/2012 11:42:17 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 9:42:17 PM - Error connecting to the internet. 9:42:17 PM - Unable
    to contact server..

    Error - 1/29/2012 11:42:25 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 9:42:22 PM - Error connecting to the internet. 9:42:22 PM - Unable
    to contact server..

    Error - 2/7/2012 11:25:35 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 9:25:21 PM - Error connecting to the internet. 9:25:21 PM - Unable
    to contact server..

    Error - 2/12/2012 4:44:26 PM | Computer Name = ThreePointHitch | Source = MCUpdate | ID = 0
    Description = 2:44:23 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 5/18/2012 9:04:21 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36874
    Description = An SSL 3.0 connection request was received from a remote client application,
    but none of the cipher suites supported by the client application are supported
    by the server. The SSL connection request has failed.

    Error - 5/18/2012 9:04:21 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 40. The internal error state
    is 107.

    Error - 5/18/2012 9:04:22 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36874
    Description = An SSL 3.0 connection request was received from a remote client application,
    but none of the cipher suites supported by the client application are supported
    by the server. The SSL connection request has failed.

    Error - 5/18/2012 9:04:22 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 40. The internal error state
    is 107.

    Error - 5/18/2012 9:04:22 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36874
    Description = An SSL 3.0 connection request was received from a remote client application,
    but none of the cipher suites supported by the client application are supported
    by the server. The SSL connection request has failed.

    Error - 5/18/2012 9:04:22 AM | Computer Name = ThreePointHitch | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 40. The internal error state
    is 107.

    Error - 5/18/2012 11:58:53 AM | Computer Name = ThreePointHitch | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR24.

    Error - 5/18/2012 7:06:20 PM | Computer Name = ThreePointHitch | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk4\DR27.

    Error - 5/18/2012 8:02:43 PM | Computer Name = ThreePointHitch | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1331 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/18/2012 8:02:43 PM | Computer Name = ThreePointHitch | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
     
  13. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Having trouble posting the contents of the OTL.txt file. Most times when I hit "Post Reply", it waits a few seconds then comes back without having done anything. One time I got a red "Server Error". Will try as an attachment to this reply.
     

    Attached Files:

    • OTL.Txt
      File size:
      126.4 KB
      Views:
      0
  14. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Trying to post OTL.txt, first half:

    OTL logfile created on: 8/1/2012 8:13:24 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\LABeaty\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.62% Memory free
    7.78 Gb Paging File | 5.73 Gb Available in Paging File | 73.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 103.04 Gb Total Space | 7.85 Gb Free Space | 7.62% Space Free | Partition Type: NTFS
    Drive D: | 1.91 Gb Total Space | 1.84 Gb Free Space | 96.58% Space Free | Partition Type: FAT32
    Drive Y: | 103.04 Gb Total Space | 7.85 Gb Free Space | 7.62% Space Free | Partition Type: CSC-CACHE
    Drive Z: | 149.04 Gb Total Space | 44.40 Gb Free Space | 29.79% Space Free | Partition Type: NTFS

