TechSpot

Possible Sirefef infection, can't boot safe mode reboot after 60 seconds

By kgamble
Aug 13, 2012
  1. Hi, I believe I have been infected with sirefef, and would appreciate any help somebody could give to resolve my issue. I have read the 5-step guide but I am unable to boot at all. When I boot in normal mode, the system does boot very slowly but by the time it has completed to the desktop (about 60 seconds), I get a message saying that a logoff is pending and then the system restarts.

    When I boot in safe mode with or without networking, I get to the CLASSPNP.SYS and then I get a few randomly colored pixel lines at the top of the screen and nothing more.

    I'm running Win7 Pro x64, was using MSE for "virus protection". I was able to boot from another drive I have in the system that is running Windows 8 Release Preview but I'm not sure on the best steps to proceed with attempt to recover the Win7 boot drive.

    Thanks in advance for any help you can provide!
     
  2. kgamble

    kgamble TS Rookie Topic Starter

    I didn't see this before but I have now successfully run the FRST64.exe tool and the resulting logs are posted below:

    First run:
    -------------

    Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 13-08-2012 00:43:36
    Running from K:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [613536 2010-10-27] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2010-10-27] (Atheros Commnucations)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873288 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2011-10-29] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-09-19] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
    HKLM-x32\...\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-10-19] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [Nuance PDF Converter Professional 7-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [30568 2011-08-13] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46952 2011-08-13] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini" [376 2012-08-12] ()
    HKLM-x32\...\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-08-22] (VMware, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
    HKLM-x32\...\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [932160 2011-11-16] (Microsoft Corporation)
    HKU\admin\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\admin\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKU\admin\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-12-05] (Siber Systems)
    HKU\admin\...\Run: [Google Update] "C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-18] (Google Inc.)
    HKU\admin\...\Run: [PowerMate] C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe [385024 2007-12-07] (Griffin Technology)
    HKU\admin\...\Run: [PlantSmart] "C:\Program Files (x86)\PlantSmart\PlantSmart.exe" [1765392 2011-03-21] (PlantSense, INC)
    HKU\admin\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-09] (Valve Corporation)
    HKU\admin\...\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug DEBUG --name Quark --address :24800 [982528 2011-06-17] ()
    HKU\Janet\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Janet\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-12-05] (Siber Systems)
    HKU\Kelly\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKU\Kelly\...\Run: [Google Update] "C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-18] (Google Inc.)
    HKU\Kelly\...\Run: [PowerMate] C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe [385024 2007-12-07] (Griffin Technology)
    HKU\Kelly\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-09] (Valve Corporation)
    HKU\Kelly\...\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug DEBUG --name Quark --address :24800 [982528 2011-06-17] ()
    HKU\Kelly\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-12-05] (Siber Systems)
    HKU\Kelly\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Kelly\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
    HKU\Kelly\...\Run: [Starfield Updater] "C:\Program Files (x86)\Workspace\WorkspaceUpdate.exe" [34496 2012-07-03] ()
    HKU\Kelly\...\Run: [wben] "C:\Program Files (x86)\Workspace\wben.exe" [368368 2011-12-21] (Starfield Technologies, LLC)
    HKU\Kelly\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\Mcx1-QUARK\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKU\Mcx1-QUARK\...\Run: [Google Update] "C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-18] (Google Inc.)
    HKU\Mcx1-QUARK\...\Run: [PowerMate] C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe [385024 2007-12-07] (Griffin Technology)
    HKU\Mcx1-QUARK\...\Run: [PlantSmart] "C:\Program Files (x86)\PlantSmart\PlantSmart.exe" [1765392 2011-03-21] (PlantSense, INC)
    HKU\Mcx1-QUARK\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-12-05] (Siber Systems)
    HKU\Mcx1-QUARK\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-09] (Valve Corporation)
    HKU\Mcx1-QUARK\...\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug DEBUG --name Quark --address :24800 [982528 2011-06-17] ()
    HKU\Mcx1-QUARK\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\Mcx1-QUARK\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-18] (Google Inc.)
    HKU\UpdatusUser\...\Run: [PowerMate] C:\Program Files (x86)\Griffin Technology\PowerMate\PowerMate.exe [385024 2007-12-07] (Griffin Technology)
    HKU\UpdatusUser\...\Run: [PlantSmart] "C:\Program Files (x86)\PlantSmart\PlantSmart.exe" [1765392 2011-03-21] (PlantSense, INC)
    HKU\UpdatusUser\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-12-05] (Siber Systems)
    HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-09] (Valve Corporation)
    HKU\UpdatusUser\...\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug DEBUG --name Quark --address :24800 [982528 2011-06-17] ()
    HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    Tcpip\..\Interfaces\{A108720A-AAA7-4E8D-91D6-E08ED382489F}: [NameServer]8.8.4.4
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
    ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Spyder3Utility.lnk
    ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
    Startup: C:\Users\Kelly\Start Menu\Programs\Startup\Asset UPnP uMediaLibrary.lnk
    ShortcutTarget: Asset UPnP uMediaLibrary.lnk -> C:\Program Files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe (Illustrate)
    Startup: C:\Users\Kelly\Start Menu\Programs\Startup\Asset UPnP.lnk
    ShortcutTarget: Asset UPnP.lnk -> C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe (Illustrate)
    Startup: C:\Users\Kelly\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Kelly\Start Menu\Programs\Startup\TwonkyManager.lnk
    ShortcutTarget: TwonkyManager.lnk -> C:\Program Files (x86)\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo )

    ==================== Services (Whitelisted) ======

    4 AcronisAgent; "C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe" [1906576 2010-10-22] (Acronis)
    4 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2010-11-23] (Acronis)
    4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-04-23] (Acronis)
    3 AssetUPnP; C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [77824 2011-06-16] ()
    2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations)
    3 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
    3 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
    4 DMS; "C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe" [4632864 2010-10-22] (Acronis)
    2 Dyn Updater; C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
    2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1174824 2012-07-18] (Starfield Technologies)
    3 fussvc; "C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe" [139776 2012-05-18] (Microsoft Corporation)
    2 hmqplaay; "C:\Users\Kelly\AppData\Local\Temp\DAT5E3B.tmp.exe" --SERVICE [57856 2012-08-11] (Zonet Technologies, Inc.)
    2 HTCMonitorService; "C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe" [87368 2012-06-08] (Nero AG)
    3 Media Center 17 Service; C:\Program Files (x86)\J River\Media Center 17\JRService.exe [394920 2012-07-18] (JRiver, Inc.)
    3 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 msoidsvc; "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" [2079520 2012-05-17] (Microsoft Corp.)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [191064 2012-02-11] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [57960296 2011-02-28] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2010-12-07] (Nalpeiron Ltd.)
    2 osubsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe" [493384 2011-11-16] (Microsoft Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] ()
    2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
    3 Qsonix Central Service; "C:\Projects\Qsonix\QsonixWorkspace.root\QsonixCentral.WindowsService\bin\Debug\qsonixcentral.windowsservice.exe" [8704 2011-09-29] (Microsoft)
    3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [597080 2012-02-11] (Microsoft Corporation)
    3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [430440 2011-02-28] (Microsoft Corporation)
    2 Te.Service; "C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe" [127488 2012-05-18] (Microsoft Corporation)
    3 Test Authentication Service; "C:\projects\test\AuthenticationService.root\AuthenticationService\bin\Debug\AuthenticationService.exe" [6656 2011-08-30] (Microsoft)
    3 TwonkyMedia; C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -serviceversion 0 [509704 2011-09-21] (PacketVideo)
    3 TwonkyWebDav; C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe -start [245760 2011-09-21] ()
    3 Viewpoint Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)
    2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6269 2012-03-08] ()
    2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4280 2012-03-08] ()
    2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6882 2012-03-08] ()
    2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2011-09-23] ()
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1066896 2011-03-09] ()
    2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [491920 2011-03-09] ()
    2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2012-06-13] ()
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
    3 Qsonix Audio Playback Service; "C:\Qsonix\Qsonix.Audio.Player.WindowsService.exe" [x]
    3 Qsonix Diagnostics Service; "C:\Qsonix\Qsonix.Diagnostics.WindowsService.exe" [x]
    3 Qsonix Logging Service; "C:\Qsonix\Qsonix.Logging.WindowsService.exe" [x]
    3 Qsonix Update Service; "C:\Qsonix\Qsonix.Update.WindowsService.exe" [x]

