TechSpot

Sirefef removal help please

By Nefs1234
Jul 1, 2012
  1. My system is running Windows 7, 64 bit. The system shuts down shortly after booting up. MSE showed Sirefef detected before the system shuts down.

    Looking at the numerous recent Sirefef threads I went ahead and downloaded FRST64 to flash drive, booted into recovery mode command prompt and ran FRST64.
    Here is the log. (If I'm jumping ahead incorrectly, sorry, just let me know what to do)
    -------------
    Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 01-07-2012 15:28:16
    Running from O:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-06-03] (Realtek Semiconductor)
    HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [61256 2010-01-20] (Alienware Corporation)
    HKLM\...\Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto [167736 2010-01-20] (Alienware Corp.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
    HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [241789 2009-04-09] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-29] (cyberlink)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
    HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955000 2012-04-27] (Acronis)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)
    HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Administrator\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [108136 2012-03-25] (Siber Systems)
    HKU\Administrator\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Administrator\...\Run: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [43880 2012-03-15] (Fidelity Investments)
    HKU\Administrator\...\Run: [PTIM.exe] C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [405816 2011-06-09] (Cisco WebEx LLC)
    HKU\Administrator\...\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="3" [368440 2011-06-28] (Cisco WebEx LLC)
    HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-06-25] (Google Inc.)
    HKU\Administrator\...\Run: [Google Update] "C:\Users\buck\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-25] (Google Inc.)
    HKU\Administrator\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
    HKU\Administrator\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17344176 2012-06-05] (Skype Technologies S.A.)
    HKU\buck\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\buck\...\Run: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [43880 2012-03-15] (Fidelity Investments)
    HKU\buck\...\Run: [PTIM.exe] C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [405816 2011-06-09] (Cisco WebEx LLC)
    HKU\buck\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-06-25] (Google Inc.)
    HKU\buck\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\buck\...\Run: [Google Update] "C:\Users\buck\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-25] (Google Inc.)
    HKU\buck\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
    HKU\buck\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-23] (BitTorrent, Inc.)
    HKU\buck\...\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
    HKU\buck\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon" [39816 2011-10-10] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\buck\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\buck\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\buck\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [108136 2012-03-25] (Siber Systems)
    HKU\buck\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163568 2012-06-13] (Google)
    HKU\buck\...\Run: [Spotify Web Helper] "C:\Users\buck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-22] ()
    HKU\buck\...\Run: [Spotify] "C:\Users\buck\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [9478320 2012-05-22] (Spotify Ltd)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\..\Interfaces\{A09109FF-31A8-4EAB-BEF3-507E1001D1E0}: [NameServer]24.234.0.71,24.234.0.7
    Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk
    ShortcutTarget: Evernote Clipper.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
    ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
    Startup: C:\Users\buck\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\buck\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
    ShortcutTarget: MLB.TV NexDef Plug-in.lnk -> (No File)
    Startup: C:\Users\buck\Start Menu\Programs\Startup\PS3 Media Server.lnk
    ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\PMS.exe (A. Brochard)
    Startup: C:\Users\Classic .NET AppPool\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\Classic .NET AppPool\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\DefaultAppPool\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\DefaultAppPool\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

    ==================== Services (Whitelisted) ======

    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1132824 2012-04-27] (Acronis)
    3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [69632 2011-09-16] (Adobe Systems)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-16] (Acronis)
    2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2010-11-20] (Microsoft Corporation)
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
    2 MCEBuddy; "C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe" [16384 2010-01-24] ()
    2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [4419952 2011-09-01] (MediaMall Technologies, Inc.)
    2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
    2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-06-17] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS2008R2; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS2008R2 [62111072 2011-06-17] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [62111072 2011-06-17] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2180960 2011-06-17] (Microsoft Corporation)
    4 SQLAgent$SQLEXPRESS2008R2; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS2008R2 [431456 2011-06-17] (Microsoft Corporation)
    3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [431456 2011-06-17] (Microsoft Corporation)
    2 syncagentsrv; "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5914912 2012-04-27] (Acronis)
    3 TVersityMediaServer; "C:\Users\buck\AppData\Local\TVersity\Media Server\MediaServer.exe" [884736 2010-07-25] ()
    2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe" [121392 2009-10-20] (VMware, Inc.)
    2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml" [22161 2010-08-04] ()
    2 VMwareServerWebAccess; "C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess [57344 2009-10-20] (Apache Software Foundation)
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    2 XTUService; "C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe" [30944 2009-07-27] (Intel Corporation)
    2 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]
    2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config" [x]
    3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [367200 2012-05-16] (Acronis)
    3 f5ipfw; \??\C:\Windows\system32\drivers\urfltv64.sys [18512 2010-06-14] (F5 Networks, Inc.)
    0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [137312 2012-05-16] (Acronis)
    3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
    3 hcw89; C:\Windows\System32\Drivers\hcw89.sys [1562624 2009-11-19] (Hauppauge Computer Works, Inc.)
    2 IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [27096 2009-07-09] (Intel Corporation)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
    3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [27304 2009-10-14] (MediaMall Technologies, Inc.)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    1 RsFx0151; C:\Windows\System32\Drivers\RsFx0151.sys [313696 2011-06-17] (Microsoft Corporation)
    0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
    0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
    0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
    3 smbusp; C:\Windows\System32\DRIVERS\intelsmb.sys [63616 2009-05-13] (Intel Corporation)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [320096 2012-05-16] (Acronis)
    0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [1294432 2012-05-16] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [994912 2012-05-16] (Acronis)
    3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [43600 2010-06-14] (F5 Networks, Inc.)
    0 vididr; C:\Windows\System32\Drivers\vididr.sys [211552 2012-05-16] (Acronis)
    0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [146528 2012-05-16] (Acronis)
    3 VSPerfDrv90; \??\C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [71024 2007-09-04] (Microsoft Corporation)
    2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-15] (CyberLink Corp.)
    3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [x]
    3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [x]
    1 RsFx0152; C:\Windows\System32\DRIVERS\RsFx0152.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    (rest of log in the next post)
     
  2. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    (rest of FRST64 log)