    Computer Name: THREEPOINTHITCH | User Name: LABeaty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/08/01 19:56:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LABeaty\Desktop\OTL.exe
    PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/06/21 23:35:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/07/25 18:56:03 | 004,106,160 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\NatSpeak.exe
    PRC - [2011/07/22 05:16:34 | 000,178,096 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\dnsspserver.exe
    PRC - [2011/02/16 16:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
    PRC - [2011/02/16 11:03:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Hook\OpHook32BitProcess.exe
    PRC - [2011/02/02 00:57:48 | 000,085,104 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe
    PRC - [2011/01/14 13:02:28 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/01/14 13:02:24 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/17 12:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/10/15 19:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2010/09/29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2010/07/23 11:50:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/06/20 10:53:32 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
    PRC - [2010/06/20 10:53:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2010/05/25 16:13:34 | 000,131,072 | ---- | M] (Siemens AG) -- C:\Program Files (x86)\Siemens\CardOS API\bin\siecacst.exe
    PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/18 21:38:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/18 20:45:07 | 017,521,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ec13119a48358c5553436ef86f1db7f4\System.ServiceModel.ni.dll
    MOD - [2012/05/18 20:41:05 | 000,627,712 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4b73633d1806add0a613abb13a8714a6\System.Transactions.ni.dll
    MOD - [2012/05/18 20:40:26 | 001,708,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\3b3e0909350348da3724d363128535d9\System.ServiceModel.Web.ni.dll
    MOD - [2012/05/18 20:39:51 | 005,459,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll
    MOD - [2012/05/18 20:39:45 | 002,351,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2477135d269adeb8e5086ba2100ba568\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/18 20:33:11 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll
    MOD - [2012/05/18 20:32:31 | 000,259,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\fa560963eb6a1bb714aa114cec4e1fe9\SMDiagnostics.ni.dll
    MOD - [2012/05/18 20:08:00 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/18 18:32:04 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\siecaces.dll
    MOD - [2012/05/18 18:32:04 | 000,184,320 | ---- | M] () -- C:\Windows\SysWOW64\gmp4_2_1.dll
    MOD - [2012/05/08 22:22:39 | 000,029,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
    MOD - [2012/01/18 00:34:28 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    MOD - [2011/02/16 11:03:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Hook\OpHook32BitProcess.exe
    MOD - [2011/02/16 10:08:02 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\Hook\scuredll.dll
    MOD - [2011/02/03 22:56:58 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll
    MOD - [2010/11/04 20:52:45 | 000,507,904 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    MOD - [2010/11/04 08:53:30 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
    MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/02/23 16:11:58 | 005,640,048 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
    SRV:64bit: - [2011/02/23 16:11:58 | 000,449,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_TouchService.exe -- (TouchServiceISD)
    SRV:64bit: - [2011/02/16 11:13:10 | 000,042,496 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
    SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/10/15 19:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
    SRV:64bit: - [2010/06/02 18:05:42 | 002,734,400 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
    SRV:64bit: - [2010/02/10 03:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009/09/30 18:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/07/27 00:11:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/07 14:46:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/13 23:09:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/02/16 16:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (Sierra Wireless QDL Service)
    SRV - [2011/01/14 13:02:28 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/01/14 13:02:24 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/12/26 21:48:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/20 18:31:25 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2012/07/20 18:31:25 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2012/05/18 19:15:08 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/12/10 13:33:31 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/09/06 11:10:28 | 000,177,920 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
    DRV:64bit: - [2011/06/21 00:33:57 | 000,015,208 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/20 13:49:14 | 012,271,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/16 19:43:34 | 000,074,088 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/07 09:48:50 | 000,034,432 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kflt03.sys -- (swg3kflt03)
    DRV:64bit: - [2011/01/07 09:48:42 | 000,254,848 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kser03.sys -- (swg3kser03)
    DRV:64bit: - [2011/01/04 14:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/01/03 00:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011/01/02 22:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2010/12/26 21:48:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/12/24 11:21:54 | 000,254,848 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3knmea03.sys -- (swg3knmea03)
    DRV:64bit: - [2010/12/21 04:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/12/02 18:49:24 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2010/12/02 18:49:22 | 000,016,368 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVTHid.sys -- (wacomvthid)
    DRV:64bit: - [2010/12/02 18:49:20 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2010/12/01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/10/09 07:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2010/10/04 01:26:14 | 000,131,112 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2010/09/21 01:20:30 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2010/09/14 16:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/09/14 16:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/08/20 18:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/07/21 18:57:26 | 000,072,640 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/06/20 10:53:54 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/02 21:27:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV:64bit: - [2010/03/02 01:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/09/09 17:19:38 | 000,085,280 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\oz776x64.sys -- (guardian2)
    DRV:64bit: - [2009/08/27 19:11:02 | 000,023,040 | ---- | M] (Fujitsu America, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FjBtnDrv.sys -- (Fjbtndrv)
    DRV:64bit: - [2009/07/21 00:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/24 00:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 05:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
    DRV:64bit: - [2006/11/01 05:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1226845524-514418154-198263103-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1226845524-514418154-198263103-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1226845524-514418154-198263103-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1226845524-514418154-198263103-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_en
    IE - HKU\S-1-5-21-1226845524-514418154-198263103-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 23:35:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/07 14:46:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/08/18 23:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LABeaty\AppData\Roaming\Mozilla\Extensions
    [2012/05/03 22:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LABeaty\AppData\Roaming\Mozilla\Firefox\Profiles\0d8ctrvv.default\extensions
    [2012/04/08 10:50:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LABeaty\AppData\Roaming\Mozilla\Firefox\Profiles\0d8ctrvv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/02/25 00:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/18 09:07:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/07 14:46:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/07 14:46:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/07 14:46:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  15. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    OTL.txt, second half:

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\LABeaty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Users\LABeaty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\LABeaty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\LABeaty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

    O1 HOSTS File: ([2012/08/01 18:53:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-1226845524-514418154-198263103-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
    O4:64bit: - HKLM..\Run: [FJAutoR] C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe (FUJITSU LIMITED)
    O4:64bit: - HKLM..\Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe (FUJITSU LIMITED)
    O4:64bit: - HKLM..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe (Fujitsu America, Inc..)
    O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe (Softex Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SIECACST] C:\Program Files (x86)\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)
    O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [StartFujitsuPointingDeviceUtility] C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1226845524-514418154-198263103-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\NatSpeak.exe (Nuance Communications, Inc.)
    O4 - Startup: C:\Users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1226845524-514418154-198263103-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1226845524-514418154-198263103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1226845524-514418154-198263103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28649393-8054-4B26-8298-C86F77C1CE3F}: DhcpNameServer = 192.168.3.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5596202E-5989-4F8D-9512-960F54E6D8ED}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/01 20:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/01 20:06:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/08/01 20:04:24 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\LABeaty\Desktop\OTL.exe
    [2012/08/01 18:55:38 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/08/01 18:53:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/01 18:48:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/08/01 18:48:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/08/01 18:48:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/08/01 18:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/01 18:44:45 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/08/01 18:43:06 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\LABeaty\Desktop\ComboFix.exe
    [2012/08/01 18:38:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/31 22:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/31 22:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/31 22:29:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/31 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\RealNetworks
    [2012/07/26 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/26 18:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/26 08:41:38 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
    [2012/07/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
    [2012/07/21 19:40:44 | 000,000,000 | R--D | C] -- C:\Users\LABeaty\Virtual Machines
    [2012/07/21 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    [2012/07/20 18:32:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\zh-TW
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\zh-CN
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\tr-TR
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\th-TH
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\sv-SE
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\ru-RU
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\ro-RO
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\pt-PT
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\pt-BR
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\pl-PL
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\nl-NL
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\nb-NO
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\ko-KR
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\ja-JP
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\it-IT
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\hu-HU
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\he-IL