    ========================== Drivers (Whitelisted) =============

    3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2011-04-23] (Acronis)
    0 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [38248 2010-10-27] (Atheros)
    3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [55336 2010-10-27] (Windows (R) Win 7 DDK provider)
    3 bmdrvr; C:\Windows\SysWow64\Drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [301680 2010-10-27] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [31080 2010-10-27] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [203624 2010-10-27] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [58992 2010-10-27] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [156520 2010-10-27] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-27] (Atheros)
    2 BULKUSB; C:\Windows\System32\Drivers\BREADUSB64.sys [30288 2011-06-17] (Windows (R) Codename Longhorn DDK provider)
    3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-18] (DT Soft Ltd)
    3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73000 2012-04-29] (Windows (R) Win 7 DDK provider)
    4 RsFx0200; C:\Windows\System32\Drivers\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
    3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [278112 2011-12-05] (Acronis)
    3 Spyder3; C:\Windows\System32\Drivers\Spyder3.sys [15360 2010-03-30] ()
    0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2011-04-23] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2011-04-23] (Acronis)
    1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-04] (Windows (R) 2000 DDK provider)
    1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
    1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
    3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [71960 2012-04-01] (Microsoft Corporation)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-12 22:47 - 2012-08-12 22:48 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\budaydgz.sys
    2012-08-12 22:47 - 2012-08-12 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB430B8E38272D1C
    2012-08-11 10:50 - 2012-08-11 10:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F02CD4A4A3F8A3
    2012-08-11 10:50 - 2012-08-11 10:50 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hwqkueee.sys
    2012-08-11 10:40 - 2012-08-11 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD069D63157E141
    2012-08-11 10:31 - 2012-08-11 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C58270A7DD10266D
    2012-08-11 10:25 - 2012-08-11 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A698C307BA7E8BEF
    2012-08-11 10:17 - 2012-08-11 10:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10423E639EC94F6A
    2012-08-11 10:11 - 2012-08-11 10:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-11 10:11 - 2012-08-11 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-11 09:31 - 2012-08-11 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EFED7D41A29C5C8
    2012-08-11 09:14 - 2012-08-11 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A244CD8FECB1FC0A
    2012-08-11 09:13 - 2012-08-11 09:13 - 00000000 ____A C:\trbyebye
    2012-08-11 03:06 - 2012-08-11 03:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-11 03:02 - 2012-08-11 07:02 - 00140827 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-08-10 08:57 - 2012-08-10 08:57 - 04977211 ____A C:\Users\admin\Downloads\selected_reports_20120810-175751.nzb
    2012-08-10 08:57 - 2012-08-10 08:57 - 01108002 ____A C:\Users\admin\Downloads\selected_reports_20120810-175716.nzb
    2012-08-10 08:56 - 2012-08-10 08:56 - 00882832 ____A C:\Users\admin\Downloads\selected_reports_20120810-175639.nzb
    2012-08-07 16:03 - 2012-08-07 16:03 - 00173544 ____A C:\Users\Kelly\Downloads\foundation.custom.zip
    2012-08-07 15:33 - 2012-08-07 15:33 - 00163242 ____A C:\Users\Kelly\Downloads\foundation-3.0.7.zip
    2012-08-06 08:20 - 2012-08-06 08:20 - 00000218 ____A C:\Users\Kelly\.recently-used.xbel
    2012-08-03 18:24 - 2012-08-03 18:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2012-08-01 15:45 - 2012-08-01 15:45 - 00000000 ___SD C:\Users\Kelly\SharePoint Sites
    2012-07-31 22:51 - 2012-07-31 22:51 - 00003775 ____A C:\Users\Kelly\Documents\3-Month Free Trial-8-1-2012-credentials.publishsettings
    2012-07-31 22:47 - 2012-07-31 22:47 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net (2).PublishSettings
    2012-07-31 22:38 - 2012-07-31 22:38 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net (1).PublishSettings
    2012-07-31 22:35 - 2012-07-31 22:35 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net.PublishSettings
    2012-07-31 21:56 - 2012-07-31 21:56 - 00000000 ____D C:\Users\Kelly\AppData\Local\dftmp
    2012-07-31 11:27 - 2012-07-31 11:27 - 01975768 ____A C:\Users\Kelly\Downloads\r.exe
    2012-07-31 11:27 - 2012-07-31 11:27 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\TeamViewer
    2012-07-31 10:32 - 2012-07-31 10:32 - 01034795 ____A C:\Users\Kelly\Downloads\WIKIPAD_logo.ai
    2012-07-31 10:32 - 2012-07-31 10:32 - 01034795 ____A C:\Users\Kelly\Downloads\WIKIPAD_logo (1).ai
    2012-07-31 07:21 - 2012-07-31 07:23 - 00000000 ____D C:\Users\Kelly\Documents\Outlook Files
    2012-07-30 23:41 - 2012-07-30 23:41 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\WatchGuard
    2012-07-30 23:41 - 2012-07-30 23:41 - 00000000 ____D C:\Program Files (x86)\WatchGuard
    2012-07-30 23:41 - 2012-06-13 00:42 - 00031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
    2012-07-30 10:25 - 2012-07-30 10:25 - 00000000 ____D C:\Windows\Sun
    2012-07-27 17:04 - 2012-07-27 17:08 - 00000000 ____D C:\Users\Kelly\Documents\8020
    2012-07-26 20:43 - 2012-07-26 20:43 - 00104672 ____A (Microsoft Corporation) C:\Users\Kelly\Downloads\VWDOrVs11AzurePack_RC.3f.3f.3fnew.exe
    2012-07-26 16:21 - 2012-07-26 16:21 - 00000000 ____D C:\Program Files (x86)\Windows Azure Tools
    2012-07-26 16:20 - 2012-08-02 22:52 - 03211264 ____A C:\Users\Kelly\DevelopmentStorageDb201206.mdf
    2012-07-26 16:20 - 2012-08-02 22:52 - 00851968 ____A C:\Users\Kelly\DevelopmentStorageDb201206_log.ldf
    2012-07-26 16:20 - 2012-07-31 21:56 - 00000000 ____D C:\Users\Kelly\AppData\Local\DevelopmentStorage
    2012-07-26 16:18 - 2012-07-26 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tooling Extensions
    2012-07-26 15:07 - 2012-07-26 15:07 - 00233628 ____A C:\Users\Kelly\Downloads\Orchard.Theme.Webmoco.Responsive.No1-1.0.3.nupkg
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000020 __ASH C:\Users\orchard\ntuser.ini
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000000 ____D C:\users\orchard
    2012-07-26 14:55 - 2012-01-20 14:05 - 00000000 ____D C:\Users\orchard\AppData\Roaming\Adobe
    2012-07-26 14:55 - 2012-01-20 14:04 - 00000000 ____D C:\Users\orchard\AppData\Roaming\onOne Software
    2012-07-26 14:55 - 2011-11-25 07:32 - 00000000 ____D C:\Users\orchard\AppData\Local\Microsoft Help
    2012-07-26 14:55 - 2011-11-25 07:29 - 00000000 ____D C:\Users\orchard\Documents\Visual Studio 2010
    2012-07-26 14:55 - 2011-04-15 17:46 - 00000000 ____D C:\Users\orchard\AppData\Roaming\Macromedia
    2012-07-26 08:49 - 2012-07-26 09:11 - 00002074 ____A C:\Users\Kelly\Desktop\Start Download Manager.lnk
    2012-07-26 08:49 - 2012-07-26 09:11 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Download Manager
    2012-07-25 13:08 - 2012-07-25 13:08 - 00017100 ____A C:\Users\Kelly\Desktop\de2501[1].txt
    2012-07-24 17:56 - 2012-07-24 17:56 - 00040965 ____A C:\Users\Kelly\Downloads\Bebas-fontfacekit.zip
    2012-07-22 00:08 - 2012-07-22 00:08 - 00000000 ____D C:\Windows\SysWOW64\VirtualMIDISynth
    2012-07-22 00:08 - 2012-07-22 00:08 - 00000000 ____D C:\Windows\System32\VirtualMIDISynth
    2012-07-21 20:55 - 2012-07-21 20:55 - 00000000 ____D C:\Users\Kelly\AppData\Local\Cakewalk
    2012-07-21 20:54 - 2012-07-21 20:54 - 00001088 ____A C:\Users\Public\Desktop\Guitar Rig 3.lnk
    2012-07-21 20:54 - 2012-07-21 20:54 - 00000000 __HDC C:\Users\All Users\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
    2012-07-21 20:54 - 2012-07-21 20:54 - 00000000 __HDC C:\Users\All Users\{902029B2-957E-4066-85FA-30DA31731718}
    2012-07-21 20:54 - 2012-07-21 20:54 - 00000000 ____D C:\Program Files (x86)\Native Instruments
    2012-07-21 20:53 - 2012-07-21 20:53 - 00001935 ____A C:\Users\Public\Desktop\SONAR 8.5 Producer (x64).lnk
    2012-07-21 20:48 - 2012-07-21 20:48 - 00000000 ____D C:\Users\Kelly\TruePianos Settings
    2012-07-21 20:47 - 2012-07-21 20:54 - 00000000 ____D C:\Users\Kelly\Documents\Cakewalk
    2012-07-21 20:47 - 2012-07-21 20:54 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Cakewalk
    2012-07-21 20:47 - 2012-07-21 20:47 - 00000000 ____D C:\Users\Kelly\Documents\Native Instruments
    2012-07-21 20:46 - 2012-07-21 20:46 - 00001985 ____A C:\Users\Public\Desktop\SONAR 8 Producer Edition(x64).lnk
    2012-07-21 20:44 - 2012-07-22 00:33 - 00000000 ____D C:\Cakewalk Projects
    2012-07-21 20:44 - 2012-07-21 20:52 - 00000000 ____D C:\Users\All Users\Cakewalk
    2012-07-21 20:44 - 2012-07-21 20:50 - 00000000 ____D C:\Program Files\Cakewalk
    2012-07-21 20:42 - 2012-07-21 20:42 - 00000000 ____D C:\Users\All Users\Ableton
    2012-07-21 20:41 - 2012-07-21 20:41 - 00000000 ____D C:\Users\Kelly\Documents\Ableton
    2012-07-21 20:41 - 2012-07-21 20:41 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Ableton
    2012-07-21 20:41 - 2011-12-02 10:01 - 00368640 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
    2012-07-21 20:41 - 2011-12-02 10:01 - 00233472 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
    2012-07-21 20:40 - 2012-07-21 20:40 - 00000000 ____D C:\Program Files (x86)\Ableton
    2012-07-19 07:07 - 2012-07-19 07:07 - 08673097 ____A C:\Users\Kelly\Downloads\New_Duke_PC_Driver_0705.zip
    2012-07-19 06:41 - 2012-07-19 06:41 - 00000000 ____D C:\Program Files (x86)\Android
    2012-07-18 22:33 - 2012-07-18 22:33 - 00002427 ____A C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
    2012-07-18 22:33 - 2012-07-18 22:33 - 00000000 ____D C:\Users\All Users\launcher
    2012-07-18 22:33 - 2012-07-18 22:33 - 00000000 ____D C:\Users\All Users\explauncher
    2012-07-18 22:33 - 2012-07-18 22:33 - 00000000 ____D C:\Users\All Users\backup
    2012-07-18 22:33 - 2012-07-18 22:33 - 00000000 ____D C:\Program Files (x86)\Paragon Software
    2012-07-18 22:30 - 2012-07-18 22:32 - 108023296 ____A C:\Users\Kelly\Downloads\br_free.msi
    2012-07-18 19:51 - 2012-07-18 19:51 - 00155073 ____A C:\Users\Kelly\Downloads\The Closer S07E16 INTERNAL 720p HDTV x264 IMMERSE.nzb
    2012-07-18 14:41 - 2012-07-18 14:41 - 00009725 ____A C:\Users\Kelly\Downloads\mod_cassrina_hover_image_menu_v2.6.zip
    2012-07-18 14:24 - 2012-07-18 14:24 - 00004341 ____A C:\Users\Kelly\Downloads\mod_tcdropdownmenu.zip
    2012-07-18 11:41 - 2012-07-18 11:41 - 00001964 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-07-18 11:40 - 2012-07-18 11:40 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-18 11:40 - 2012-07-18 11:40 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2012-07-18 11:12 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-18 11:11 - 2012-07-18 11:12 - 00262288 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-18 11:07 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-18 11:07 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-18 11:07 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-18 11:07 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-18 11:07 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-18 11:07 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-18 11:07 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-18 11:07 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-18 11:07 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-18 11:07 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-18 11:07 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-18 11:07 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-18 11:07 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-18 11:07 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-18 11:07 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-18 11:07 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-18 11:07 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-18 11:07 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-18 11:07 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-18 11:07 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-18 11:07 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-18 11:07 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-18 11:07 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-18 11:07 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-18 11:07 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-18 11:07 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-18 11:07 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-18 11:07 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-17 10:43 - 2012-07-17 10:43 - 00091941 ____A C:\Users\Kelly\Downloads\P8Z77-V-LX-QVL.zip
    2012-07-16 21:55 - 2012-08-06 08:16 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\gtk-2.0
    2012-07-16 21:55 - 2012-07-16 21:55 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\PlayStation Mobile Studio-2.8
    2012-07-16 21:55 - 2012-07-16 21:55 - 00000000 ____D C:\Users\Kelly\AppData\Local\PlayStation Mobile Studio-2.8
    2012-07-16 21:54 - 2012-07-16 21:54 - 00002327 ____A C:\Users\Public\Desktop\PsmStudio.lnk
    2012-07-16 21:54 - 2012-07-16 21:54 - 00002211 ____A C:\Users\Public\Desktop\UIComposer.lnk
    2012-07-16 21:54 - 2012-07-16 21:54 - 00001075 ____A C:\Users\Public\Desktop\PSM Sample and Documents.lnk
    2012-07-16 21:53 - 2012-07-16 22:04 - 00000000 ____D C:\Users\Public\Documents\PSM
    2012-07-16 21:49 - 2012-07-16 21:49 - 00000000 ____D C:\Program Files (x86)\SCE
    2012-07-16 21:43 - 2012-07-16 21:48 - 297931561 ____A C:\Users\Kelly\Downloads\PSM_SDK_099.exe
    2012-07-16 21:32 - 2012-08-11 10:13 - 00000460 ____A C:\Users\Kelly\Documents\wben.log
    2012-07-16 21:30 - 2012-07-16 21:30 - 18844935 ____A C:\Users\Kelly\Downloads\PSMobile_TestSuite_099_20120713.zip
    2012-07-14 15:43 - 2012-07-14 15:43 - 02761162 ____A C:\Users\Kelly\Downloads\dap1350_QIG_poster_110.zip
    ---- LOG SPLIT FOR SIZE, CONTINUES IN NEXT POST ----
     