    ============ One Month Created Files and Folders ==============

    2012-07-01 16:49 - 2012-07-01 16:49 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{D9C10AAE-85EF-44AA-BE68-2BEA205E893B}
    2012-07-01 16:49 - 2012-07-01 16:49 - 00000000 ____D C:\Users\buck\Local Settings\{D9C10AAE-85EF-44AA-BE68-2BEA205E893B}
    2012-07-01 16:49 - 2012-07-01 16:49 - 00000000 ____D C:\Users\buck\AppData\Local\{D9C10AAE-85EF-44AA-BE68-2BEA205E893B}
    2012-07-01 15:28 - 2012-07-01 15:28 - 00000000 ____D C:\FRST
    2012-07-01 09:33 - 2012-07-01 09:33 - 03007284 ____A C:\KasperskyRescueDisk10_D.txt
    2012-07-01 01:14 - 2012-07-01 01:14 - 00000047 ____A C:\.directory
    2012-06-30 18:13 - 2012-06-30 18:13 - 00005523 ____A C:\KasperskyRescueDisk10_C.txt
    2012-06-27 12:14 - 2012-06-27 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5EF04266DFD52D7
    2012-06-27 12:07 - 2012-06-27 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.864950B9BBE5707E
    2012-06-27 12:03 - 2012-06-27 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB91AC186182114B
    2012-06-27 11:55 - 2012-06-27 11:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACABBDC66AADC39D
    2012-06-27 11:50 - 2012-06-27 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D51C88327E62B4C
    2012-06-27 11:46 - 2012-06-27 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98A7C04DAAB1F568
    2012-06-27 11:38 - 2012-06-27 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A16D00161D8A2598
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD}
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{195AFB04-C157-456B-9090-DBF712F4F9E6}
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\Local Settings\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD}
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\Local Settings\{195AFB04-C157-456B-9090-DBF712F4F9E6}
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\AppData\Local\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD}
    2012-06-27 11:36 - 2012-06-27 11:36 - 00000000 ____D C:\Users\buck\AppData\Local\{195AFB04-C157-456B-9090-DBF712F4F9E6}
    2012-06-27 11:31 - 2012-06-27 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.490458F6E2C54E6D
    2012-06-27 10:16 - 2012-06-27 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.997BE821CB5236FD
    2012-06-27 10:09 - 2012-06-27 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40C45DB29D2F0AE8
    2012-06-27 09:01 - 2012-06-27 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0606FE6F603FBB7E
    2012-06-27 08:53 - 2012-06-27 08:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91C1C62E901634AF
    2012-06-27 08:45 - 2012-06-27 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2031C7169C78BB3C
    2012-06-27 08:40 - 2012-06-27 08:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3157C26367A4F03E
    2012-06-27 08:35 - 2012-06-27 08:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-27 08:35 - 2012-06-27 08:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{3B019084-8DDA-4A48-ABC6-88DA0A64969D}
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{1DD4E96E-9970-4E31-8C06-AE1403832A65}
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\Local Settings\{3B019084-8DDA-4A48-ABC6-88DA0A64969D}
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\Local Settings\{1DD4E96E-9970-4E31-8C06-AE1403832A65}
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\AppData\Local\{3B019084-8DDA-4A48-ABC6-88DA0A64969D}
    2012-06-26 21:41 - 2012-06-26 21:41 - 00000000 ____D C:\Users\buck\AppData\Local\{1DD4E96E-9970-4E31-8C06-AE1403832A65}
    2012-06-26 09:40 - 2012-06-26 09:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{DBA0FC09-D54B-4E6F-9859-333011957B97}
    2012-06-26 09:40 - 2012-06-26 09:41 - 00000000 ____D C:\Users\buck\Local Settings\{DBA0FC09-D54B-4E6F-9859-333011957B97}
    2012-06-26 09:40 - 2012-06-26 09:41 - 00000000 ____D C:\Users\buck\AppData\Local\{DBA0FC09-D54B-4E6F-9859-333011957B97}
    2012-06-26 09:40 - 2012-06-26 09:40 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{9E0D01AC-CC2C-42C8-BC88-D299234A44C5}
    2012-06-26 09:40 - 2012-06-26 09:40 - 00000000 ____D C:\Users\buck\Local Settings\{9E0D01AC-CC2C-42C8-BC88-D299234A44C5}
    2012-06-26 09:40 - 2012-06-26 09:40 - 00000000 ____D C:\Users\buck\AppData\Local\{9E0D01AC-CC2C-42C8-BC88-D299234A44C5}
    2012-06-26 08:36 - 2012-06-26 08:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-26 08:36 - 2012-06-26 08:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-06-25 21:40 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{F3831C8C-2F72-4E73-BE92-08BB76709258}
    2012-06-25 21:40 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\Local Settings\{F3831C8C-2F72-4E73-BE92-08BB76709258}
    2012-06-25 21:40 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\AppData\Local\{F3831C8C-2F72-4E73-BE92-08BB76709258}
    2012-06-25 09:39 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{9CE3610D-E264-4F99-9B6F-C5B90D86829D}
    2012-06-25 09:39 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\Local Settings\{9CE3610D-E264-4F99-9B6F-C5B90D86829D}
    2012-06-25 09:39 - 2012-06-25 21:40 - 00000000 ____D C:\Users\buck\AppData\Local\{9CE3610D-E264-4F99-9B6F-C5B90D86829D}
    2012-06-25 09:39 - 2012-06-25 09:39 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{A366F3D4-65FE-4655-93F0-86EB47309B28}
    2012-06-25 09:39 - 2012-06-25 09:39 - 00000000 ____D C:\Users\buck\Local Settings\{A366F3D4-65FE-4655-93F0-86EB47309B28}
    2012-06-25 09:39 - 2012-06-25 09:39 - 00000000 ____D C:\Users\buck\AppData\Local\{A366F3D4-65FE-4655-93F0-86EB47309B28}
    2012-06-24 00:06 - 2012-06-24 00:07 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{9B5ACD62-AE69-42EA-A8C5-46615C42A79F}
    2012-06-24 00:06 - 2012-06-24 00:07 - 00000000 ____D C:\Users\buck\Local Settings\{9B5ACD62-AE69-42EA-A8C5-46615C42A79F}
    2012-06-24 00:06 - 2012-06-24 00:07 - 00000000 ____D C:\Users\buck\AppData\Local\{9B5ACD62-AE69-42EA-A8C5-46615C42A79F}
    2012-06-24 00:06 - 2012-06-24 00:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{F6C42234-50A2-4871-9400-C4C9DB594C74}
    2012-06-24 00:06 - 2012-06-24 00:06 - 00000000 ____D C:\Users\buck\Local Settings\{F6C42234-50A2-4871-9400-C4C9DB594C74}
    2012-06-24 00:06 - 2012-06-24 00:06 - 00000000 ____D C:\Users\buck\AppData\Local\{F6C42234-50A2-4871-9400-C4C9DB594C74}
    2012-06-23 12:12 - 2012-06-23 12:12 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{C5EBB131-A927-4C18-BEA6-1C1406B9FD26}