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\fr-FR
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\fi-FI
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\es-ES
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\el-GR
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\de-DE
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\da-DK
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\cs-CZ
    [2012/07/20 18:32:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\ar-SA
    [2012/07/20 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
    [2012/07/17 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\Logitech
    [2012/07/17 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
    [2012/07/17 21:09:06 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\InstallShield
    [2012/07/17 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\Desktop\One-minute
    [2012/07/15 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\Open Watcom
    [2012/07/08 22:30:23 | 000,000,000 | ---D | C] -- C:\Users\LABeaty\AppData\Roaming\MetaQuotes
    [2011/07/01 20:06:36 | 001,718,704 | ---- | C] (YSL Holdings LLC.) -- C:\ProgramData\Uninst.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/08/01 20:12:46 | 000,017,616 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 20:12:46 | 000,017,616 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 20:11:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/08/01 20:09:01 | 000,800,220 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/08/01 20:09:01 | 000,676,104 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/08/01 20:09:01 | 000,128,088 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/08/01 19:56:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LABeaty\Desktop\OTL.exe
    [2012/08/01 19:42:17 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/01 18:53:51 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/08/01 18:53:49 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/01 18:53:43 | 000,000,390 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/08/01 18:53:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/08/01 18:53:31 | 3132,395,520 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/01 18:31:08 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\LABeaty\Desktop\ComboFix.exe
    [2012/07/31 22:31:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/07/31 22:31:49 | 000,816,624 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/07/29 22:46:51 | 000,002,044 | -H-- | M] () -- C:\Users\LABeaty\Documents\Default.rdp
    [2012/07/27 09:47:00 | 011,235,356 | ---- | M] () -- C:\Users\LABeaty\Desktop\Pulse_20120701_Jul_2012.PDF
    [2012/07/26 20:06:58 | 000,001,292 | ---- | M] () -- C:\Users\LABeaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/07/21 23:57:00 | 000,000,391 | ---- | M] () -- C:\Users\LABeaty\Desktop\IEEE - IEEEXtreme 24-Hour Programming Competition.website
    [2012/07/21 22:17:57 | 000,000,528 | ---- | M] () -- C:\Users\LABeaty\Desktop\Wix.com janesea created by janesea2012 based on nu-biz-trader.website
    [2012/07/20 18:23:31 | 000,427,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/07/20 18:17:40 | 000,000,343 | ---- | M] () -- C:\Users\LABeaty\Desktop\janeseatw5000 System Myfxbook.website
    [2012/07/20 18:09:30 | 000,000,417 | ---- | M] () -- C:\Users\LABeaty\Desktop\BigML - Machine Learning Made Easy.website
    [2012/07/15 22:21:04 | 000,024,705 | ---- | M] () -- C:\Users\LABeaty\_viminfo
    [2012/07/11 01:49:12 | 000,000,600 | ---- | M] () -- C:\Users\LABeaty\AppData\Local\PUTTY.RND
    [2012/07/08 10:46:26 | 004,770,128 | ---- | M] () -- C:\Users\LABeaty\Desktop\ArchivingForDummies_9781118287651_custom.pdf
    [2012/07/04 09:50:05 | 000,000,069 | ---- | M] () -- C:\Users\LABeaty\Desktop\Microsoft Lync - Wikipedia, the free encyclopedia.URL
    [2012/07/04 09:48:55 | 000,000,506 | ---- | M] () -- C:\Users\LABeaty\Desktop\BE CONNECTED To Effective Networking -- Networking training and networking opportunity.website
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/08/01 18:48:06 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/08/01 18:48:06 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/08/01 18:48:06 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/08/01 18:48:06 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/08/01 18:48:06 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/07/31 22:31:50 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/27 09:46:46 | 011,235,356 | ---- | C] () -- C:\Users\LABeaty\Desktop\Pulse_20120701_Jul_2012.PDF