  3. kgamble

    kgamble TS Rookie Topic Starter

    ---- LOG CONTINUES FROM PREVIOUS POST ----



    ============ 3 Months Modified Files ========================

    2012-08-12 22:48 - 2012-08-12 22:47 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\budaydgz.sys
    2012-08-12 22:48 - 2012-07-03 14:21 - 00020053 ____A C:\Users\Kelly\Documents\WorkspaceUpdate.log
    2012-08-12 22:48 - 2012-07-03 14:20 - 00189040 ____A C:\Users\Kelly\Documents\workspaceinstall.log
    2012-08-12 22:48 - 2011-10-27 22:24 - 00000000 ____A C:\clients.data
    2012-08-12 22:47 - 2012-08-12 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB430B8E38272D1C
    2012-08-12 22:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-12 22:45 - 2009-07-13 20:51 - 00040517 ____A C:\Windows\setupact.log
    2012-08-11 10:50 - 2012-08-11 10:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F02CD4A4A3F8A3
    2012-08-11 10:50 - 2012-08-11 10:50 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hwqkueee.sys
    2012-08-11 10:40 - 2012-08-11 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD069D63157E141
    2012-08-11 10:31 - 2012-08-11 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C58270A7DD10266D
    2012-08-11 10:25 - 2012-08-11 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A698C307BA7E8BEF
    2012-08-11 10:17 - 2012-08-11 10:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10423E639EC94F6A
    2012-08-11 10:14 - 2011-04-15 06:26 - 01478044 ____A C:\Windows\WindowsUpdate.log
    2012-08-11 10:13 - 2012-07-16 21:32 - 00000460 ____A C:\Users\Kelly\Documents\wben.log
    2012-08-11 10:12 - 2011-04-15 18:39 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-11 10:11 - 2011-04-15 18:11 - 01128262 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-11 10:10 - 2009-07-13 20:45 - 00013984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-11 10:10 - 2009-07-13 20:45 - 00013984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-11 10:03 - 2011-04-16 10:07 - 00000462 _RASH C:\Users\All Users\ntuser.pol
    2012-08-11 09:52 - 2011-04-18 12:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000UA.job
    2012-08-11 09:31 - 2012-08-11 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EFED7D41A29C5C8
    2012-08-11 09:30 - 2011-04-15 15:56 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2012-08-11 09:15 - 2009-07-13 21:13 - 01129254 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-11 09:14 - 2012-08-11 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A244CD8FECB1FC0A
    2012-08-11 09:13 - 2012-08-11 09:13 - 00000000 ____A C:\trbyebye
    2012-08-11 07:02 - 2012-08-11 03:02 - 00140827 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-08-11 05:52 - 2011-04-18 12:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000Core.job
    2012-08-11 05:18 - 2012-05-09 17:31 - 00000446 ____A C:\Windows\Tasks\SyncBack Backup.job
    2012-08-11 01:52 - 2011-04-15 16:01 - 00002128 ___AH C:\Users\Kelly\Documents\Default.rdp
    2012-08-10 08:57 - 2012-08-10 08:57 - 04977211 ____A C:\Users\admin\Downloads\selected_reports_20120810-175751.nzb
    2012-08-10 08:57 - 2012-08-10 08:57 - 01108002 ____A C:\Users\admin\Downloads\selected_reports_20120810-175716.nzb
    2012-08-10 08:56 - 2012-08-10 08:56 - 00882832 ____A C:\Users\admin\Downloads\selected_reports_20120810-175639.nzb
    2012-08-10 08:19 - 2011-04-16 08:53 - 00246384 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-09 21:37 - 2009-07-13 20:45 - 05586536 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-09 12:44 - 2011-04-15 16:01 - 00249216 ____A C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-07 16:03 - 2012-08-07 16:03 - 00173544 ____A C:\Users\Kelly\Downloads\foundation.custom.zip
    2012-08-07 15:33 - 2012-08-07 15:33 - 00163242 ____A C:\Users\Kelly\Downloads\foundation-3.0.7.zip
    2012-08-07 13:58 - 2011-04-23 10:08 - 00003641 ____A C:\Users\Kelly\Sti_Trace.log
    2012-08-06 08:20 - 2012-08-06 08:20 - 00000218 ____A C:\Users\Kelly\.recently-used.xbel
    2012-08-03 18:24 - 2012-08-03 18:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2012-08-03 18:21 - 2011-01-20 18:48 - 01002728 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller2.dll
    2012-08-02 23:01 - 2012-05-07 20:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-02 23:01 - 2011-05-23 18:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-02 23:00 - 2011-09-13 15:52 - 00243328 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-08-02 22:59 - 2011-04-16 08:19 - 01063004 ____A C:\Windows\PFRO.log
    2012-08-02 22:52 - 2012-07-26 16:20 - 03211264 ____A C:\Users\Kelly\DevelopmentStorageDb201206.mdf
    2012-08-02 22:52 - 2012-07-26 16:20 - 00851968 ____A C:\Users\Kelly\DevelopmentStorageDb201206_log.ldf
    2012-07-31 22:51 - 2012-07-31 22:51 - 00003775 ____A C:\Users\Kelly\Documents\3-Month Free Trial-8-1-2012-credentials.publishsettings
    2012-07-31 22:47 - 2012-07-31 22:47 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net (2).PublishSettings
    2012-07-31 22:38 - 2012-07-31 22:38 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net (1).PublishSettings
    2012-07-31 22:35 - 2012-07-31 22:35 - 00002041 ____A C:\Users\Kelly\Downloads\wikipad.azurewebsites.net.PublishSettings
    2012-07-31 20:37 - 2011-09-28 20:36 - 00001456 ____A C:\Users\Kelly\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-31 11:27 - 2012-07-31 11:27 - 01975768 ____A C:\Users\Kelly\Downloads\r.exe
    2012-07-31 10:32 - 2012-07-31 10:32 - 01034795 ____A C:\Users\Kelly\Downloads\WIKIPAD_logo.ai
    2012-07-31 10:32 - 2012-07-31 10:32 - 01034795 ____A C:\Users\Kelly\Downloads\WIKIPAD_logo (1).ai
    2012-07-26 20:43 - 2012-07-26 20:43 - 00104672 ____A (Microsoft Corporation) C:\Users\Kelly\Downloads\VWDOrVs11AzurePack_RC.3f.3f.3fnew.exe
    2012-07-26 20:15 - 2012-07-03 14:20 - 00000213 ____A C:\Users\Kelly\Documents\offSyncService.log
    2012-07-26 15:07 - 2012-07-26 15:07 - 00233628 ____A C:\Users\Kelly\Downloads\Orchard.Theme.Webmoco.Responsive.No1-1.0.3.nupkg
    2012-07-26 14:55 - 2012-07-26 14:55 - 00000020 __ASH C:\Users\orchard\ntuser.ini
    2012-07-26 09:11 - 2012-07-26 08:49 - 00002074 ____A C:\Users\Kelly\Desktop\Start Download Manager.lnk
    2012-07-25 13:08 - 2012-07-25 13:08 - 00017100 ____A C:\Users\Kelly\Desktop\de2501[1].txt
    2012-07-24 17:56 - 2012-07-24 17:56 - 00040965 ____A C:\Users\Kelly\Downloads\Bebas-fontfacekit.zip
    2012-07-21 20:54 - 2012-07-21 20:54 - 00001088 ____A C:\Users\Public\Desktop\Guitar Rig 3.lnk
    2012-07-21 20:53 - 2012-07-21 20:53 - 00001935 ____A C:\Users\Public\Desktop\SONAR 8.5 Producer (x64).lnk
    2012-07-21 20:46 - 2012-07-21 20:46 - 00001985 ____A C:\Users\Public\Desktop\SONAR 8 Producer Edition(x64).lnk
    2012-07-20 17:11 - 2012-05-07 19:50 - 00001540 ____A C:\Windows\cdplayer.ini
    2012-07-19 07:07 - 2012-07-19 07:07 - 08673097 ____A C:\Users\Kelly\Downloads\New_Duke_PC_Driver_0705.zip
    2012-07-18 22:33 - 2012-07-18 22:33 - 00002427 ____A C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
    2012-07-18 22:32 - 2012-07-18 22:30 - 108023296 ____A C:\Users\Kelly\Downloads\br_free.msi
    2012-07-18 19:51 - 2012-07-18 19:51 - 00155073 ____A C:\Users\Kelly\Downloads\The Closer S07E16 INTERNAL 720p HDTV x264 IMMERSE.nzb
    2012-07-18 14:41 - 2012-07-18 14:41 - 00009725 ____A C:\Users\Kelly\Downloads\mod_cassrina_hover_image_menu_v2.6.zip
    2012-07-18 14:24 - 2012-07-18 14:24 - 00004341 ____A C:\Users\Kelly\Downloads\mod_tcdropdownmenu.zip
    2012-07-18 12:01 - 2012-05-04 23:23 - 00381608 ____N (JRiver, Inc.) C:\Windows\SysWOW64\MC17.exe
    2012-07-18 12:01 - 2012-05-04 23:23 - 00381608 ____N (JRiver, Inc.) C:\Windows\System32\MC17.exe
    2012-07-18 11:41 - 2012-07-18 11:41 - 00001964 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-07-18 11:40 - 2012-07-18 11:40 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-18 11:12 - 2012-07-18 11:11 - 00262288 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-18 11:08 - 2011-04-15 16:16 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-17 10:43 - 2012-07-17 10:43 - 00091941 ____A C:\Users\Kelly\Downloads\P8Z77-V-LX-QVL.zip
    2012-07-16 21:54 - 2012-07-16 21:54 - 00002327 ____A C:\Users\Public\Desktop\PsmStudio.lnk
    2012-07-16 21:54 - 2012-07-16 21:54 - 00002211 ____A C:\Users\Public\Desktop\UIComposer.lnk
    2012-07-16 21:54 - 2012-07-16 21:54 - 00001075 ____A C:\Users\Public\Desktop\PSM Sample and Documents.lnk
    2012-07-16 21:54 - 2012-07-04 17:16 - 00020660 ____A C:\Windows\DPINST.LOG
    2012-07-16 21:48 - 2012-07-16 21:43 - 297931561 ____A C:\Users\Kelly\Downloads\PSM_SDK_099.exe
    2012-07-16 21:30 - 2012-07-16 21:30 - 18844935 ____A C:\Users\Kelly\Downloads\PSMobile_TestSuite_099_20120713.zip
    2012-07-14 15:43 - 2012-07-14 15:43 - 02761162 ____A C:\Users\Kelly\Downloads\dap1350_QIG_poster_110.zip
    2012-07-09 19:25 - 2012-07-09 19:25 - 02401657 ____A C:\Users\Kelly\Downloads\Rush Time Machine Live In Cleveland 2011 BluRay 1080p DTS HD dxva LoNeWolf.nzb
    2012-07-07 00:00 - 2012-07-07 00:00 - 00018228 ____A C:\Users\Kelly\Downloads\Gavin Harrison And 05Ric Circles 2010 r35 (1).nzb
    2012-07-06 23:57 - 2012-07-06 23:57 - 00018228 ____A C:\Users\Kelly\Downloads\Gavin Harrison And 05Ric Circles 2010 r35.nzb
    2012-07-06 23:55 - 2012-07-06 23:55 - 00033134 ____A C:\Users\Kelly\Downloads\Storm Corrosion Storm Corrosion Special Edition CD FLAC 2012 BriBerY.nzb
    2012-07-06 23:50 - 2012-07-06 23:50 - 00015718 ____A C:\Users\Kelly\Downloads\NZB-5817.zip
    2012-07-06 23:25 - 2012-07-06 23:25 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-06 23:25 - 2012-07-06 23:25 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-07-06 23:25 - 2012-07-06 23:25 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-07-06 23:25 - 2012-07-06 23:25 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-07-06 17:10 - 2012-07-06 17:10 - 00000022 ____A C:\Users\Kelly\Downloads\reheythere___ (3).zip
    2012-07-06 17:10 - 2012-07-06 17:09 - 00000022 ____A C:\Users\Kelly\Downloads\reheythere___ (2).zip
    2012-07-06 17:08 - 2012-07-06 17:08 - 00086743 ____A C:\Users\Kelly\Downloads\reheythere___ (1).zip
    2012-07-06 17:08 - 2012-07-06 17:07 - 01235375 ____A C:\Users\Kelly\Downloads\reheythere___.zip
    2012-07-04 17:25 - 2012-01-20 14:07 - 00010010 ____A C:\Users\Kelly\Documents\FocalPointConduit.log
    2012-07-04 17:17 - 2012-07-04 17:17 - 00002147 ____A C:\Users\Public\Desktop\HTC Sync Manager.lnk
    2012-07-04 17:15 - 2012-07-04 17:14 - 145443824 ____A (HTC ) C:\Users\Kelly\Downloads\setup_1.0.39.1.exe
    2012-07-03 14:24 - 2012-06-27 16:36 - 00011705 ____A C:\Users\Kelly\Documents\WikiPadTimesheet_20120627.xlsx
    2012-07-03 14:21 - 2012-07-03 14:21 - 00001070 ____A C:\Users\Kelly\Desktop\desktoptools.lnk
    2012-07-03 14:20 - 2012-07-03 14:20 - 01465568 ____A C:\Users\Kelly\Downloads\workspaceinstall.exe
    2012-07-03 09:02 - 2012-06-08 17:34 - 00012184 ____A C:\Users\Kelly\Documents\QsonixTimesheet_201206.xlsx
    2012-06-29 22:38 - 2012-06-29 22:25 - 00001203 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-06-28 17:39 - 2012-06-28 17:39 - 00000165 ___AH C:\Users\Kelly\Documents\~$QsonixTimesheet_201206.xlsx
    2012-06-27 17:04 - 2012-06-27 17:04 - 00000165 ___AH C:\Users\Kelly\Documents\~$WikiPadTimesheet_20120627.xlsx
    2012-06-26 11:52 - 2012-06-08 18:50 - 00011913 ____A C:\Users\Kelly\Documents\WikiPadTimesheet_20120622.xlsx
    2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-23 17:06 - 2012-04-30 19:15 - 00003517 ____A C:\Users\Kelly\Documents\LrCatalog.log
    2012-06-22 21:29 - 2012-06-22 07:41 - 00924349 ____A C:\Users\Kelly\Documents\AuntieJanetsTunaFudge_Label.ai
    2012-06-22 18:41 - 2012-06-22 18:34 - 01174760 ____A C:\Users\Kelly\Documents\AuntieJanetsTunaFudge_Signs.ai
    2012-06-22 07:38 - 2012-06-22 07:38 - 00364336 ____A C:\Users\Kelly\Downloads\romance_fatal_serif (1).zip
    2012-06-22 07:37 - 2012-06-22 07:37 - 00364336 ____A C:\Users\Kelly\Downloads\romance_fatal_serif.zip
    2012-06-22 07:35 - 2012-06-22 07:35 - 00026298 ____A C:\Users\Kelly\Downloads\chopin_script.zip
    2012-06-22 07:32 - 2012-06-22 07:32 - 00331386 ____A C:\Users\Kelly\Downloads\calligraphic_frames_soft.zip
    2012-06-22 07:30 - 2012-06-22 07:30 - 00036423 ____A C:\Users\Kelly\Downloads\jellyka_delicious_cake.zip
    2012-06-22 07:19 - 2012-06-22 07:19 - 00010037 ____A C:\Users\Kelly\Downloads\en.U-0087-01.30UpMailingLabel.0909-01ai.zip
    2012-06-22 07:19 - 2012-06-22 07:19 - 00010037 ____A C:\Users\Kelly\Downloads\en.U-0087-01.30UpMailingLabel.0909-01ai (1).zip
    2012-06-19 16:30 - 2012-06-19 16:30 - 00000165 ___AH C:\Users\Kelly\Documents\~$WikiPadTimesheet_20120622.xlsx
    2012-06-19 11:34 - 2012-06-19 11:34 - 00013218 ____A C:\Users\Kelly\Downloads\en.U-0168-01.8UpBusinessCard.0909-01.zip
    2012-06-19 07:37 - 2012-06-19 07:37 - 00008459 ____A C:\Users\Kelly\Downloads\en.U-0113-02.10UpTexturedBusinessCard.0909-01ai.zip
    2012-06-18 17:59 - 2011-05-10 11:12 - 00000000 ____A C:\tapestry_debug.txt
    2012-06-18 16:40 - 2012-06-18 16:40 - 00001175 ____A C:\Users\Kelly\Desktop\DIRECTV nomad.lnk
    2012-06-13 00:42 - 2012-07-30 23:41 - 00031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
    2012-06-11 19:08 - 2012-07-18 11:12 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 15:53 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 15:53 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-08 18:50 - 2012-05-28 09:36 - 00012453 ____A C:\Users\Kelly\Documents\WikiPadTimesheet_20120528.xlsx
    2012-06-05 22:06 - 2012-07-10 15:53 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 15:53 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 15:53 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 15:53 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 15:53 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 15:53 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-04 22:44 - 2012-06-04 22:44 - 01962088 ____A C:\Users\Kelly\Downloads\GooglePlus-Icons-RED-n-Other-Colors.zip
    2012-06-04 11:56 - 2012-06-04 11:56 - 00633296 ____A (Paragon) C:\Windows\System32\Drivers\Uim_IMx64.sys
    2012-06-04 11:56 - 2012-06-04 11:56 - 00472144 ____A (Paragon) C:\Windows\System32\Drivers\UimFIO.sys
    2012-06-04 11:56 - 2012-06-04 11:56 - 00389968 ____A (Paragon) C:\Windows\System32\Drivers\uim_vimx64.sys
    2012-06-04 11:56 - 2012-06-04 11:56 - 00251728 ____A (Paragon Software Group) C:\Windows\SysWOW64\prgiso.dll
    2012-06-04 11:56 - 2012-06-04 11:56 - 00090960 ____A (Windows (R) 2000 DDK provider) C:\Windows\System32\Drivers\uimx64.sys
    2012-06-02 14:19 - 2012-06-18 14:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 14:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 14:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 14:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 14:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 14:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 14:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 14:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-18 14:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 11:48 - 2012-06-02 11:48 - 00033491 ____A C:\Users\Kelly\Downloads\webfontkit-20120602-154824.zip
    2012-06-02 11:42 - 2012-06-02 11:42 - 00033495 ____A C:\Users\Kelly\Downloads\webfontkit-20120602-154219.zip
    2012-06-02 04:49 - 2012-07-18 11:07 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-18 11:07 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-18 11:07 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-18 11:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-18 11:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-18 11:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-18 11:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-18 11:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-18 11:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-18 11:07 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-18 11:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-18 11:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-18 11:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-18 11:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-18 11:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-18 11:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-18 11:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-18 11:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-18 11:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-18 11:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-18 11:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-18 11:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-18 11:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-18 11:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-18 11:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-18 11:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-18 11:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-18 11:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 15:52 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 15:52 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 15:52 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 15:52 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 15:52 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 15:52 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 15:52 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 15:52 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 15:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 22:12 - 2012-05-01 17:22 - 00012704 ____A C:\Users\Kelly\Documents\QsonixTimesheet_201205.xlsx
    2012-05-31 18:21 - 2012-05-31 18:21 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll
    2012-05-31 18:21 - 2012-05-31 18:21 - 00422504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll
    2012-05-31 18:21 - 2012-05-31 18:21 - 00250984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys
    2012-05-28 09:39 - 2012-05-28 09:39 - 04518720 ____A (FileZilla Project) C:\Users\Kelly\Downloads\FileZilla_3.5.3_win32-setup.exe
    2012-05-21 20:17 - 2012-05-21 20:17 - 08355192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110ud.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 08284024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 04495728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 04445560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110u.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 01995168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsHelper.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 01691520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00864120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00806784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcamp110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00797560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00689040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00656272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vsjitdebugger.exe
    2012-05-21 20:17 - 2012-05-21 20:17 - 00500600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00319872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcamp110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00240008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00219008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VSPerf110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00174976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VSCover110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00156024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00145792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcomp110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00116608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcomp110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00113016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110d.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00112512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110ud.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00084344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00084344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00074112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110deu.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00074104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110fra.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00073088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110esn.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00072064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110ita.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00070016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110rus.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110enu.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00053120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110jpn.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00052608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110kor.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00045440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110cht.dll
    2012-05-21 20:17 - 2012-05-21 20:17 - 00045440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc110chs.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 11080576 ____A (Microsoft Corporation) C:\Windows\System32\mfc110ud.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 11006840 ____A (Microsoft Corporation) C:\Windows\System32\mfc110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 05705080 ____A (Microsoft Corporation) C:\Windows\System32\mfc110u.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 05677424 ____A (Microsoft Corporation) C:\Windows\System32\mfc110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 01957248 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 01072512 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 01032064 ____A (Microsoft Corporation) C:\Windows\System32\vcamp110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00933256 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00852856 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00685968 ____A (Microsoft Corporation) C:\Windows\System32\vsjitdebugger.exe
    2012-05-21 17:14 - 2012-05-21 17:14 - 00612728 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00380792 ____A (Microsoft Corporation) C:\Windows\System32\vcamp110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00322440 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00251776 ____A (Microsoft Corporation) C:\Windows\System32\VSPerf110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\VSCover110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00179568 ____A (Microsoft Corporation) C:\Windows\System32\atl110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00153984 ____A (Microsoft Corporation) C:\Windows\System32\vcomp110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00125312 ____A (Microsoft Corporation) C:\Windows\System32\vcomp110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00123256 ____A (Microsoft Corporation) C:\Windows\System32\mfcm110d.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00122240 ____A (Microsoft Corporation) C:\Windows\System32\mfcm110ud.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00092032 ____A (Microsoft Corporation) C:\Windows\System32\mfcm110u.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00092024 ____A (Microsoft Corporation) C:\Windows\System32\mfcm110.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\mfc110fra.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\mfc110deu.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00073088 ____A (Microsoft Corporation) C:\Windows\System32\mfc110esn.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00072064 ____A (Microsoft Corporation) C:\Windows\System32\mfc110ita.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00070016 ____A (Microsoft Corporation) C:\Windows\System32\mfc110rus.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00064384 ____A (Microsoft Corporation) C:\Windows\System32\mfc110enu.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\mfc110jpn.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00052608 ____A (Microsoft Corporation) C:\Windows\System32\mfc110kor.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00045440 ____A (Microsoft Corporation) C:\Windows\System32\mfc110cht.dll
    2012-05-21 17:14 - 2012-05-21 17:14 - 00045440 ____A (Microsoft Corporation) C:\Windows\System32\mfc110chs.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00367360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprintpthelper.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00351248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfbasics.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00306552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprint.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00242736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfluapriv.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00173504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appverif.exe
    2012-05-18 20:47 - 2012-05-18 20:47 - 00164168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vrfcore.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00098752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfrdvcompat.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00087312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcompat.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00081560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnet.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00061352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnws.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00052016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcuzz.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00040120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfntlmless.dll
    2012-05-18 20:47 - 2012-05-18 20:47 - 00021432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cuzzapi.dll
    2012-05-18 20:42 - 2012-05-18 20:42 - 00059304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DRefDebug.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00712616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_1sdklayers.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00608680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11ref.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00590248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11sdklayers.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00461224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10sdklayers.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00383912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dref9.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00365480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10ref.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00276904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug1.dll
    2012-05-18 20:41 - 2012-05-18 20:41 - 00270248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxcpl.exe
    2012-05-18 20:41 - 2012-05-18 20:41 - 00101800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgidebug.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00711280 ____A (Microsoft Corporation) C:\Windows\System32\vfprintpthelper.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00433344 ____A (Microsoft Corporation) C:\Windows\System32\vfprint.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00404760 ____A (Microsoft Corporation) C:\Windows\System32\vfbasics.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00281616 ____A (Microsoft Corporation) C:\Windows\System32\vfluapriv.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00216776 ____A (Microsoft Corporation) C:\Windows\System32\appverif.exe
    2012-05-18 20:24 - 2012-05-18 20:24 - 00183528 ____A (Microsoft Corporation) C:\Windows\System32\vrfcore.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00109688 ____A (Microsoft Corporation) C:\Windows\System32\vfrdvcompat.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\vfnet.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00090440 ____A (Microsoft Corporation) C:\Windows\System32\vfcompat.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00083216 ____A (Microsoft Corporation) C:\Windows\System32\vfnws.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00048944 ____A (Microsoft Corporation) C:\Windows\System32\vfcuzz.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00045296 ____A (Microsoft Corporation) C:\Windows\System32\vfntlmless.dll
    2012-05-18 20:24 - 2012-05-18 20:24 - 00023032 ____A (Microsoft Corporation) C:\Windows\System32\cuzzapi.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00886184 ____A (Microsoft Corporation) C:\Windows\System32\d3d11_1sdklayers.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00748456 ____A (Microsoft Corporation) C:\Windows\System32\d3d11ref.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00713128 ____A (Microsoft Corporation) C:\Windows\System32\d3d11sdklayers.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00597416 ____A (Microsoft Corporation) C:\Windows\System32\d3d10sdklayers.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00461224 ____A (Microsoft Corporation) C:\Windows\System32\d3d10ref.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00446376 ____A (Microsoft Corporation) C:\Windows\System32\d3dref9.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00340904 ____A (Microsoft Corporation) C:\Windows\System32\d2d1debug1.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00287144 ____A (Microsoft Corporation) C:\Windows\System32\dxcpl.exe
    2012-05-18 20:18 - 2012-05-18 20:18 - 00126376 ____A (Microsoft Corporation) C:\Windows\System32\dxgidebug.dll
    2012-05-18 20:18 - 2012-05-18 20:18 - 00078760 ____A (Microsoft Corporation) C:\Windows\System32\VSD3DRefDebug.dll
    2012-05-18 20:17 - 2012-05-18 20:17 - 00029096 ____A (Microsoft Corporation) C:\Windows\System32\microsoft.windows.softwarelogo.showdesktop.exe
    2012-05-18 19:05 - 2011-04-16 10:34 - 00088617 ____A C:\Windows\SysWOW64\assist.err
    2012-05-18 07:36 - 2012-05-18 07:36 - 00000974 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
    2012-05-17 16:02 - 2012-05-17 16:02 - 00247584 ____A (Microsoft Corp.) C:\Windows\System32\MSOIDSSP.DLL
    2012-05-17 15:07 - 2012-05-17 15:07 - 00217376 ____A (Microsoft Corp.) C:\Windows\SysWOW64\MSOIDSSP.DLL
    2012-05-16 20:30 - 2012-05-16 20:30 - 00000165 ___AH C:\Users\Kelly\Documents\~$QsonixTimesheet_201205.xlsx