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{2B78583C-54F4-4475-8C56-2B3DE0BBC0B4}
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\Local Settings\{C5EBB131-A927-4C18-BEA6-1C1406B9FD26}
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\Local Settings\{2B78583C-54F4-4475-8C56-2B3DE0BBC0B4}
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\AppData\Local\{C5EBB131-A927-4C18-BEA6-1C1406B9FD26}
    2012-06-23 12:06 - 2012-06-23 12:06 - 00000000 ____D C:\Users\buck\AppData\Local\{2B78583C-54F4-4475-8C56-2B3DE0BBC0B4}
    2012-06-22 20:59 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{D63D4467-EB21-497E-964B-35BE5DD0B819}
    2012-06-22 20:59 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\Local Settings\{D63D4467-EB21-497E-964B-35BE5DD0B819}
    2012-06-22 20:59 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\AppData\Local\{D63D4467-EB21-497E-964B-35BE5DD0B819}
    2012-06-22 20:58 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{647D932F-426C-45B6-840D-0F39734C975D}
    2012-06-22 20:58 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\Local Settings\{647D932F-426C-45B6-840D-0F39734C975D}
    2012-06-22 20:58 - 2012-06-22 20:59 - 00000000 ____D C:\Users\buck\AppData\Local\{647D932F-426C-45B6-840D-0F39734C975D}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{E7BF1E66-6997-48D0-8470-FB97B143A76E}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{0C9BE8CD-54AD-492B-82DE-1C18F0B3D247}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\Local Settings\{E7BF1E66-6997-48D0-8470-FB97B143A76E}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\Local Settings\{0C9BE8CD-54AD-492B-82DE-1C18F0B3D247}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\AppData\Local\{E7BF1E66-6997-48D0-8470-FB97B143A76E}
    2012-06-22 08:58 - 2012-06-22 08:58 - 00000000 ____D C:\Users\buck\AppData\Local\{0C9BE8CD-54AD-492B-82DE-1C18F0B3D247}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{BA19C136-EE00-45A5-8A63-CB141D570778}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{7562B8DF-5FED-46F3-A5EF-31EEF335479A}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\Local Settings\{BA19C136-EE00-45A5-8A63-CB141D570778}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\Local Settings\{7562B8DF-5FED-46F3-A5EF-31EEF335479A}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\AppData\Local\{BA19C136-EE00-45A5-8A63-CB141D570778}
    2012-06-21 20:41 - 2012-06-21 20:41 - 00000000 ____D C:\Users\buck\AppData\Local\{7562B8DF-5FED-46F3-A5EF-31EEF335479A}
    2012-06-21 08:42 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 08:42 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 08:42 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 08:42 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 08:42 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 08:42 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 08:42 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 08:42 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 08:42 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{91151682-C74B-4D5E-8A69-47D7D61B047E}
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{53EFF38C-7B31-4CFD-8DF0-CE331D5B7146}
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\Local Settings\{91151682-C74B-4D5E-8A69-47D7D61B047E}
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\Local Settings\{53EFF38C-7B31-4CFD-8DF0-CE331D5B7146}
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\AppData\Local\{91151682-C74B-4D5E-8A69-47D7D61B047E}
    2012-06-21 08:41 - 2012-06-21 08:41 - 00000000 ____D C:\Users\buck\AppData\Local\{53EFF38C-7B31-4CFD-8DF0-CE331D5B7146}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{9E306DF7-1E2F-47B7-8B6C-C09CFA8F9493}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{1B72C576-5D23-4D1F-9E98-B43BD4B4C2DB}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\Local Settings\{9E306DF7-1E2F-47B7-8B6C-C09CFA8F9493}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\Local Settings\{1B72C576-5D23-4D1F-9E98-B43BD4B4C2DB}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\AppData\Local\{9E306DF7-1E2F-47B7-8B6C-C09CFA8F9493}
    2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\buck\AppData\Local\{1B72C576-5D23-4D1F-9E98-B43BD4B4C2DB}
    2012-06-19 12:06 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{46AFA0A1-82D0-42FB-962E-E19BDB9EFC76}
    2012-06-19 12:06 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\Local Settings\{46AFA0A1-82D0-42FB-962E-E19BDB9EFC76}
    2012-06-19 12:06 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\AppData\Local\{46AFA0A1-82D0-42FB-962E-E19BDB9EFC76}
    2012-06-19 12:05 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{3C2C5D87-21F3-49B8-A701-EC5F7DD83DD5}
    2012-06-19 12:05 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\Local Settings\{3C2C5D87-21F3-49B8-A701-EC5F7DD83DD5}
    2012-06-19 12:05 - 2012-06-19 12:06 - 00000000 ____D C:\Users\buck\AppData\Local\{3C2C5D87-21F3-49B8-A701-EC5F7DD83DD5}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{7CBD0B4A-9B91-4A59-8D86-A0D1136014C8}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{001B419A-2B27-4E1F-8AC2-193026403319}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\Local Settings\{7CBD0B4A-9B91-4A59-8D86-A0D1136014C8}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\Local Settings\{001B419A-2B27-4E1F-8AC2-193026403319}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\AppData\Local\{7CBD0B4A-9B91-4A59-8D86-A0D1136014C8}
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Users\buck\AppData\Local\{001B419A-2B27-4E1F-8AC2-193026403319}
    2012-06-18 12:04 - 2012-06-18 12:05 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{A5D1D2A8-75E1-4C26-B09E-25B0428FD2D1}
    2012-06-18 12:04 - 2012-06-18 12:05 - 00000000 ____D C:\Users\buck\Local Settings\{A5D1D2A8-75E1-4C26-B09E-25B0428FD2D1}
    2012-06-18 12:04 - 2012-06-18 12:05 - 00000000 ____D C:\Users\buck\AppData\Local\{A5D1D2A8-75E1-4C26-B09E-25B0428FD2D1}
    2012-06-18 00:04 - 2012-06-18 00:04 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{7C224A3F-042C-4F89-B4E5-B2AA18E1B927}
    2012-06-18 00:04 - 2012-06-18 00:04 - 00000000 ____D C:\Users\buck\Local Settings\{7C224A3F-042C-4F89-B4E5-B2AA18E1B927}
    2012-06-18 00:04 - 2012-06-18 00:04 - 00000000 ____D C:\Users\buck\AppData\Local\{7C224A3F-042C-4F89-B4E5-B2AA18E1B927}