    [2012/07/21 23:57:00 | 000,000,391 | ---- | C] () -- C:\Users\LABeaty\Desktop\IEEE - IEEEXtreme 24-Hour Programming Competition.website
    [2012/07/20 18:17:40 | 000,000,343 | ---- | C] () -- C:\Users\LABeaty\Desktop\janeseatw5000 System Myfxbook.website
    [2012/07/20 18:17:34 | 000,000,528 | ---- | C] () -- C:\Users\LABeaty\Desktop\Wix.com janesea created by janesea2012 based on nu-biz-trader.website
    [2012/07/14 18:03:09 | 000,000,417 | ---- | C] () -- C:\Users\LABeaty\Desktop\BigML - Machine Learning Made Easy.website
    [2012/07/08 10:46:25 | 004,770,128 | ---- | C] () -- C:\Users\LABeaty\Desktop\ArchivingForDummies_9781118287651_custom.pdf
    [2012/07/04 09:50:05 | 000,000,069 | ---- | C] () -- C:\Users\LABeaty\Desktop\Microsoft Lync - Wikipedia, the free encyclopedia.URL
    [2012/07/04 09:48:55 | 000,000,506 | ---- | C] () -- C:\Users\LABeaty\Desktop\BE CONNECTED To Effective Networking -- Networking training and networking opportunity.website
    [2012/06/18 21:12:32 | 000,000,600 | ---- | C] () -- C:\Users\LABeaty\AppData\Local\PUTTY.RND
    [2012/05/18 18:32:05 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\siecacsp.dll
    [2012/05/18 18:32:04 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\siecaces.dll
    [2012/05/18 18:32:04 | 000,184,320 | ---- | C] () -- C:\windows\SysWow64\gmp4_2_1.dll
    [2012/01/22 17:46:53 | 000,000,095 | ---- | C] () -- C:\Users\LABeaty\.octaverc
    [2012/01/22 17:46:53 | 000,000,044 | ---- | C] () -- C:\Users\LABeaty\.octaverc~
    [2012/01/14 20:58:56 | 000,000,009 | ---- | C] () -- C:\Users\LABeaty\y
    [2012/01/14 20:58:40 | 000,000,005 | ---- | C] () -- C:\Users\LABeaty\q6127
    [2012/01/14 20:32:52 | 000,000,000 | ---- | C] () -- C:\Users\LABeaty\printabc
    [2012/01/14 19:16:45 | 000,000,005 | ---- | C] () -- C:\Users\LABeaty\HP Deskjet 6127 network
    [2012/01/14 19:10:56 | 000,000,004 | ---- | C] () -- C:\Users\LABeaty\x
    [2011/12/31 13:44:28 | 000,011,144 | -HS- | C] () -- C:\Users\LABeaty\AppData\Local\cha38ad06mt2xqmemajs338481l7edr288w55coayh1
    [2011/12/31 13:44:28 | 000,011,144 | -HS- | C] () -- C:\ProgramData\cha38ad06mt2xqmemajs338481l7edr288w55coayh1
    [2011/12/16 22:35:41 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dvdtest10024.dat
    [2011/10/16 21:59:03 | 000,013,582 | ---- | C] () -- C:\Users\LABeaty\.octave_hist
    [2011/10/06 22:18:57 | 000,000,089 | ---- | C] () -- C:\windows\terminal.INI
    [2011/10/06 22:08:02 | 000,000,121 | ---- | C] () -- C:\windows\TomsRegistration.INI
    [2011/10/02 19:46:42 | 000,635,392 | ---- | C] () -- C:\windows\SysWow64\authorize.dll
    [2011/10/02 00:04:08 | 000,000,952 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
    [2011/08/23 21:40:34 | 000,576,018 | ---- | C] () -- C:\windows\Brain Fitness Program Uninstaller.exe
    [2011/07/17 17:35:22 | 000,001,795 | ---- | C] () -- C:\Users\LABeaty\AppData\Roaming\SAS7_000.DAT
    [2011/07/10 22:54:35 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2011/07/10 20:29:29 | 000,024,705 | ---- | C] () -- C:\Users\LABeaty\_viminfo
    [2011/07/01 23:12:16 | 000,000,283 | ---- | C] () -- C:\windows\winros.ini
    [2011/07/01 18:55:02 | 000,816,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/06/25 23:42:44 | 000,004,474 | ---- | C] () -- C:\Users\LABeaty\AppData\Roaming\FjMenu1.XML
    [2011/06/21 21:41:32 | 000,007,598 | ---- | C] () -- C:\Users\LABeaty\AppData\Local\Resmon.ResmonCfg
    [2011/06/21 00:34:33 | 000,000,390 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/06/21 00:34:28 | 000,000,206 | ---- | C] () -- C:\windows\hbcikrnl.ini
    [2011/06/21 00:26:07 | 000,245,760 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
    [2011/06/21 00:26:07 | 000,024,576 | ---- | C] () -- C:\windows\snuvcdsm.exe
    [2011/06/21 00:26:07 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2011/03/05 02:38:27 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/03/05 02:38:25 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/03/05 02:38:24 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/03/05 02:37:53 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