    ZeroAccess:
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\@
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\L
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\n
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\U

    ZeroAccess:
    C:\Users\Kelly\AppData\Local\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}
    C:\Users\Kelly\AppData\Local\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\@
    C:\Users\Kelly\AppData\Local\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\L
    C:\Users\Kelly\AppData\Local\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 16360.89 MB
    Available physical RAM: 15057.53 MB
    Total Pagefile: 16359.04 MB
    Available Pagefile: 15061.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows 7 Boot) (Fixed) (Total:321.44 GB) (Free:5.62 GB) NTFS
    2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (DATA_3TB_2) (Fixed) (Total:2794.39 GB) (Free:6.44 GB) NTFS
    4 Drive f: (Windows 8 Boot) (Fixed) (Total:238.47 GB) (Free:180.91 GB) NTFS
    5 Drive g: (DATA_2TB) (Fixed) (Total:1863.01 GB) (Free:841.29 GB) NTFS
    6 Drive I: (Windows 8 Developer Boot) (Fixed) (Total:97.66 GB) (Free:68.82 GB) NTFS
    8 Drive k: (NIKON D7000) (Removable) (Total:14.9 GB) (Free:14.71 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (DATA_3TB) (Fixed) (Total:2794.39 GB) (Free:9.68 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 746 GB 0 B *
    Disk 1 Online 419 GB 0 B
    Disk 2 Online 746 GB 0 B *
    Disk 3 Online 238 GB 0 B
    Disk 4 Online 1863 GB 0 B
    Disk 5 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Reserved 128 MB 17 KB
    Partition 2 Primary 2794 GB 129 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0000000000000000

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 2
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y DATA_3TB NTFS Partition 2794 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 321 GB 101 MB
    Partition 3 Primary 97 GB 321 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C Windows 7 B NTFS Partition 321 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 I Windows 8 D NTFS Partition 97 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Reserved 128 MB 17 KB
    Partition 2 Primary 2794 GB 129 MB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Hidden : Yes
    Required: No
    Attrib : 0000000000000000

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 2
    Partition 2
    Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Hidden : No
    Required: No
    Attrib : 0000000000000000

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E DATA_3TB_2 NTFS Partition 2794 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 238 GB 1024 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F Windows 8 B NTFS Partition 238 GB Healthy

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 G DATA_2TB NTFS Partition 1863 GB Healthy

    ==================================================================================

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4096 KB

    ==================================================================================

    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K NIKON D7000 FAT32 Removable 14 GB Healthy

    ==================================================================================

    Last Boot: 2012-08-07 00:32

    ======================= End Of Log ==========================
     
  4. kgamble

    kgamble TS Rookie Topic Starter

    Here's the log from the services.exe search run of FRST:


    Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 2012-08-13 00:48:25
    Running from K:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  6. kgamble

    kgamble TS Rookie Topic Starter

    I complete the steps above and was able to boot normally. During startup it did prompt to run disk scan on each local drive, which I skipped by pressing a key.

    Here is the contents of the Fixlog.txt:
    ------------------
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
    Ran by SYSTEM at 2012-08-13 09:39:25 Run:1
    Running from K:\
    ==============================================
    C:\Windows\Installer\{ba14eb67-a942-9c02-70bf-a75cd1cfb655} moved successfully.
    C:\Users\Kelly\AppData\Local\{ba14eb67-a942-9c02-70bf-a75cd1cfb655} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good. Back to Normal Mode...

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  8. kgamble

    kgamble TS Rookie Topic Starter

    Thanks for the continued assistance. Here is the log produced by the Quick scan above:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.14.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kelly :: QUARK [administrator]
    8/14/2012 1:23:16 AM
    mbam-log-2012-08-14 (01-23-16).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 404602
    Time elapsed: 9 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\hmqplaay (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 5
    C:\Users\Kelly\AppData\Local\Temp\DAT5E3B.tmp.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
    C:\Temp\FreeYouTubeDownloaderInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
    C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Users\Kelly\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
    (end)
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    You're welcome!

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  10. kgamble

    kgamble TS Rookie Topic Starter

    Thanks again...here's the log from combofix:

    ComboFix 12-08-15.01 - Kelly 08/15/2012 12:00:16.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.9987 [GMT -7:00]
    Running from: I:\setup\System Utilities\Virus Removal and Protection\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwONkyieplugin.dll
    c:\programdata\Amazon.ico
    c:\programdata\MercadoLivre.ico
    c:\programdata\QuickStores.ico
    c:\programdata\xml97A2.tmp
    c:\programdata\xml9B6B.tmp
    c:\programdata\xml9D20.tmp
    c:\users\admin\AppData\Local\assembly\tmp
    c:\users\Kelly\AppData\Local\assembly\tmp
    c:\users\Kelly\AppData\Local\assembly\tmp\088YCCT1\Ninject.dll
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\0.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\1.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\10.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\11.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\2.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\3.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\4.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\5.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\6.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\7.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\8.mdd
    c:\users\Kelly\AppData\Local\Temp\wrd1dc001c.~lk\9.mdd
    c:\users\Kelly\AppData\Local\TempDIR
    c:\windows\SysWow64\d2d1debug1.dll
    P:\Autorun.inf
    P:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 19:18 . 2012-08-15 19:18 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{988F9609-4DA4-4419-A0E9-A534B2F4E04F}\offreg.dll
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\Mcx1-QUARK\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\Janet\AppData\Local\temp
    2012-08-15 19:14 . 2012-08-15 19:14 -------- d-----w- c:\users\admin\AppData\Local\temp
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\users\Kelly\AppData\Roaming\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 08:22 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-13 08:43 . 2012-08-13 08:43 -------- d-----w- C:\FRST
    2012-08-13 06:47 . 2012-08-13 06:47 328704 ----a-w- c:\windows\system32\services.exe.FB430B8E38272D1C
    2012-08-11 18:50 . 2012-08-11 18:50 50392 ----a-w- c:\windows\system32\drivers\hwqkueee.sys
    2012-08-11 18:50 . 2012-08-11 18:50 328704 ----a-w- c:\windows\system32\services.exe.49F02CD4A4A3F8A3
    2012-08-11 18:40 . 2012-08-11 18:40 328704 ----a-w- c:\windows\system32\services.exe.ACD069D63157E141
    2012-08-11 18:31 . 2012-08-11 18:31 328704 ----a-w- c:\windows\system32\services.exe.C58270A7DD10266D
    2012-08-11 18:25 . 2012-08-11 18:25 328704 ----a-w- c:\windows\system32\services.exe.A698C307BA7E8BEF
    2012-08-11 18:17 . 2012-08-11 18:17 328704 ----a-w- c:\windows\system32\services.exe.10423E639EC94F6A
    2012-08-11 18:13 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEED19B4-8DBB-48DC-93F4-DF9414CDF31B}\gapaengine.dll
    2012-08-11 18:12 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{988F9609-4DA4-4419-A0E9-A534B2F4E04F}\mpengine.dll
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-11 17:31 . 2012-08-11 17:31 328704 ----a-w- c:\windows\system32\services.exe.1EFED7D41A29C5C8
    2012-08-11 17:14 . 2012-08-11 17:14 328704 ----a-w- c:\windows\system32\services.exe.A244CD8FECB1FC0A
    2012-08-11 11:06 . 2012-08-11 11:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-11 09:51 . 2012-08-11 09:51 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-08-11 09:51 . 2012-08-11 09:51 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-08-01 23:45 . 2012-08-01 23:45 -------- d-s---w- c:\users\Kelly\SharePoint Sites
    2012-08-01 05:56 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\dftmp
    2012-07-31 19:27 . 2012-07-31 19:27 -------- d-----w- c:\users\Kelly\AppData\Roaming\TeamViewer
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\WatchGuard
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\program files (x86)\WatchGuard
    2012-07-31 07:41 . 2012-06-13 08:42 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2012-07-30 18:25 . 2012-07-30 18:25 -------- d-----w- c:\windows\Sun
    2012-07-27 00:21 . 2012-07-27 00:21 -------- d-----w- c:\program files (x86)\Windows Azure Tools
    2012-07-27 00:20 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\DevelopmentStorage
    2012-07-27 00:18 . 2012-07-27 00:19 -------- d-----w- c:\program files (x86)\Microsoft Web Tooling Extensions
    2012-07-26 22:55 . 2012-07-26 22:55 -------- d-----w- c:\users\orchard
    2012-07-26 16:49 . 2012-07-26 17:11 -------- d-----w- c:\users\Kelly\AppData\Roaming\Download Manager
    2012-07-26 16:47 . 2012-07-26 16:47 -------- d-----w- c:\program files\Microsoft
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\SysWow64\VirtualMIDISynth
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\system32\VirtualMIDISynth
    2012-07-22 04:55 . 2012-07-22 04:55 -------- d-----w- c:\users\Kelly\AppData\Local\Cakewalk
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Native Instruments
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
    2012-07-22 04:48 . 2012-07-22 04:48 -------- d-----w- c:\users\Kelly\TruePianos Settings
    2012-07-22 04:47 . 2012-07-22 04:54 -------- d-----w- c:\users\Kelly\AppData\Roaming\Cakewalk
    2012-07-22 04:44 . 2012-07-22 08:33 -------- d-----w- C:\Cakewalk Projects
    2012-07-22 04:44 . 2012-07-22 04:52 -------- d-----w- c:\programdata\Cakewalk
    2012-07-22 04:44 . 2012-07-22 04:50 -------- d-----w- c:\program files\Cakewalk
    2012-07-22 04:42 . 2012-07-22 04:42 -------- d-----w- c:\programdata\Ableton
    2012-07-22 04:41 . 2012-07-22 04:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\Ableton
    2012-07-22 04:41 . 2011-12-02 18:01 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
    2012-07-22 04:41 . 2011-12-02 18:01 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-07-22 04:40 . 2012-07-22 04:40 -------- d-----w- c:\program files (x86)\Ableton
    2012-07-19 14:41 . 2012-07-19 14:41 -------- d-----w- c:\program files (x86)\Android
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\backup
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\explauncher
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\launcher
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\program files (x86)\Paragon Software
    2012-07-18 19:40 . 2012-07-18 19:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-18 19:40 . 2012-07-18 19:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    2012-07-18 19:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-17 05:55 . 2012-08-06 16:16 -------- d-----w- c:\users\Kelly\AppData\Roaming\gtk-2.0
    2012-07-17 05:55 . 2012-07-17 05:55 -------- d-----w- c:\users\Kelly\AppData\Roaming\PlayStation Mobile Studio-2.8
    2012-07-17 05:55 . 2012-07-17 05:55 -------- d-----w- c:\users\Kelly\AppData\Local\PlayStation Mobile Studio-2.8
    2012-07-17 05:49 . 2012-07-17 05:49 -------- d-----w- c:\program files (x86)\SCE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-04 02:21 . 2011-01-21 02:48 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-08-03 07:01 . 2012-05-08 04:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 07:01 . 2011-05-24 02:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 00:22 . 2012-03-16 21:16 2563232 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\SysWow64\MC17.exe
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\system32\MC17.exe
    2012-07-18 19:08 . 2011-04-16 00:16 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 07:54 . 2011-04-16 06:03 2087296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-07-07 07:25 . 2012-07-07 07:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-19 00:40 . 2012-06-19 00:40 145256 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{BA7E4D7B-24E6-46D0-809E-E77E92FC757F}\ARPPRODUCTICON.exe
    2012-06-09 05:43 . 2012-07-10 23:53 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-10 23:53 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-10 23:53 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-10 23:53 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 23:53 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-04 19:56 . 2012-06-04 19:56 90960 ----a-w- c:\windows\system32\drivers\uimx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 472144 ----a-w- c:\windows\system32\drivers\UimFIO.sys
    2012-06-04 19:56 . 2012-06-04 19:56 251728 ----a-w- c:\windows\SysWow64\prgiso.dll
    2012-06-04 19:56 . 2012-06-04 19:56 633296 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 389968 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys
    2012-06-02 22:19 . 2012-06-18 22:49 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-18 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 22:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 22:49 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-18 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-18 22:49 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-18 22:49 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-10 23:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-10 23:52 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-10 23:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-10 23:52 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-10 23:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-10 23:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-10 23:52 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-10 23:52 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-10 23:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-06-01 02:21 . 2012-06-01 02:21 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
    2012-06-01 02:21 . 2012-06-01 02:21 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
    2012-06-01 02:21 . 2012-06-01 02:21 422504 ----a-w- c:\windows\system32\RtsUStor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 864120 ----a-w- c:\windows\SysWow64\msvcr110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8355192 ----a-w- c:\windows\SysWow64\mfc110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8284024 ----a-w- c:\windows\SysWow64\mfc110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 806784 ----a-w- c:\windows\SysWow64\vcamp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 797560 ----a-w- c:\windows\SysWow64\msvcp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74112 ----a-w- c:\windows\SysWow64\mfc110deu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74104 ----a-w- c:\windows\SysWow64\mfc110fra.dll
    2012-05-22 04:17 . 2012-05-22 04:17 73088 ----a-w- c:\windows\SysWow64\mfc110esn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 72064 ----a-w- c:\windows\SysWow64\mfc110ita.dll
    2012-05-22 04:17 . 2012-05-22 04:17 70016 ----a-w- c:\windows\SysWow64\mfc110rus.dll
    2012-05-22 04:17 . 2012-05-22 04:17 689040 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 64384 ----a-w- c:\windows\SysWow64\mfc110enu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 53120 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 52608 ----a-w- c:\windows\SysWow64\mfc110kor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 500600 ----a-w- c:\windows\SysWow64\msvcp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110cht.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110chs.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4495728 ----a-w- c:\windows\SysWow64\mfc110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4445560 ----a-w- c:\windows\SysWow64\mfc110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 319872 ----a-w- c:\windows\SysWow64\vcamp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 240008 ----a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 219008 ----a-w- c:\windows\SysWow64\VSPerf110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 174976 ----a-w- c:\windows\SysWow64\VSCover110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 1691520 ----a-w- c:\windows\SysWow64\msvcr110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 156024 ----a-w- c:\windows\SysWow64\atl110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 145792 ----a-w- c:\windows\SysWow64\vcomp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 116608 ----a-w- c:\windows\SysWow64\vcomp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 113016 ----a-w- c:\windows\SysWow64\mfcm110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 112512 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 656272 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
    2012-05-22 04:17 . 2012-05-22 04:17 1995168 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
    2012-05-22 01:14 . 2012-05-22 01:14 685968 ----a-w- c:\windows\system32\vsjitdebugger.exe
    2012-05-22 01:14 . 2012-05-22 01:14 933256 ----a-w- c:\windows\system32\vccorlib110d.dll
    2012-05-22 01:14 . 2012-05-22 01:14 92032 ----a-w- c:\windows\system32\mfcm110u.dll
    2012-05-22 01:14 . 2012-05-22 01:14 92024 ----a-w- c:\windows\system32\mfcm110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 852856 ----a-w- c:\windows\system32\msvcr110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 74112 ----a-w- c:\windows\system32\mfc110fra.dll
    2012-05-22 01:14 . 2012-05-22 01:14 74112 ----a-w- c:\windows\system32\mfc110deu.dll
    2012-05-22 01:14 . 2012-05-22 01:14 73088 ----a-w- c:\windows\system32\mfc110esn.dll
    2012-05-22 01:14 . 2012-05-22 01:14 72064 ----a-w- c:\windows\system32\mfc110ita.dll
    2012-05-22 01:14 . 2012-05-22 01:14 70016 ----a-w- c:\windows\system32\mfc110rus.dll
    2012-05-22 01:14 . 2012-05-22 01:14 64384 ----a-w- c:\windows\system32\mfc110enu.dll
    2012-05-22 01:14 . 2012-05-22 01:14 612728 ----a-w- c:\windows\system32\msvcp110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 5705080 ----a-w- c:\windows\system32\mfc110u.dll
    2012-05-22 01:14 . 2012-05-22 01:14 5677424 ----a-w- c:\windows\system32\mfc110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 53120 ----a-w- c:\windows\system32\mfc110jpn.dll
    2012-05-22 01:14 . 2012-05-22 01:14 52608 ----a-w- c:\windows\system32\mfc110kor.dll
    2012-05-22 01:14 . 2012-05-22 01:14 45440 ----a-w- c:\windows\system32\mfc110cht.dll
    2012-05-22 01:14 . 2012-05-22 01:14 45440 ----a-w- c:\windows\system32\mfc110chs.dll
    2012-05-22 01:14 . 2012-05-22 01:14 380792 ----a-w- c:\windows\system32\vcamp110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 322440 ----a-w- c:\windows\system32\vccorlib110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 251776 ----a-w- c:\windows\system32\VSPerf110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 1957248 ----a-w- c:\windows\system32\msvcr110d.dll
    2012-05-22 01:14 . 2012-05-22 01:14 189824 ----a-w- c:\windows\system32\VSCover110.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
    2012-05-22 04:17 75320 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
    "PowerMate"="c:\program files (x86)\Griffin Technology\PowerMate\PowerMate.exe" [2007-12-07 385024]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-10 1353080]
    "Synergy Server"="c:\program files\Synergy\synergys.exe" [2011-06-18 982528]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-06 107000]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-07-03 34496]
    "wben"="c:\program files (x86)\Workspace\wben.exe" [2011-12-21 368368]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-19 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952]
    "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
    "PDFCreHook"="c:\program files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe" [2011-06-28 605032]
    "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDFCreate\RegistryController.exe" [2011-06-28 140136]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-23 103536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-12 771360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "OfficeSubscriptionAgent"="c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
    .
    c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Asset UPnP uMediaLibrary.lnk - c:\program files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe [2011-6-16 1063936]
    Asset UPnP.lnk - c:\program files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe [2011-6-16 1600000]
    Dropbox.lnk - c:\users\Kelly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    TwonkyManager.lnk - c:\program files (x86)\TwonkyMedia\MediaManager\TwonkyMediaManager.exe [2011-9-21 8208935]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-11-6 1826600]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
     
  11. kgamble

    kgamble TS Rookie Topic Starter

    Log continued...........



    R2 BULKUSB;MF Digital Robots;c:\windows\system32\Drivers\BREADUSB64.sys [2011-06-17 30288]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-05-01 123816]
    R2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-23 285280]
    R3 AssetUPnP;AssetUPnP;c:\program files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [2011-06-16 77824]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
    R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
    R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
    R3 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-18 75048]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-05-19 139776]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
    R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe [2012-07-18 394920]
    R3 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-11 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 Qsonix Audio Playback Service;Qsonix Audio Playback Service;d:\qsonix\Qsonix.Audio.Player.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Central Service;Qsonix Central Service;c:\projects\Qsonix\QsonixWorkspace.root\QsonixCentral.WindowsService\bin\Debug\qsonixcentral.windowsservice.exe [2011-09-29 8704]
    R3 Qsonix Diagnostics Service;Qsonix Diagnostics Service;d:\qsonix\Qsonix.Diagnostics.WindowsService.exe [2011-09-05 6656]
    R3 Qsonix Logging Service;Qsonix Logging Service;d:\qsonix\Qsonix.Logging.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Update Service;Qsonix Update Service;d:\qsonix\Qsonix.Update.WindowsService.exe [2011-09-05 7168]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2009-08-11 93848]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Test Authentication Service;Test Authentication Service;c:\projects\test\AuthenticationService.root\AuthenticationService\bin\Debug\AuthenticationService.exe [2011-08-30 6656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2011-09-21 509704]
    R3 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2011-09-21 245760]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-04-02 71960]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-16 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-23 1906576]
    R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-23 3246040]
    R4 DMS;Acronis Disk Management Service;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [2010-10-23 4632864]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-23 1263200]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-18 283200]
    S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-04 389968]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-07-18 1174824]
    S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-09 87368]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-18 2079520]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-12-07 66560]
    S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-18 82416]
    S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-13 138600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-05-19 127488]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
    S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
    S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    S2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2012-06-13 101376]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
    S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-04-29 73000]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-06-01 250984]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-31 15360]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NAL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000Core.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000UA.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-15 c:\windows\Tasks\SyncBack Backup.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2012-05-10 22:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
    @="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
    [HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
    @="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
    [HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
    @="{FF529703-3398-4c98-B88D-13F784CB10A2}"
    [HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
    @="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
    [HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
    @="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
    [HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-30 11545192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Playlist - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
    IE: Beam to - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - {BE8D0059-D24D-4919-B76F-99F4A2203647} {BE8D0059-D24D-4919-B76F-99F4A2203647} - {be8d0059-d24d-4919-b76f-99f4a2203647}\inprocserver32 does not exist!
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: componentone.com\download
    Trusted Zone: dyndns-home.com\gamble
    Trusted Zone: infragistics.com\xamples
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sharepoint.com\wikip
    Trusted Zone: sharepoint.com\wikip-admin
    Trusted Zone: sharepoint.com\wikip-my
    Trusted Zone: wdc.com\support
    TCP: Interfaces\{A108720A-AAA7-4E8D-91D6-E08ED382489F}: NameServer = 8.8.4.4
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://gamble.dyndns-home.com:8085/codebase/DVM_IPCam2.ocx
    FF - ProfilePath - c:\users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\fnujwm2o.default\
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-Nuance PDF Converter Professional 7-reminder - c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe
    AddRemove-Asset UPnP - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    --
    "ImagePath"="\"d:\qsonix\Qsonix.Logging.WindowsService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Qsonix Service: PlayerControlService]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\T*w*o*n*k*y*B*e*a*m*"!\Internet Explorer]
    "Path"="c:\\Program Files (x86)\\Twonky\\TwonkyBeam\\Internet Explorer"
    "Language"="1033"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-15 12:37:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 19:37
    .
    Pre-Run: 6,159,020,032 bytes free
    Post-Run: 25,320,529,920 bytes free
    .
    - - End Of File - - AE8ACBBD28CCE7691AF13C06130209CB
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  13. kgamble

    kgamble TS Rookie Topic Starter

    I belive I followed the above instructions correctly. Combofix appears to "install" even in this case above where I'm dropping the CFScript.txt onto it but I did do that and it produced the following log:



    ComboFix 12-08-16.01 - Kelly 08/16/2012 12:15:34.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.10028 [GMT -7:00]
    Running from: I:\setup\System Utilities\Virus Removal and Protection\ComboFix.exe
    Command switches used :: I:\setup\System Utilities\Virus Removal and Protection\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\drivers\hwqkueee.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\0.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\1.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\10.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\11.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\2.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\3.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\4.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\5.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\6.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\7.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\8.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdd000c.~lk\9.mdd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 19:27 . 2012-08-16 19:27 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{988F9609-4DA4-4419-A0E9-A534B2F4E04F}\offreg.dll
    2012-08-16 19:25 . 2012-08-16 19:28 -------- d-----w- c:\users\admin\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\Mcx1-QUARK\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\Janet\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
    2012-08-16 19:25 . 2012-08-16 19:25 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\users\Kelly\AppData\Roaming\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 08:22 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-13 08:43 . 2012-08-13 08:43 -------- d-----w- C:\FRST
    2012-08-13 06:47 . 2012-08-13 06:47 328704 ----a-w- c:\windows\system32\services.exe.FB430B8E38272D1C
    2012-08-11 18:50 . 2012-08-11 18:50 50392 ----a-w- c:\windows\system32\drivers\hwqkueee.sys
    2012-08-11 18:50 . 2012-08-11 18:50 328704 ----a-w- c:\windows\system32\services.exe.49F02CD4A4A3F8A3
    2012-08-11 18:40 . 2012-08-11 18:40 328704 ----a-w- c:\windows\system32\services.exe.ACD069D63157E141
    2012-08-11 18:31 . 2012-08-11 18:31 328704 ----a-w- c:\windows\system32\services.exe.C58270A7DD10266D
    2012-08-11 18:25 . 2012-08-11 18:25 328704 ----a-w- c:\windows\system32\services.exe.A698C307BA7E8BEF
    2012-08-11 18:17 . 2012-08-11 18:17 328704 ----a-w- c:\windows\system32\services.exe.10423E639EC94F6A
    2012-08-11 18:13 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEED19B4-8DBB-48DC-93F4-DF9414CDF31B}\gapaengine.dll
    2012-08-11 18:12 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{988F9609-4DA4-4419-A0E9-A534B2F4E04F}\mpengine.dll
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-11 17:31 . 2012-08-11 17:31 328704 ----a-w- c:\windows\system32\services.exe.1EFED7D41A29C5C8
    2012-08-11 17:14 . 2012-08-11 17:14 328704 ----a-w- c:\windows\system32\services.exe.A244CD8FECB1FC0A
    2012-08-11 11:06 . 2012-08-11 11:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-11 09:51 . 2012-08-11 09:51 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-08-11 09:51 . 2012-08-11 09:51 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-08-01 23:45 . 2012-08-01 23:45 -------- d-s---w- c:\users\Kelly\SharePoint Sites
    2012-08-01 05:56 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\dftmp
    2012-07-31 19:27 . 2012-07-31 19:27 -------- d-----w- c:\users\Kelly\AppData\Roaming\TeamViewer
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\WatchGuard
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\program files (x86)\WatchGuard
    2012-07-31 07:41 . 2012-06-13 08:42 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2012-07-30 18:25 . 2012-07-30 18:25 -------- d-----w- c:\windows\Sun
    2012-07-27 00:21 . 2012-07-27 00:21 -------- d-----w- c:\program files (x86)\Windows Azure Tools
    2012-07-27 00:20 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\DevelopmentStorage
    2012-07-27 00:18 . 2012-07-27 00:19 -------- d-----w- c:\program files (x86)\Microsoft Web Tooling Extensions
    2012-07-26 22:55 . 2012-07-26 22:55 -------- d-----w- c:\users\orchard
    2012-07-26 16:49 . 2012-07-26 17:11 -------- d-----w- c:\users\Kelly\AppData\Roaming\Download Manager
    2012-07-26 16:47 . 2012-07-26 16:47 -------- d-----w- c:\program files\Microsoft
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\SysWow64\VirtualMIDISynth
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\system32\VirtualMIDISynth
    2012-07-22 04:55 . 2012-07-22 04:55 -------- d-----w- c:\users\Kelly\AppData\Local\Cakewalk
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Native Instruments
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
    2012-07-22 04:48 . 2012-07-22 04:48 -------- d-----w- c:\users\Kelly\TruePianos Settings
    2012-07-22 04:47 . 2012-07-22 04:54 -------- d-----w- c:\users\Kelly\AppData\Roaming\Cakewalk
    2012-07-22 04:44 . 2012-07-22 08:33 -------- d-----w- C:\Cakewalk Projects
    2012-07-22 04:44 . 2012-07-22 04:52 -------- d-----w- c:\programdata\Cakewalk
    2012-07-22 04:44 . 2012-07-22 04:50 -------- d-----w- c:\program files\Cakewalk
    2012-07-22 04:42 . 2012-07-22 04:42 -------- d-----w- c:\programdata\Ableton
    2012-07-22 04:41 . 2012-07-22 04:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\Ableton
    2012-07-22 04:41 . 2011-12-02 18:01 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
    2012-07-22 04:41 . 2011-12-02 18:01 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-07-22 04:40 . 2012-07-22 04:40 -------- d-----w- c:\program files (x86)\Ableton
    2012-07-19 14:41 . 2012-07-19 14:41 -------- d-----w- c:\program files (x86)\Android
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\backup
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\explauncher
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\programdata\launcher
    2012-07-19 06:33 . 2012-07-19 06:33 -------- d-----w- c:\program files (x86)\Paragon Software
    2012-07-18 19:40 . 2012-07-18 19:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-18 19:40 . 2012-07-18 19:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    2012-07-18 19:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-04 02:21 . 2011-01-21 02:48 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-08-03 07:01 . 2012-05-08 04:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 07:01 . 2011-05-24 02:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 00:22 . 2012-03-16 21:16 2563232 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\SysWow64\MC17.exe
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\system32\MC17.exe
    2012-07-18 19:08 . 2011-04-16 00:16 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 07:54 . 2011-04-16 06:03 2087296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-07-07 07:25 . 2012-07-07 07:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-19 00:40 . 2012-06-19 00:40 145256 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{BA7E4D7B-24E6-46D0-809E-E77E92FC757F}\ARPPRODUCTICON.exe
    2012-06-09 05:43 . 2012-07-10 23:53 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-10 23:53 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-10 23:53 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-10 23:53 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 23:53 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-04 19:56 . 2012-06-04 19:56 90960 ----a-w- c:\windows\system32\drivers\uimx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 472144 ----a-w- c:\windows\system32\drivers\UimFIO.sys
    2012-06-04 19:56 . 2012-06-04 19:56 251728 ----a-w- c:\windows\SysWow64\prgiso.dll
    2012-06-04 19:56 . 2012-06-04 19:56 633296 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 389968 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys
    2012-06-02 22:19 . 2012-06-18 22:49 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-18 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 22:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 22:49 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-18 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-18 22:49 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-18 22:49 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-10 23:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-10 23:52 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-10 23:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-10 23:52 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-10 23:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-10 23:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-10 23:52 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-10 23:52 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-10 23:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-06-01 02:21 . 2012-06-01 02:21 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
    2012-06-01 02:21 . 2012-06-01 02:21 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
    2012-06-01 02:21 . 2012-06-01 02:21 422504 ----a-w- c:\windows\system32\RtsUStor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 864120 ----a-w- c:\windows\SysWow64\msvcr110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8355192 ----a-w- c:\windows\SysWow64\mfc110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8284024 ----a-w- c:\windows\SysWow64\mfc110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 806784 ----a-w- c:\windows\SysWow64\vcamp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 797560 ----a-w- c:\windows\SysWow64\msvcp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74112 ----a-w- c:\windows\SysWow64\mfc110deu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74104 ----a-w- c:\windows\SysWow64\mfc110fra.dll
    2012-05-22 04:17 . 2012-05-22 04:17 73088 ----a-w- c:\windows\SysWow64\mfc110esn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 72064 ----a-w- c:\windows\SysWow64\mfc110ita.dll
    2012-05-22 04:17 . 2012-05-22 04:17 70016 ----a-w- c:\windows\SysWow64\mfc110rus.dll
    2012-05-22 04:17 . 2012-05-22 04:17 689040 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 64384 ----a-w- c:\windows\SysWow64\mfc110enu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 53120 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 52608 ----a-w- c:\windows\SysWow64\mfc110kor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 500600 ----a-w- c:\windows\SysWow64\msvcp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110cht.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110chs.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4495728 ----a-w- c:\windows\SysWow64\mfc110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4445560 ----a-w- c:\windows\SysWow64\mfc110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 319872 ----a-w- c:\windows\SysWow64\vcamp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 240008 ----a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 219008 ----a-w- c:\windows\SysWow64\VSPerf110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 174976 ----a-w- c:\windows\SysWow64\VSCover110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 1691520 ----a-w- c:\windows\SysWow64\msvcr110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 156024 ----a-w- c:\windows\SysWow64\atl110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 145792 ----a-w- c:\windows\SysWow64\vcomp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 116608 ----a-w- c:\windows\SysWow64\vcomp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 113016 ----a-w- c:\windows\SysWow64\mfcm110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 112512 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 656272 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
    2012-05-22 04:17 . 2012-05-22 04:17 1995168 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
    2012-05-22 01:14 . 2012-05-22 01:14 685968 ----a-w- c:\windows\system32\vsjitdebugger.exe
    2012-05-22 01:14 . 2012-05-22 01:14 933256 ----a-w- c:\windows\system32\vccorlib110d.dll
    2012-05-22 01:14 . 2012-05-22 01:14 92032 ----a-w- c:\windows\system32\mfcm110u.dll
    2012-05-22 01:14 . 2012-05-22 01:14 92024 ----a-w- c:\windows\system32\mfcm110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 852856 ----a-w- c:\windows\system32\msvcr110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 74112 ----a-w- c:\windows\system32\mfc110fra.dll
    2012-05-22 01:14 . 2012-05-22 01:14 74112 ----a-w- c:\windows\system32\mfc110deu.dll
    2012-05-22 01:14 . 2012-05-22 01:14 73088 ----a-w- c:\windows\system32\mfc110esn.dll
    2012-05-22 01:14 . 2012-05-22 01:14 72064 ----a-w- c:\windows\system32\mfc110ita.dll
    2012-05-22 01:14 . 2012-05-22 01:14 70016 ----a-w- c:\windows\system32\mfc110rus.dll
    2012-05-22 01:14 . 2012-05-22 01:14 64384 ----a-w- c:\windows\system32\mfc110enu.dll
    2012-05-22 01:14 . 2012-05-22 01:14 612728 ----a-w- c:\windows\system32\msvcp110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 5705080 ----a-w- c:\windows\system32\mfc110u.dll
    2012-05-22 01:14 . 2012-05-22 01:14 5677424 ----a-w- c:\windows\system32\mfc110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 53120 ----a-w- c:\windows\system32\mfc110jpn.dll
    2012-05-22 01:14 . 2012-05-22 01:14 52608 ----a-w- c:\windows\system32\mfc110kor.dll
    2012-05-22 01:14 . 2012-05-22 01:14 45440 ----a-w- c:\windows\system32\mfc110cht.dll
    2012-05-22 01:14 . 2012-05-22 01:14 45440 ----a-w- c:\windows\system32\mfc110chs.dll
    2012-05-22 01:14 . 2012-05-22 01:14 380792 ----a-w- c:\windows\system32\vcamp110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 322440 ----a-w- c:\windows\system32\vccorlib110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 251776 ----a-w- c:\windows\system32\VSPerf110.dll
    2012-05-22 01:14 . 2012-05-22 01:14 1957248 ----a-w- c:\windows\system32\msvcr110d.dll
    2012-05-22 01:14 . 2012-05-22 01:14 189824 ----a-w- c:\windows\system32\VSCover110.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-15_19.32.50 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-04-15 23:44 . 2012-08-01 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-15 23:44 . 2012-08-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-15 23:44 . 2012-08-01 05:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-15 23:44 . 2012-08-16 19:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-15 23:44 . 2012-08-01 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-15 23:44 . 2012-08-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-16 19:07 . 2012-08-16 19:07 9560 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_48.bin
    + 2012-08-16 19:07 . 2012-08-16 19:07 4280 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_32.bin
    + 2012-08-16 19:07 . 2012-08-16 19:07 2456 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_24.bin
    - 2011-04-15 23:54 . 2012-08-15 19:16 1887 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2011-04-15 23:54 . 2012-08-16 19:25 1887 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-08-15 19:18 . 2012-08-15 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-16 19:27 . 2012-08-16 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-15 19:18 . 2012-08-15 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-16 19:27 . 2012-08-16 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 05:01 . 2012-08-16 19:25 757492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-15 19:16 757492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-04-16 02:39 . 2012-08-15 19:16 61121492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-389776879-4036487157-181669944-1000-12288.dat
    + 2011-04-16 02:39 . 2012-08-16 19:25 61121492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-389776879-4036487157-181669944-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
    2012-05-22 04:17 75320 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-06 107000]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "PowerMate"="c:\program files (x86)\Griffin Technology\PowerMate\PowerMate.exe" [2007-12-07 385024]
    "PlantSmart"="c:\program files (x86)\PlantSmart\PlantSmart.exe" [2011-03-21 1765392]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-10 1353080]
    "Synergy Server"="c:\program files\Synergy\synergys.exe" [2011-06-18 982528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-19 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952]
    "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
    "PDFCreHook"="c:\program files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe" [2011-06-28 605032]
    "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDFCreate\RegistryController.exe" [2011-06-28 140136]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-23 103536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-12 771360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "OfficeSubscriptionAgent"="c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
    .
    c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Asset UPnP uMediaLibrary.lnk - c:\program files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe [2011-6-16 1063936]
    Asset UPnP.lnk - c:\program files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe [2011-6-16 1600000]
    Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
    TwonkyManager.lnk - c:\program files (x86)\TwonkyMedia\MediaManager\TwonkyMediaManager.exe [2011-9-21 8208935]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-11-6 1826600]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BULKUSB;MF Digital Robots;c:\windows\system32\Drivers\BREADUSB64.sys [2011-06-17 30288]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-05-01 123816]
    R2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-23 285280]
    R3 AssetUPnP;AssetUPnP;c:\program files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [2011-06-16 77824]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
    R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
    R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
    R3 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-18 75048]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-05-19 139776]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
    R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe [2012-07-18 394920]
    R3 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-11 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 Qsonix Audio Playback Service;Qsonix Audio Playback Service;d:\qsonix\Qsonix.Audio.Player.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Central Service;Qsonix Central Service;c:\projects\Qsonix\QsonixWorkspace.root\QsonixCentral.WindowsService\bin\Debug\qsonixcentral.windowsservice.exe [2011-09-29 8704]
    R3 Qsonix Diagnostics Service;Qsonix Diagnostics Service;d:\qsonix\Qsonix.Diagnostics.WindowsService.exe [2011-09-05 6656]
    R3 Qsonix Logging Service;Qsonix Logging Service;d:\qsonix\Qsonix.Logging.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Update Service;Qsonix Update Service;d:\qsonix\Qsonix.Update.WindowsService.exe [2011-09-05 7168]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2009-08-11 93848]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Test Authentication Service;Test Authentication Service;c:\projects\test\AuthenticationService.root\AuthenticationService\bin\Debug\AuthenticationService.exe [2011-08-30 6656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2011-09-21 509704]
    R3 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2011-09-21 245760]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-04-02 71960]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-16 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-23 1906576]
    R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-23 3246040]
    R4 DMS;Acronis Disk Management Service;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [2010-10-23 4632864]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-23 1263200]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-18 283200]
    S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-04 389968]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-07-18 1174824]
    S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-09 87368]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-18 2079520]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-12-07 66560]
    S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-18 82416]
    S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-13 138600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-05-19 127488]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
    S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
    S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    S2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2012-06-13 101376]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
    S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-04-29 73000]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-06-01 250984]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-31 15360]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NAL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\Installer.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8af4ec1-c4e4-11e1-a22f-00268314d449}]
    \shell\AutoRun\command - O:\HTC_Sync_Manager_PC.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8af4edc-c4e4-11e1-a22f-00268314d449}]
    \shell\AutoRun\command - O:\HTC_Sync_Manager_PC.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6c1b2a-02b9-11e1-b5fd-00268314d449}]
    \shell\AutoRun\command - H:\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000Core.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000UA.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-16 c:\windows\Tasks\SyncBack Backup.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2012-05-10 22:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
    @="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
    [HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
    @="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
    [HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
    @="{FF529703-3398-4c98-B88D-13F784CB10A2}"
    [HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
    @="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
    [HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
    @="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
    [HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-30 11545192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
     