    2012-06-17 12:04 - 2012-06-17 12:04 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{3506B5BC-2BAD-428A-811F-5B0B4F021C1F}
    2012-06-17 12:04 - 2012-06-17 12:04 - 00000000 ____D C:\Users\buck\Local Settings\{3506B5BC-2BAD-428A-811F-5B0B4F021C1F}
    2012-06-17 12:04 - 2012-06-17 12:04 - 00000000 ____D C:\Users\buck\AppData\Local\{3506B5BC-2BAD-428A-811F-5B0B4F021C1F}
    2012-06-17 00:03 - 2012-06-17 00:04 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{30CBB957-2F26-426A-9829-9184E50CD783}
    2012-06-17 00:03 - 2012-06-17 00:04 - 00000000 ____D C:\Users\buck\Local Settings\{30CBB957-2F26-426A-9829-9184E50CD783}
    2012-06-17 00:03 - 2012-06-17 00:04 - 00000000 ____D C:\Users\buck\AppData\Local\{30CBB957-2F26-426A-9829-9184E50CD783}
    2012-06-16 12:03 - 2012-06-16 12:03 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{B52859E5-56ED-4144-B4EB-2699D8E857FA}
    2012-06-16 12:03 - 2012-06-16 12:03 - 00000000 ____D C:\Users\buck\Local Settings\{B52859E5-56ED-4144-B4EB-2699D8E857FA}
    2012-06-16 12:03 - 2012-06-16 12:03 - 00000000 ____D C:\Users\buck\AppData\Local\{B52859E5-56ED-4144-B4EB-2699D8E857FA}
    2012-06-15 20:52 - 2012-06-15 20:52 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{5C926100-52AA-4A98-81B3-DE0DF878C36E}
    2012-06-15 20:52 - 2012-06-15 20:52 - 00000000 ____D C:\Users\buck\Local Settings\{5C926100-52AA-4A98-81B3-DE0DF878C36E}
    2012-06-15 20:52 - 2012-06-15 20:52 - 00000000 ____D C:\Users\buck\AppData\Local\{5C926100-52AA-4A98-81B3-DE0DF878C36E}
    2012-06-15 08:52 - 2012-06-15 08:52 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{721D4990-4EA7-4C20-93A0-E6046E30E072}
    2012-06-15 08:52 - 2012-06-15 08:52 - 00000000 ____D C:\Users\buck\Local Settings\{721D4990-4EA7-4C20-93A0-E6046E30E072}
    2012-06-15 08:52 - 2012-06-15 08:52 - 00000000 ____D C:\Users\buck\AppData\Local\{721D4990-4EA7-4C20-93A0-E6046E30E072}
    2012-06-14 20:51 - 2012-06-14 20:51 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{EE68A639-DED3-4C69-AF7B-907DC141CC33}
    2012-06-14 20:51 - 2012-06-14 20:51 - 00000000 ____D C:\Users\buck\Local Settings\{EE68A639-DED3-4C69-AF7B-907DC141CC33}
    2012-06-14 20:51 - 2012-06-14 20:51 - 00000000 ____D C:\Users\buck\AppData\Local\{EE68A639-DED3-4C69-AF7B-907DC141CC33}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{F6D1BDD7-C285-4A56-97EF-41929741C222}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{6EE93C17-AD03-46E4-B645-C08DE96A1B35}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\Local Settings\{F6D1BDD7-C285-4A56-97EF-41929741C222}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\Local Settings\{6EE93C17-AD03-46E4-B645-C08DE96A1B35}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\AppData\Local\{F6D1BDD7-C285-4A56-97EF-41929741C222}
    2012-06-14 08:51 - 2012-06-14 08:51 - 00000000 ____D C:\Users\buck\AppData\Local\{6EE93C17-AD03-46E4-B645-C08DE96A1B35}
    2012-06-14 08:21 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 08:21 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 08:21 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 08:21 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 08:21 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 08:21 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 08:21 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 08:21 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 08:21 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 08:21 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 08:21 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 08:21 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 08:21 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 08:21 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 08:21 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 08:21 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 08:21 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 08:21 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 08:21 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 08:21 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 08:21 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 08:21 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 08:21 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 08:21 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 08:21 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 08:21 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 08:21 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 08:21 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 22:29 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 22:29 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 22:29 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 22:29 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 22:29 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 22:29 - 2012-04-28 00:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 22:29 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 22:29 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 22:29 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 22:29 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 22:29 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 22:29 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 22:29 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 22:29 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 22:29 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 22:29 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 22:29 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 22:29 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 20:50 - 2012-06-13 20:51 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{853EA8D0-D35A-41AC-ABA7-E2778C230BB6}
    2012-06-13 20:50 - 2012-06-13 20:51 - 00000000 ____D C:\Users\buck\Local Settings\{853EA8D0-D35A-41AC-ABA7-E2778C230BB6}
    2012-06-13 20:50 - 2012-06-13 20:51 - 00000000 ____D C:\Users\buck\AppData\Local\{853EA8D0-D35A-41AC-ABA7-E2778C230BB6}
    2012-06-13 20:50 - 2012-06-13 20:50 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{87FEB6D0-0C4D-4A83-8925-B59F37757BCE}
    2012-06-13 20:50 - 2012-06-13 20:50 - 00000000 ____D C:\Users\buck\Local Settings\{87FEB6D0-0C4D-4A83-8925-B59F37757BCE}