    ========== LOP Check ==========

    [2011/07/10 08:50:02 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/16 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\DVD-Cloner
    [2011/09/11 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\GetRightToGo
    [2012/02/01 22:49:05 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\iolo
    [2011/07/10 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\kompozer.net
    [2012/07/08 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\MetaQuotes
    [2012/01/22 17:24:41 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Notepad++
    [2011/06/26 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Nuance
    [2012/07/15 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Open Watcom
    [2012/05/30 08:34:50 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\PeerNetworking
    [2011/07/07 23:11:41 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Qualcomm
    [2012/06/16 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Sierra Wireless
    [2012/01/18 00:17:14 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\SoftGrid Client
    [2012/03/24 12:59:23 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\TeamViewer
    [2011/07/04 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\TP
    [2011/11/21 21:51:38 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\webex
    [2011/08/20 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Windows Live Writer
    [2011/10/09 10:12:22 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\Wireshark
    [2011/10/06 23:45:04 | 000,000,000 | ---D | M] -- C:\Users\LABeaty\AppData\Roaming\XMind
    [2009/07/14 00:08:49 | 000,025,668 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:0FF263E8
    < End of report >
     
  16. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    OK, I was unable to post OTL.txt in it's entirety, though I tried many times. I was able to post it in halves, though, so perhaps it was a size issue (the file is about 128Kb).

    I am gone for the day now, will continue tomorrow. Thanks again for all your help.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I still need Extras.txt log.
     
  18. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Sorry about it :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-1226845524-514418154-198263103-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/01 18:38:29 | 000,000,000 | ---D | C] -- C:\FRST
      [2011/12/31 13:44:28 | 000,011,144 | -HS- | C] () -- C:\Users\LABeaty\AppData\Local\cha38ad06mt2xqmemajs338481l7edr288w55coayh1
      [2011/12/31 13:44:28 | 000,011,144 | -HS- | C] () -- C:\ProgramData\cha38ad06mt2xqmemajs338481l7edr288w55coayh1
      @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:0FF263E8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1226845524-514418154-198263103-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\U folder moved successfully.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\L folder moved successfully.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\{8dce6d9d-999f-362e-2d92-f3e85d27dccb} folder moved successfully.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\U folder moved successfully.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb}\L folder moved successfully.
    C:\FRST\Quarantine\{8dce6d9d-999f-362e-2d92-f3e85d27dccb} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Users\LABeaty\AppData\Local\cha38ad06mt2xqmemajs338481l7edr288w55coayh1 moved successfully.
    C:\ProgramData\cha38ad06mt2xqmemajs338481l7edr288w55coayh1 moved successfully.
    ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 589809 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LABeaty
    ->Temp folder emptied: 129044 bytes
    ->Temporary Internet Files folder emptied: 14303232 bytes
    ->Java cache emptied: 838203 bytes
    ->FireFox cache emptied: 67813736 bytes
    ->Google Chrome cache emptied: 152771066 bytes
    ->Flash cache emptied: 123692 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 589809 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 212003 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56727772 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 280.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: LABeaty
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: LABeaty
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08022012_084201
    Files\Folders moved on Reboot...
    C:\Users\LABeaty\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\LABeaty\AppData\Local\Temp\~DF312AC82AABADB944.TMP moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\LABeaty\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\LABeaty\AppData\Local\Temp\~DF312AC82AABADB944.TMP not found!
    Registry entries deleted on Reboot...
     
  21. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 29% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
     
  22. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    Farbar Service Scanner Version: 26-07-2012
    Ran by LABeaty (administrator) on 02-08-2012 at 08:59:51
    Running from "C:\Users\LABeaty\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  23. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    TFC rebooted the computer, but produced no logs.
     
  24. LABeaty

    LABeaty TS Rookie Topic Starter Posts: 22

    C:\Users\LABeaty\Desktop\Desktop\{forex_while_you_work}_downloader_411.exe a variant of Win32/ExpressFiles application cleaned by deleting - quarantined
    C:\Users\LABeaty\Documents\Mailbox\IncomingAttachments\Account.zip HTML/Phishing.Gen trojan deleted - quarantined
    C:\Users\LABeaty\Documents\Mailbox\IncomingAttachments\Account1.zip HTML/Phishing.Gen trojan deleted - quarantined
    C:\Users\LABeaty\Documents\Mailbox\IncomingAttachments\JPMorgan Chase.htm HTML/Phishing.Gen trojan cleaned by deleting - quarantined
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...