  14. kgamble

    kgamble TS Rookie Topic Starter

    Log continues....



    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Playlist - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
    IE: Beam to - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - {BE8D0059-D24D-4919-B76F-99F4A2203647} {BE8D0059-D24D-4919-B76F-99F4A2203647} - {be8d0059-d24d-4919-b76f-99f4a2203647}\inprocserver32 does not exist!
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: componentone.com\download
    Trusted Zone: infragistics.com\xamples
    TCP: DhcpNameServer = 10.10.10.1
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://gamble.dyndns-home.com:8085/codebase/DVM_IPCam2.ocx
    FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\kkrod09l.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    AddRemove-Google Chrome - c:\users\Kelly\AppData\Local\Google\Chrome\Application\15.0.874.106\Installer\setup.exe
    AddRemove-MusicManager - c:\users\admin\AppData\Local\Programs\Google\MusicManager\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    --
    "ImagePath"="\"d:\qsonix\Qsonix.Logging.WindowsService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Qsonix Service: PlayerControlService]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\T*w*o*n*k*y*B*e*a*m*"!\Internet Explorer]
    "Path"="c:\\Program Files (x86)\\Twonky\\TwonkyBeam\\Internet Explorer"
    "Language"="1033"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-16 12:33:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-16 19:33
    ComboFix2.txt 2012-08-15 19:37
    .
    Pre-Run: 25,970,548,736 bytes free
    Post-Run: 26,253,672,448 bytes free
    .
    - - End Of File - - 8AEABFDBAC5360C2FD44CB03E1CC897D
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    :confused: And again...

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  16. kgamble

    kgamble TS Rookie Topic Starter

    Thanks again...log follows:

    ComboFix 12-08-18.03 - Kelly 08/18/2012 23:39:40.3.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.9672 [GMT -7:00]
    Running from: I:\setup\System Utilities\Virus Removal and Protection\ComboFix.exe
    Command switches used :: I:\setup\System Utilities\Virus Removal and Protection\CFScript3.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\drivers\hwqkueee.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\0.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\1.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\10.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\11.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\2.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\3.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\4.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\5.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\6.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\7.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\8.mdd
    c:\users\Kelly\AppData\Local\Temp\wrdc009c.~lk\9.mdd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-19 06:53 . 2012-08-19 06:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10C643C7-3271-4E29-AAA9-1935F610B367}\offreg.dll
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\Mcx1-QUARK\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\Janet\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-08-19 06:51 . 2012-08-19 06:51 -------- d-----w- c:\users\admin\AppData\Local\temp
    2012-08-18 00:03 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10C643C7-3271-4E29-AAA9-1935F610B367}\mpengine.dll
    2012-08-16 19:33 . 2012-08-19 07:20 -------- d-----w- c:\users\Kelly\AppData\Local\temp
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\users\Kelly\AppData\Roaming\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-14 08:22 . 2012-08-14 08:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 08:22 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-13 08:43 . 2012-08-13 08:43 -------- d-----w- C:\FRST
    2012-08-13 06:47 . 2012-08-13 06:47 328704 ----a-w- c:\windows\system32\services.exe.FB430B8E38272D1C
    2012-08-11 18:50 . 2012-08-11 18:50 50392 ----a-w- c:\windows\system32\drivers\hwqkueee.sys
    2012-08-11 18:50 . 2012-08-11 18:50 328704 ----a-w- c:\windows\system32\services.exe.49F02CD4A4A3F8A3
    2012-08-11 18:40 . 2012-08-11 18:40 328704 ----a-w- c:\windows\system32\services.exe.ACD069D63157E141
    2012-08-11 18:31 . 2012-08-11 18:31 328704 ----a-w- c:\windows\system32\services.exe.C58270A7DD10266D
    2012-08-11 18:25 . 2012-08-11 18:25 328704 ----a-w- c:\windows\system32\services.exe.A698C307BA7E8BEF
    2012-08-11 18:17 . 2012-08-11 18:17 328704 ----a-w- c:\windows\system32\services.exe.10423E639EC94F6A
    2012-08-11 18:13 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEED19B4-8DBB-48DC-93F4-DF9414CDF31B}\gapaengine.dll
    2012-08-11 18:12 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-11 18:11 . 2012-08-11 18:11 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-11 17:31 . 2012-08-11 17:31 328704 ----a-w- c:\windows\system32\services.exe.1EFED7D41A29C5C8
    2012-08-11 17:14 . 2012-08-11 17:14 328704 ----a-w- c:\windows\system32\services.exe.A244CD8FECB1FC0A
    2012-08-11 11:06 . 2012-08-11 11:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-11 09:51 . 2012-08-11 09:51 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-08-11 09:51 . 2012-08-11 09:51 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-08-01 23:45 . 2012-08-01 23:45 -------- d-s---w- c:\users\Kelly\SharePoint Sites
    2012-08-01 05:56 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\dftmp
    2012-07-31 19:27 . 2012-07-31 19:27 -------- d-----w- c:\users\Kelly\AppData\Roaming\TeamViewer
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\WatchGuard
    2012-07-31 07:41 . 2012-07-31 07:41 -------- d-----w- c:\program files (x86)\WatchGuard
    2012-07-31 07:41 . 2012-06-13 08:42 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2012-07-30 18:25 . 2012-07-30 18:25 -------- d-----w- c:\windows\Sun
    2012-07-27 00:21 . 2012-07-27 00:21 -------- d-----w- c:\program files (x86)\Windows Azure Tools
    2012-07-27 00:20 . 2012-08-01 05:56 -------- d-----w- c:\users\Kelly\AppData\Local\DevelopmentStorage
    2012-07-27 00:18 . 2012-07-27 00:19 -------- d-----w- c:\program files (x86)\Microsoft Web Tooling Extensions
    2012-07-26 22:55 . 2012-07-26 22:55 -------- d-----w- c:\users\orchard
    2012-07-26 16:49 . 2012-07-26 17:11 -------- d-----w- c:\users\Kelly\AppData\Roaming\Download Manager
    2012-07-26 16:47 . 2012-07-26 16:47 -------- d-----w- c:\program files\Microsoft
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\SysWow64\VirtualMIDISynth
    2012-07-22 08:08 . 2012-07-22 08:08 -------- d-----w- c:\windows\system32\VirtualMIDISynth
    2012-07-22 04:55 . 2012-07-22 04:55 -------- d-----w- c:\users\Kelly\AppData\Local\Cakewalk
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
    2012-07-22 04:54 . 2012-07-22 04:54 -------- dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Native Instruments
    2012-07-22 04:54 . 2012-07-22 04:54 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
    2012-07-22 04:48 . 2012-07-22 04:48 -------- d-----w- c:\users\Kelly\TruePianos Settings
    2012-07-22 04:47 . 2012-07-22 04:54 -------- d-----w- c:\users\Kelly\AppData\Roaming\Cakewalk
    2012-07-22 04:44 . 2012-07-22 08:33 -------- d-----w- C:\Cakewalk Projects
    2012-07-22 04:44 . 2012-07-22 04:52 -------- d-----w- c:\programdata\Cakewalk
    2012-07-22 04:44 . 2012-07-22 04:50 -------- d-----w- c:\program files\Cakewalk
    2012-07-22 04:42 . 2012-07-22 04:42 -------- d-----w- c:\programdata\Ableton
    2012-07-22 04:41 . 2012-07-22 04:41 -------- d-----w- c:\users\Kelly\AppData\Roaming\Ableton
    2012-07-22 04:41 . 2011-12-02 18:01 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
    2012-07-22 04:41 . 2011-12-02 18:01 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-07-22 04:40 . 2012-07-22 04:40 -------- d-----w- c:\program files (x86)\Ableton
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-04 02:21 . 2011-01-21 02:48 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-08-03 07:01 . 2012-05-08 04:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 07:01 . 2011-05-24 02:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 00:22 . 2012-03-16 21:16 2563232 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\SysWow64\MC17.exe
    2012-07-18 20:01 . 2012-05-05 07:23 381608 ------w- c:\windows\system32\MC17.exe
    2012-07-18 19:40 . 2012-07-18 19:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-18 19:08 . 2011-04-16 00:16 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 07:54 . 2011-04-16 06:03 2087296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-07-07 07:25 . 2012-07-07 07:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-19 00:40 . 2012-06-19 00:40 145256 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{BA7E4D7B-24E6-46D0-809E-E77E92FC757F}\ARPPRODUCTICON.exe
    2012-06-12 03:08 . 2012-07-18 19:12 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-10 23:53 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-10 23:53 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-10 23:53 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-10 23:53 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 23:53 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 23:53 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-04 19:56 . 2012-06-04 19:56 90960 ----a-w- c:\windows\system32\drivers\uimx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 472144 ----a-w- c:\windows\system32\drivers\UimFIO.sys
    2012-06-04 19:56 . 2012-06-04 19:56 251728 ----a-w- c:\windows\SysWow64\prgiso.dll
    2012-06-04 19:56 . 2012-06-04 19:56 633296 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
    2012-06-04 19:56 . 2012-06-04 19:56 389968 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys
    2012-06-02 22:19 . 2012-06-18 22:49 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-18 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 22:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 22:49 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-18 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-18 22:49 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-18 22:49 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-18 19:07 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-18 19:07 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-18 19:07 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-18 19:07 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-18 19:07 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-18 19:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-18 19:07 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-18 19:07 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-18 19:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-18 19:07 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-18 19:07 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-18 19:07 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-18 19:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-18 19:07 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-18 19:07 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-18 19:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-18 19:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-18 19:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-18 19:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-10 23:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-10 23:52 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-10 23:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-10 23:52 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-10 23:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-10 23:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-10 23:52 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-10 23:52 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-10 23:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-06-01 02:21 . 2012-06-01 02:21 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
    2012-06-01 02:21 . 2012-06-01 02:21 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
    2012-06-01 02:21 . 2012-06-01 02:21 422504 ----a-w- c:\windows\system32\RtsUStor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 864120 ----a-w- c:\windows\SysWow64\msvcr110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 84344 ----a-w- c:\windows\SysWow64\mfcm110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8355192 ----a-w- c:\windows\SysWow64\mfc110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 8284024 ----a-w- c:\windows\SysWow64\mfc110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 806784 ----a-w- c:\windows\SysWow64\vcamp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 797560 ----a-w- c:\windows\SysWow64\msvcp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74112 ----a-w- c:\windows\SysWow64\mfc110deu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 74104 ----a-w- c:\windows\SysWow64\mfc110fra.dll
    2012-05-22 04:17 . 2012-05-22 04:17 73088 ----a-w- c:\windows\SysWow64\mfc110esn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 72064 ----a-w- c:\windows\SysWow64\mfc110ita.dll
    2012-05-22 04:17 . 2012-05-22 04:17 70016 ----a-w- c:\windows\SysWow64\mfc110rus.dll
    2012-05-22 04:17 . 2012-05-22 04:17 689040 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 64384 ----a-w- c:\windows\SysWow64\mfc110enu.dll
    2012-05-22 04:17 . 2012-05-22 04:17 53120 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
    2012-05-22 04:17 . 2012-05-22 04:17 52608 ----a-w- c:\windows\SysWow64\mfc110kor.dll
    2012-05-22 04:17 . 2012-05-22 04:17 500600 ----a-w- c:\windows\SysWow64\msvcp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110cht.dll
    2012-05-22 04:17 . 2012-05-22 04:17 45440 ----a-w- c:\windows\SysWow64\mfc110chs.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4495728 ----a-w- c:\windows\SysWow64\mfc110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 4445560 ----a-w- c:\windows\SysWow64\mfc110u.dll
    2012-05-22 04:17 . 2012-05-22 04:17 319872 ----a-w- c:\windows\SysWow64\vcamp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 240008 ----a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 219008 ----a-w- c:\windows\SysWow64\VSPerf110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 174976 ----a-w- c:\windows\SysWow64\VSCover110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 1691520 ----a-w- c:\windows\SysWow64\msvcr110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 156024 ----a-w- c:\windows\SysWow64\atl110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 145792 ----a-w- c:\windows\SysWow64\vcomp110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 116608 ----a-w- c:\windows\SysWow64\vcomp110.dll
    2012-05-22 04:17 . 2012-05-22 04:17 113016 ----a-w- c:\windows\SysWow64\mfcm110d.dll
    2012-05-22 04:17 . 2012-05-22 04:17 112512 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
    2012-05-22 04:17 . 2012-05-22 04:17 656272 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
    2012-05-22 04:17 . 2012-05-22 04:17 1995168 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
    2012-05-22 01:14 . 2012-05-22 01:14 685968 ----a-w- c:\windows\system32\vsjitdebugger.exe
    2012-05-22 01:14 . 2012-05-22 01:14 933256 ----a-w- c:\windows\system32\vccorlib110d.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-15_19.32.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2012-08-16 19:29 44606 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-15 23:44 . 2012-08-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-15 23:44 . 2012-08-01 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-15 23:44 . 2012-08-01 05:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-15 23:44 . 2012-08-16 19:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-15 23:44 . 2012-08-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-15 23:44 . 2012-08-01 05:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-18 02:11 . 2012-08-18 02:11 13128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\135d0322\67f1434b\assembly\dl3\e72b74e4\f3249abc_e67ccd01\Microsoft.ScriptManager.jQuery.UI.Combined.DLL
    + 2012-08-18 02:11 . 2012-08-18 02:11 13128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\135d0322\67f1434b\assembly\dl3\de4b5584\c55c34bc_e67ccd01\Microsoft.ScriptManager.jQuery.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 18944 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\f3830023\807c3c7f_6b7bcd01\Autofac.Integration.Web.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 10752 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\e88c4f7c\80a96d80_6b7bcd01\Orchard.WarmupStarter.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 49664 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\71cbc1b3\807c3c7f_6b7bcd01\ClaySharp.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 77824 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\6277ff67\807c3c7f_6b7bcd01\Castle.Core.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 28160 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\44c1d9b2\807c3c7f_6b7bcd01\Autofac.Integration.Mvc.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 32768 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\30a3c6b3\0013d57f_6b7bcd01\Iesi.Collections.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 30208 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\28d0ea76\807c3c7f_6b7bcd01\Autofac.Configuration.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 86016 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\218a75ac\0013d57f_6b7bcd01\NHibernate.Linq.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 26112 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_v4bblkso.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 13312 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_v2yoeoev.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 26624 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_uwfqu4vo.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 36864 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_pjjor0q1.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 20480 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_p1u4y2dx.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 10752 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_nfu5jb3k.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 13824 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_mgsq1vmt.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 10240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_mbmud53u.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 24064 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_kb1nlbss.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 10752 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_h3nr0agv.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 13312 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_boucoyxe.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 21504 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_b3mmoexb.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 24064 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_5utroraj.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 29696 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_4it4vgrr.dll
    + 2011-04-17 07:44 . 2012-08-16 19:29 6094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-389776879-4036487157-181669944-1008_UserData.bin
    + 2012-08-16 19:07 . 2012-08-16 19:07 9560 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_48.bin
    + 2012-08-16 19:07 . 2012-08-16 19:07 4280 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_32.bin
    + 2012-08-16 19:07 . 2012-08-16 19:07 2456 c:\windows\system32\NetworkList\Icons\{666D526B-BF90-4426-B013-992FEDF3AE92}_24.bin
    - 2011-04-15 23:54 . 2012-08-15 19:16 1887 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2011-04-15 23:54 . 2012-08-19 06:51 1887 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-08-19 06:53 . 2012-08-19 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-15 19:18 . 2012-08-15 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-19 06:53 . 2012-08-19 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-15 19:18 . 2012-08-15 19:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-18 02:17 . 2012-08-18 02:17 6656 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\640a9d96\80a96d80_6b7bcd01\Orchard.Web.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 7168 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\5e7e3a10\0013d57f_6b7bcd01\NHibernate.ByteCode.Castle.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 7680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_t3ev0knz.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 6144 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_pkd3sxdp.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 8192 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_ox3hspjl.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 7680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_o2vo5vcu.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 6144 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_gefwrwfc.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 6144 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_f521tbpj.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 9216 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_efeygg4c.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 7680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_dl2ojm52.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 8192 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_Web_4nygjqdw.dll
    + 2012-08-18 02:17 . 2012-08-18 02:17 4096 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\App_global.asax.nfbuvr-5.dll
    + 2011-04-15 23:42 . 2012-08-16 19:29 104462 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 02:36 . 2012-08-19 07:00 909960 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-15 19:25 909960 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-19 07:00 214822 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-08-15 19:25 214822 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-08-15 19:16 757492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-19 06:51 757492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-08-18 02:11 . 2012-08-18 02:11 269120 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\135d0322\67f1434b\assembly\dl3\05c92bd4\e19fd9bc_e67ccd01\System.Web.Providers.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 336384 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\b860b407\0013d57f_6b7bcd01\Orchard.Core.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 270336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\b0794f60\0013d57f_6b7bcd01\log4net.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 190976 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\6bcc2abe\807c3c7f_6b7bcd01\Autofac.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 110592 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\50b7e4dd\807c3c7f_6b7bcd01\Castle.DynamicProxy2.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 116736 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\3f15cf90\807c3c7f_6b7bcd01\Antlr3.Runtime.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 947712 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\3101c40e\0013d57f_6b7bcd01\Orchard.Framework.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 464896 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\263f8e2c\807c3c7f_6b7bcd01\FluentNHibernate.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 206336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\079cd7d3\0013d57f_6b7bcd01\NuGet.Core.DLL
    + 2012-08-18 02:17 . 2012-08-18 02:17 2359296 c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\orchard\e1bcc100\e0256ca7\assembly\dl3\51f79bf5\0013d57f_6b7bcd01\NHibernate.DLL
    + 2011-04-16 17:20 . 2012-08-19 06:51 44208700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-389776879-4036487157-181669944-1008-12288.dat
    + 2011-04-16 02:39 . 2012-08-19 06:51 61321532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-389776879-4036487157-181669944-1000-12288.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
    2012-05-22 04:17 75320 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
    "PowerMate"="c:\program files (x86)\Griffin Technology\PowerMate\PowerMate.exe" [2007-12-07 385024]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-10 1353080]
    "Synergy Server"="c:\program files\Synergy\synergys.exe" [2011-06-18 982528]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-06 107000]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-07-03 34496]
    "wben"="c:\program files (x86)\Workspace\wben.exe" [2011-12-21 368368]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-19 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952]
    "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
    "PDFCreHook"="c:\program files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe" [2011-06-28 605032]
    "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDFCreate\RegistryController.exe" [2011-06-28 140136]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-23 103536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-12 771360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "OfficeSubscriptionAgent"="c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
    .
    c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Asset UPnP uMediaLibrary.lnk - c:\program files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe [2011-6-16 1063936]
    Asset UPnP.lnk - c:\program files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe [2011-6-16 1600000]
    Dropbox.lnk - c:\users\Kelly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    TwonkyManager.lnk - c:\program files (x86)\TwonkyMedia\MediaManager\TwonkyMediaManager.exe [2011-9-21 8208935]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-11-6 1826600]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BULKUSB;MF Digital Robots;c:\windows\system32\Drivers\BREADUSB64.sys [2011-06-17 30288]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-05-01 123816]
    R2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-23 285280]
    R3 AssetUPnP;AssetUPnP;c:\program files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [2011-06-16 77824]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
    R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
    R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
    R3 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-18 75048]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-05-19 139776]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
    R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe [2012-07-18 394920]
    R3 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-11 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 Qsonix Audio Playback Service;Qsonix Audio Playback Service;d:\qsonix\Qsonix.Audio.Player.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Central Service;Qsonix Central Service;c:\projects\Qsonix\QsonixWorkspace.root\QsonixCentral.WindowsService\bin\Debug\qsonixcentral.windowsservice.exe [2011-09-29 8704]
    R3 Qsonix Diagnostics Service;Qsonix Diagnostics Service;d:\qsonix\Qsonix.Diagnostics.WindowsService.exe [2011-09-05 6656]
    R3 Qsonix Logging Service;Qsonix Logging Service;d:\qsonix\Qsonix.Logging.WindowsService.exe [2011-09-05 7168]
    R3 Qsonix Update Service;Qsonix Update Service;d:\qsonix\Qsonix.Update.WindowsService.exe [2011-09-05 7168]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011c\RpcAgentSrv.exe [2009-08-11 93848]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Test Authentication Service;Test Authentication Service;c:\projects\test\AuthenticationService.root\AuthenticationService\bin\Debug\AuthenticationService.exe [2011-08-30 6656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2011-09-21 509704]
    R3 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2011-09-21 245760]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-04-02 71960]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-16 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-23 1906576]
    R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-23 3246040]
    R4 DMS;Acronis Disk Management Service;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [2010-10-23 4632864]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-23 1263200]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-18 283200]
    S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-04 389968]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-07-18 1174824]
    S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-09 87368]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-18 2079520]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-12-07 66560]
    S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-18 82416]
    S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-13 138600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-05-19 127488]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
    S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
    S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
    S2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2012-06-13 101376]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
    S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-19 181248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-04-29 73000]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-06-01 250984]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-31 15360]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000Core.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-389776879-4036487157-181669944-1000UA.job
    - c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 20:56]
    .
    2012-08-18 c:\windows\Tasks\SyncBack Backup.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2012-05-10 22:42]
    .
    .
     
  17. kgamble

    kgamble TS Rookie Topic Starter

    Log continues...




    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-07-03 22:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
    @="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
    [HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
    @="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
    [HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
    @="{FF529703-3398-4c98-B88D-13F784CB10A2}"
    [HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
    @="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
    [HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
    @="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
    [HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
    2011-03-01 19:02 293184 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-30 11545192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Playlist - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
    IE: Beam to - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - {BE8D0059-D24D-4919-B76F-99F4A2203647} {BE8D0059-D24D-4919-B76F-99F4A2203647} - {be8d0059-d24d-4919-b76f-99f4a2203647}\inprocserver32 does not exist!
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: componentone.com\download
    Trusted Zone: dyndns-home.com\gamble
    Trusted Zone: infragistics.com\xamples
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sharepoint.com\wikip
    Trusted Zone: sharepoint.com\wikip-admin
    Trusted Zone: sharepoint.com\wikip-my
    Trusted Zone: wdc.com\support
    TCP: DhcpNameServer = 10.10.10.1
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://gamble.dyndns-home.com:8085/codebase/DVM_IPCam2.ocx
    FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\kkrod09l.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    --
    "ImagePath"="\"d:\qsonix\Qsonix.Logging.WindowsService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Qsonix Service: PlayerControlService]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:ba,0d,bf,06,60,03,28,ae,2a,c2,26,c5,45,06,3d,bb,4a,b8,4d,f3,5b,
    e4,4e,d4,5a,13,08,8f,c7,06,ef,10,2c,8d,a5,85,ac,f9,c9,9b,2b,e3,f8,04,10,5e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\T*w*o*n*k*y*B*e*a*m*"!\Internet Explorer]
    "Path"="c:\\Program Files (x86)\\Twonky\\TwonkyBeam\\Internet Explorer"
    "Language"="1033"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-19 00:23:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-19 07:23
    ComboFix2.txt 2012-08-15 19:37
    .
    Pre-Run: 25,634,516,992 bytes free
    Post-Run: 25,637,355,520 bytes free
    .
    - - End Of File - - D36B209440BA9DD5CABE26EB66582F83
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it.
    • Copy and paste the contents in your next reply.
     
  19. kgamble

    kgamble TS Rookie Topic Starter

    Thanks. Completed...log follows:

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{ba14eb67-a942-9c02-70bf-a75cd1cfb655}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Cool! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran CCleaner
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  21. kgamble

    kgamble TS Rookie Topic Starter

    Thank you so much for all your help. My system seems to be running fine. I have completed these tasks:

    Cleaned System Restore
    Ran OTC
    Ran CCleaner
    Ran Security Check

    Security Check log follows:

    Results of screen317's Security Check version 0.99.46
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spyder3Elite
    iSpy
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java(TM) SE Development Kit 6 Update 31
    Visual Studio Extensions for Windows Library for JavaScript
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X 10.1.0 Adobe Reader out of Date!
    Mozilla Firefox (14.0.1)
    Google Chrome 21.0.1180.77
    Google Chrome 21.0.1180.79
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
    Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Topic marked solved. √
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...