    2012-06-13 20:50 - 2012-06-13 20:50 - 00000000 ____D C:\Users\buck\AppData\Local\{87FEB6D0-0C4D-4A83-8925-B59F37757BCE}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{25B032B8-2542-4BBB-AA2E-B902CC9FE338}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{1E9232D0-477D-480A-9896-24FE895490D6}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\Local Settings\{25B032B8-2542-4BBB-AA2E-B902CC9FE338}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\Local Settings\{1E9232D0-477D-480A-9896-24FE895490D6}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\AppData\Local\{25B032B8-2542-4BBB-AA2E-B902CC9FE338}
    2012-06-13 08:50 - 2012-06-13 08:50 - 00000000 ____D C:\Users\buck\AppData\Local\{1E9232D0-477D-480A-9896-24FE895490D6}
    2012-06-12 20:49 - 2012-06-12 20:50 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{24BB4953-6AF7-4F1C-B108-667F5E1E3E0E}
    2012-06-12 20:49 - 2012-06-12 20:50 - 00000000 ____D C:\Users\buck\Local Settings\{24BB4953-6AF7-4F1C-B108-667F5E1E3E0E}
    2012-06-12 20:49 - 2012-06-12 20:50 - 00000000 ____D C:\Users\buck\AppData\Local\{24BB4953-6AF7-4F1C-B108-667F5E1E3E0E}
    2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{6F9C3395-354E-4358-B9E9-6002E169DE8D}
    2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\buck\Local Settings\{6F9C3395-354E-4358-B9E9-6002E169DE8D}
    2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\buck\AppData\Local\{6F9C3395-354E-4358-B9E9-6002E169DE8D}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{225D60B4-8A04-422D-9C2C-CE4324858CA3}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{19FD366B-9439-4BDB-821A-AF9A07539307}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\Local Settings\{225D60B4-8A04-422D-9C2C-CE4324858CA3}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\Local Settings\{19FD366B-9439-4BDB-821A-AF9A07539307}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\AppData\Local\{225D60B4-8A04-422D-9C2C-CE4324858CA3}
    2012-06-12 08:49 - 2012-06-12 08:49 - 00000000 ____D C:\Users\buck\AppData\Local\{19FD366B-9439-4BDB-821A-AF9A07539307}
    2012-06-11 20:19 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{971C1551-94C8-47F2-9742-5CA4AD33007B}
    2012-06-11 20:19 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\Local Settings\{971C1551-94C8-47F2-9742-5CA4AD33007B}
    2012-06-11 20:19 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\AppData\Local\{971C1551-94C8-47F2-9742-5CA4AD33007B}
    2012-06-11 20:18 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{FB9D14A0-4E92-463D-B971-357B1486BE19}
    2012-06-11 20:18 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\Local Settings\{FB9D14A0-4E92-463D-B971-357B1486BE19}
    2012-06-11 20:18 - 2012-06-11 20:19 - 00000000 ____D C:\Users\buck\AppData\Local\{FB9D14A0-4E92-463D-B971-357B1486BE19}
    2012-06-11 08:41 - 2012-06-11 08:41 - 00000000 ____D C:\Users\buck\Local Settings\Macromedia
    2012-06-11 08:41 - 2012-06-11 08:41 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\Macromedia
    2012-06-11 08:41 - 2012-06-11 08:41 - 00000000 ____D C:\Users\buck\AppData\Local\Macromedia
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{F153F86C-3916-4606-9B64-0948621C9E03}
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{CE7B7F7E-5018-4BA6-8A6D-FA1B5A6BD343}
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\Local Settings\{F153F86C-3916-4606-9B64-0948621C9E03}
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\Local Settings\{CE7B7F7E-5018-4BA6-8A6D-FA1B5A6BD343}
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\AppData\Local\{F153F86C-3916-4606-9B64-0948621C9E03}
    2012-06-11 08:18 - 2012-06-11 08:18 - 00000000 ____D C:\Users\buck\AppData\Local\{CE7B7F7E-5018-4BA6-8A6D-FA1B5A6BD343}
    2012-06-10 17:17 - 2012-06-10 17:18 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{44C9E583-2EF5-4039-AA39-5386C0EB0421}
    2012-06-10 17:17 - 2012-06-10 17:18 - 00000000 ____D C:\Users\buck\Local Settings\{44C9E583-2EF5-4039-AA39-5386C0EB0421}
    2012-06-10 17:17 - 2012-06-10 17:18 - 00000000 ____D C:\Users\buck\AppData\Local\{44C9E583-2EF5-4039-AA39-5386C0EB0421}
    2012-06-10 17:16 - 2012-06-10 17:17 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{4DC952DE-5ABE-4761-A2ED-8AFC71337F06}
    2012-06-10 17:16 - 2012-06-10 17:17 - 00000000 ____D C:\Users\buck\Local Settings\{4DC952DE-5ABE-4761-A2ED-8AFC71337F06}
    2012-06-10 17:16 - 2012-06-10 17:17 - 00000000 ____D C:\Users\buck\AppData\Local\{4DC952DE-5ABE-4761-A2ED-8AFC71337F06}
    2012-06-02 14:36 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{5D67CD77-88C2-487F-B31F-3FAEF2218F70}
    2012-06-02 14:36 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\Local Settings\{5D67CD77-88C2-487F-B31F-3FAEF2218F70}
    2012-06-02 14:36 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\AppData\Local\{5D67CD77-88C2-487F-B31F-3FAEF2218F70}
    2012-06-02 14:35 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{A467CF58-F5A9-4ACD-84D7-BE8CA1DCFCC7}
    2012-06-02 14:35 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\Local Settings\{A467CF58-F5A9-4ACD-84D7-BE8CA1DCFCC7}
    2012-06-02 14:35 - 2012-06-02 14:36 - 00000000 ____D C:\Users\buck\AppData\Local\{A467CF58-F5A9-4ACD-84D7-BE8CA1DCFCC7}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{39B6E763-4B33-4530-BA90-D2CB07AAFD27}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{10F5E9AE-D141-4533-ACC7-1EB7F4C184B4}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\Local Settings\{39B6E763-4B33-4530-BA90-D2CB07AAFD27}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\Local Settings\{10F5E9AE-D141-4533-ACC7-1EB7F4C184B4}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\AppData\Local\{39B6E763-4B33-4530-BA90-D2CB07AAFD27}
    2012-06-01 20:53 - 2012-06-01 20:53 - 00000000 ____D C:\Users\buck\AppData\Local\{10F5E9AE-D141-4533-ACC7-1EB7F4C184B4}
    2012-06-01 08:52 - 2012-06-01 08:53 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{62713C24-8A41-4161-B6AC-D2E6332F2A0D}
    2012-06-01 08:52 - 2012-06-01 08:53 - 00000000 ____D C:\Users\buck\Local Settings\{62713C24-8A41-4161-B6AC-D2E6332F2A0D}
    2012-06-01 08:52 - 2012-06-01 08:53 - 00000000 ____D C:\Users\buck\AppData\Local\{62713C24-8A41-4161-B6AC-D2E6332F2A0D}
    2012-06-01 08:52 - 2012-06-01 08:52 - 00000000 ____D C:\Users\buck\Local Settings\Application Data\{0D59C4B5-AA40-497D-9A3B-07F70C159FE9}
    2012-06-01 08:52 - 2012-06-01 08:52 - 00000000 ____D C:\Users\buck\Local Settings\{0D59C4B5-AA40-497D-9A3B-07F70C159FE9}
    2012-06-01 08:52 - 2012-06-01 08:52 - 00000000 ____D C:\Users\buck\AppData\Local\{0D59C4B5-AA40-497D-9A3B-07F70C159FE9}

    ============ 3 Months Modified Files ========================

    2012-07-01 16:47 - 2010-04-25 14:59 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-01 16:46 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-01 16:46 - 2009-07-13 23:51 - 00076841 ____A C:\Windows\setupact.log
    2012-07-01 09:33 - 2012-07-01 09:33 - 03007284 ____A C:\KasperskyRescueDisk10_D.txt
    2012-07-01 01:14 - 2012-07-01 01:14 - 00000047 ____A C:\.directory
    2012-06-30 18:13 - 2012-06-30 18:13 - 00005523 ____A C:\KasperskyRescueDisk10_C.txt
    2012-06-30 18:09 - 2009-07-13 18:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-27 12:14 - 2012-06-27 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5EF04266DFD52D7
    2012-06-27 12:07 - 2012-06-27 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.864950B9BBE5707E
    2012-06-27 12:03 - 2012-06-27 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB91AC186182114B
    2012-06-27 11:58 - 2010-04-25 14:59 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-27 11:55 - 2012-06-27 11:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACABBDC66AADC39D
    2012-06-27 11:50 - 2012-06-27 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D51C88327E62B4C
    2012-06-27 11:46 - 2012-06-27 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98A7C04DAAB1F568
    2012-06-27 11:38 - 2012-06-27 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A16D00161D8A2598
    2012-06-27 11:38 - 2009-07-14 00:10 - 01184404 ____A C:\Windows\WindowsUpdate.log
    2012-06-27 11:31 - 2012-06-27 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.490458F6E2C54E6D
    2012-06-27 10:16 - 2012-06-27 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.997BE821CB5236FD
    2012-06-27 10:10 - 2010-05-15 22:16 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004UA.job
    2012-06-27 10:09 - 2012-06-27 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40C45DB29D2F0AE8
    2012-06-27 09:01 - 2012-06-27 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0606FE6F603FBB7E
    2012-06-27 08:53 - 2012-06-27 08:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91C1C62E901634AF
    2012-06-27 08:45 - 2012-06-27 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2031C7169C78BB3C
    2012-06-27 08:40 - 2012-06-27 08:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3157C26367A4F03E
    2012-06-27 08:36 - 2010-12-17 10:23 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-27 08:35 - 2010-03-27 10:45 - 01267908 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-27 08:33 - 2009-07-13 23:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 08:33 - 2009-07-13 23:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 00:03 - 2012-04-01 08:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-26 18:10 - 2010-05-15 22:16 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004Core.job
    2012-06-24 01:00 - 2012-03-16 09:48 - 00327680 ____A C:\Windows\System32\Ikeext.etl
    2012-06-22 20:03 - 2012-04-01 08:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-22 20:03 - 2011-12-07 13:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-14 08:40 - 2009-07-13 23:45 - 00421296 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 08:31 - 2009-07-14 00:13 - 01268192 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-14 08:27 - 2010-03-27 10:15 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 17:19 - 2012-06-21 08:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-21 08:42 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-21 08:42 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 17:19 - 2012-06-21 08:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-21 08:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-21 08:42 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:15 - 2012-06-21 08:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-21 08:42 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 17:15 - 2012-06-21 08:42 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-18 09:22 - 2010-03-24 03:26 - 00125850 ____A C:\Windows\PFRO.log
    2012-05-17 21:47 - 2012-06-14 08:21 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 21:16 - 2012-06-14 08:21 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 21:06 - 2012-06-14 08:21 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 20:59 - 2012-06-14 08:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 20:59 - 2012-06-14 08:21 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 20:58 - 2012-06-14 08:21 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 20:58 - 2012-06-14 08:21 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 20:56 - 2012-06-14 08:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 20:55 - 2012-06-14 08:21 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 20:55 - 2012-06-14 08:21 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 20:54 - 2012-06-14 08:21 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 20:51 - 2012-06-14 08:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 20:51 - 2012-06-14 08:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 20:47 - 2012-06-14 08:21 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 18:11 - 2012-06-14 08:21 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 17:48 - 2012-06-14 08:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 17:45 - 2012-06-14 08:21 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 17:36 - 2012-06-14 08:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 17:35 - 2012-06-14 08:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 17:35 - 2012-06-14 08:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 17:33 - 2012-06-14 08:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 17:31 - 2012-06-14 08:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 17:29 - 2012-06-14 08:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 17:29 - 2012-06-14 08:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 17:27 - 2012-06-14 08:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 17:25 - 2012-06-14 08:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 17:24 - 2012-06-14 08:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 17:20 - 2012-06-14 08:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 10:11 - 2012-05-16 10:11 - 01294432 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
    2012-05-16 10:11 - 2012-05-16 10:11 - 00367200 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00994912 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00320096 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00211552 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00146528 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00137312 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
    2012-05-16 10:10 - 2012-05-16 10:10 - 00001141 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
    2012-05-16 10:10 - 2012-05-16 10:10 - 00001141 ____A C:\Users\All Users\Desktop\Acronis True Image Home 2012.lnk
    2012-05-14 20:32 - 2012-06-13 22:29 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 16:00 - 2010-03-26 18:16 - 00111712 ____A C:\Users\buck\Local Settings\GDIPFONTCACHEV1.DAT
    2012-05-14 16:00 - 2010-03-26 18:16 - 00111712 ____A C:\Users\buck\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-05-14 16:00 - 2010-03-26 18:16 - 00111712 ____A C:\Users\buck\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-04 06:06 - 2012-06-13 22:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 05:03 - 2012-06-13 22:29 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 05:03 - 2012-06-13 22:29 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 18:48 - 2012-05-02 18:48 - 00002278 ____A C:\Users\Public\Desktop\Fidelity Active Trader Pro.lnk
    2012-05-02 18:48 - 2012-05-02 18:48 - 00002278 ____A C:\Users\All Users\Desktop\Fidelity Active Trader Pro.lnk
    2012-05-02 18:48 - 2011-05-02 11:57 - 00002825 ____A C:\Users\Public\Desktop\Fidelity Active Trader Pro Beta..lnk
    2012-05-02 18:48 - 2011-05-02 11:57 - 00002825 ____A C:\Users\All Users\Desktop\Fidelity Active Trader Pro Beta..lnk
    2012-05-01 00:40 - 2012-06-13 22:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 00:32 - 2012-06-13 22:29 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 22:55 - 2012-06-13 22:29 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 00:41 - 2012-06-13 22:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 00:41 - 2012-06-13 22:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 00:34 - 2012-06-13 22:29 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 00:37 - 2012-06-13 22:29 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 00:37 - 2012-06-13 22:29 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 00:37 - 2012-06-13 22:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 23:36 - 2012-06-13 22:29 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 23:36 - 2012-06-13 22:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 23:36 - 2012-06-13 22:29 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-07 07:31 - 2012-06-13 22:29 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 06:26 - 2012-06-13 22:29 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 18:04 - 2012-04-06 18:04 - 00295888 ____A C:\Windows\Minidump\040612-70824-01.dmp
    2012-04-06 18:03 - 2010-09-01 08:47 - 1434708982 ____A C:\Windows\MEMORY.DMP


    ZeroAccess:
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670}
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670}\@
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670}\L
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670}\U
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670}\U\800000cb.@

    ZeroAccess:
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670}
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670}\@
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670}\L
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670}\U
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 12278.99 MB
    Available physical RAM: 11170.83 MB
    Total Pagefile: 12277.14 MB
    Available Pagefile: 11175.76 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:457.5 GB) (Free:146.82 GB) NTFS
    2 Drive d: (DATAPART1) (Fixed) (Total:1397.26 GB) (Free:207.46 GB) NTFS
    3 Drive e: (OS_4618.01) (CDROM) (Total:3.68 GB) (Free:0 GB) UDF
    5 Drive g: (RECOVERY) (Fixed) (Total:8.22 GB) (Free:3.71 GB) NTFS
    13 Drive o: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT
    14 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 1397 GB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 No Media 0 B 0 B
    Disk 8 Online 1953 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 8 GB 40 MB
    Partition 3 Primary 457 GB 8 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 13 FAT Partition 39 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G RECOVERY NTFS Partition 8 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C OS NTFS Partition 457 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 D DATAPART1 NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 8:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1952 MB 122 KB

    ==================================================================================

    Disk: 8
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 12 O FAT Removable 1952 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-18 09:20

    ======================= End Of Log ==========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  4. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-01 16:09:36
    Running from O:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2012-06-30 18:09] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4

    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  6. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Fixlog.txt (will post each thing requested as I get them)

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-01 16:52:37 Run:1
    Running from O:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg Value deleted successfully.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.B5EF04266DFD52D7 moved successfully.
    C:\Windows\System32\services.exe.864950B9BBE5707E moved successfully.
    C:\Windows\System32\services.exe.FB91AC186182114B moved successfully.
    C:\Windows\System32\services.exe.ACABBDC66AADC39D moved successfully.
    C:\Windows\System32\services.exe.5D51C88327E62B4C moved successfully.
    C:\Windows\System32\services.exe.98A7C04DAAB1F568 moved successfully.
    C:\Windows\System32\services.exe.A16D00161D8A2598 moved successfully.
    C:\Users\buck\Local Settings\Application Data\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD} moved successfully.
    C:\Users\buck\Local Settings\Application Data\{195AFB04-C157-456B-9090-DBF712F4F9E6} moved successfully.
    C:\Users\buck\Local Settings\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD} not found.
    C:\Users\buck\Local Settings\{195AFB04-C157-456B-9090-DBF712F4F9E6} not found.
    C:\Users\buck\AppData\Local\{694F344D-2EE8-49E1-A6F8-589A7EB6A2DD} not found.
    C:\Users\buck\AppData\Local\{195AFB04-C157-456B-9090-DBF712F4F9E6} not found.
    C:\Windows\System32\services.exe.490458F6E2C54E6D moved successfully.
    C:\Windows\System32\services.exe.997BE821CB5236FD moved successfully.
    C:\Windows\System32\services.exe.40C45DB29D2F0AE8 moved successfully.
    C:\Windows\System32\services.exe.0606FE6F603FBB7E moved successfully.
    C:\Windows\System32\services.exe.91C1C62E901634AF moved successfully.
    C:\Windows\System32\services.exe.2031C7169C78BB3C moved successfully.
    C:\Windows\System32\services.exe.3157C26367A4F03E moved successfully.
    C:\Windows\Installer\{be5a5012-e7f5-e837-2b75-5482e5663670} moved successfully.
    C:\Users\buck\AppData\Local\{be5a5012-e7f5-e837-2b75-5482e5663670} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  7. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    ComboFix has run and the log is posted below.
    One note. ComboFix was running and I stepped away for a few minutes. When I came back the system was rebooting. When it rebooted the ComboFix window came up again automatically and finished what it was doing and created the log. I'm not sure if that is normal or if I missed something when I stepped away so I thought I'd mention it.

    Microsoft Security Essentials re-enabled after running ComboFix.

    Awaiting instructions for what is next.


    ComboFix.txt log :

    ComboFix 12-07-01.03 - buck 07/01/2012 17:08:42.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7970 [GMT -7:00]
    Running from: d:\buck\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\buck\AppData\Local\assembly\tmp
    c:\users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\install_flash_player_10_active_x.msi
    c:\users\buck\AppData\Local\Temp\_MEI48522\_ctypes.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\_elementtree.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\_hashlib.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\_socket.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\_ssl.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\pyexpat.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\pysqlite2._sqlite.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\python26.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\pythoncom26.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\PyWinTypes26.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\select.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\unicodedata.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32api.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32com.shell.shell.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32crypt.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32event.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32file.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32inet.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32pdh.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\win32process.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\windows._cacheinvalidation.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._controls_.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._core_.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._gdi_.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._html2.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._misc_.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._windows_.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wx._wizard.pyd
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxbase293u_net_vc.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxbase293u_vc.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxmsw293u_adv_vc.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxmsw293u_core_vc.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxmsw293u_html_vc.dll
    c:\users\buck\AppData\Local\Temp\_MEI48522\wxmsw293u_webview_vc.dll
    c:\users\buck\AppData\Local\Temp\jna4424918703589581325.dll
    c:\users\buck\AppData\Roaming\inst.exe
    c:\users\buck\g2mdlhlpx.exe
    c:\users\Classic .NET AppPool\AppData\Local\assembly\tmp
    c:\users\Default\AppData\Local\assembly\tmp
    c:\users\DefaultAppPool\AppData\Local\assembly\tmp
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    C:\x.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-02 00:25 . 2012-07-02 00:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C4ABCEC-473A-4B99-B640-3FD5DBCC5AF8}\offreg.dll
    2012-07-02 00:22 . 2012-07-02 00:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-07-02 00:22 . 2012-07-02 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-01 20:28 . 2012-07-01 20:28 -------- d-----w- C:\FRST
    2012-06-27 13:36 . 2012-06-27 13:36 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6512086-DD0A-4D40-ABAF-528784A606C7}\gapaengine.dll
    2012-06-27 13:36 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C4ABCEC-473A-4B99-B640-3FD5DBCC5AF8}\mpengine.dll
    2012-06-27 13:35 . 2012-06-27 13:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-27 13:35 . 2012-06-27 13:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-26 13:36 . 2012-06-26 13:36 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-06-26 13:36 . 2012-06-26 13:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-06-23 17:12 . 2012-06-23 17:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-21 13:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 13:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 13:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 13:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 13:42 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 13:42 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 13:42 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 13:42 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 13:42 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 18:53 . 2012-06-19 18:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-17 13:56 . 2012-06-17 13:56 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-17 13:56 . 2012-06-17 13:56 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-14 03:29 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-11 13:41 . 2012-06-11 13:41 -------- d-----w- c:\users\buck\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 17:56 . 2010-04-12 23:22 2496608 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-06-23 01:03 . 2012-04-01 13:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 01:03 . 2011-12-07 18:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-19 02:14 . 2012-05-19 02:14 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-16 15:11 . 2012-05-16 15:11 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2012-05-16 15:11 . 2012-05-16 15:11 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2012-05-16 15:10 . 2012-05-16 15:10 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-05-16 15:10 . 2012-05-16 15:10 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
    2012-05-16 15:10 . 2012-05-16 15:10 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
    2012-05-16 15:10 . 2012-05-16 15:10 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-05-16 15:10 . 2012-05-16 15:10 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2011-11-03 22:34 . 2011-11-03 22:34 13571624 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "PxDotNetLoader"="c:\program files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-03-15 43880]
    "PTIM.exe"="c:\program files (x86)\WebEx\Productivity Tools\PTIM.exe" [2011-06-09 405816]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]
    "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-23 740216]
    "updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
    "GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-10-10 39816]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-25 108136]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-13 12163568]
    "Spotify Web Helper"="c:\users\buck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-22 932528]
    "Spotify"="c:\users\buck\AppData\Roaming\Spotify\spotify.exe" [2012-05-22 9478320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
    "Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000]
    "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "PxDotNetLoader"="c:\program files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-03-15 43880]
    "CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-11-3 13571624]
    Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-11-3 13571624]
    .
    c:\users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\buck\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    MLB.TV NexDef Plug-in.lnk - c:\users\buck\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
    PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2010-10-4 175757]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-9-16 25214]
    AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-4-18 117344]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
    Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-27 293950]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-24 1207312]
    WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2010-4-18 83456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 RsFx0152;RsFx0152 Driver;c:\windows\system32\DRIVERS\RsFx0152.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 136176]
    R2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 16384]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-24 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-24 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
    R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-06-14 18512]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 136176]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-16 82816]
    R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2010-01-12 217088]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 SQLAgent$SQLEXPRESS2008R2;SQL Server Agent (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-05-16 137312]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-16 211552]
    S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-05-16 146528]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-10 46392]
    S1 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/24 02:30];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 04:28 146928]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-06-03 92160]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-05-16 3459024]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
    S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
    S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-09-02 4419952]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]
    S2 MSSQL$SQLEXPRESS2008R2;SQL Server (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-10 240232]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-28 5914912]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-20 65072]
    S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
    S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
    S2 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
    S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-05-16 367200]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-06 35104]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
    S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2009-11-20 1562624]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
    S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-06-14 43600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:03]
    .
    2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 19:59]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 19:59]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004Core.job
    - c:\users\buck\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 19:59]
    .
    2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004UA.job
    - c:\users\buck\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 19:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\buck\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-13 23:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-13 23:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-13 23:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-13 23:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7833120]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-01-20 61256]
    "Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-01-20 167736]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://virtuallab.idscientific.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files (x86)\UAPick\UABtn.dll
    LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
    Trusted Zone: dev-alienware
    Trusted Zone: idscientific.com\virtuallab
    Trusted Zone: maximumcontrol.net\vpn
    TCP: Interfaces\{A09109FF-31A8-4EAB-BEF3-507E1001D1E0}: NameServer = 24.234.0.71,24.234.0.7
    DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab
    DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab
    DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab
    DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
    DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab
    FF - ProfilePath - c:\users\buck\AppData\Roaming\Mozilla\Firefox\Profiles\956i9uev.default\
    FF - prefs.js: browser.startup.homepage - resource:/browserconfig.properties
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
    c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE
    c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Server\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\windows\SysWOW64\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-01 17:34:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-02 00:34
    .
    Pre-Run: 159,340,687,360 bytes free
    Post-Run: 163,693,752,320 bytes free
    .
    - - End Of File - - 9B74070AAFD0DEEAE9A6C98B886790B1
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Combofix log looks good.

    Any current issues?

    ===========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    No current issues.
    Malwarebytes found nothing, here is the log. On to run OTL next

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.01.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    buck :: DEV-ALIENWARE [administrator]
    Protection: Enabled
    7/1/2012 7:30:25 PM
    mbam-log-2012-07-01 (19-30-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289931
    Time elapsed: 4 minute(s), 7 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  10. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    OTL.txt results (Part 1) :

    OTL logfile created on: 7/1/2012 7:39:15 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = D:\Buck\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 7.39 Gb Available Physical Memory | 61.63% Memory free
    23.98 Gb Paging File | 17.41 Gb Available in Paging File | 72.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.50 Gb Total Space | 151.41 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
    Drive D: | 1397.26 Gb Total Space | 208.40 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
    Drive E: | 3.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DEV-ALIENWARE | User Name: buck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 19:37:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Buck\Desktop\OTL.exe
    PRC - [2012/06/13 16:30:00 | 012,163,568 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\buck\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/22 16:55:51 | 000,932,528 | ---- | M] () -- C:\Users\buck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/05/16 08:11:31 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2012/04/27 19:10:38 | 001,171,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    PRC - [2012/04/27 19:04:16 | 000,403,112 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/30 14:41:46 | 001,858,152 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012/03/25 08:58:27 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/02/23 07:07:33 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/02/20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/10 06:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    PRC - [2011/10/10 11:08:33 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
    PRC - [2011/10/10 11:08:33 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
    PRC - [2011/10/10 11:08:33 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
    PRC - [2011/09/01 21:00:12 | 004,419,952 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
    PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/06/09 10:12:46 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
    PRC - [2011/06/09 10:12:45 | 000,405,816 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptim.exe
    PRC - [2011/03/16 10:25:58 | 015,502,336 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    PRC - [2011/01/25 18:35:28 | 000,964,096 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2010/10/29 13:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/03/29 18:28:20 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
    PRC - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    PRC - [2010/03/29 18:13:00 | 000,311,296 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
    PRC - [2010/03/19 14:03:26 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe
    PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2010/01/20 08:27:42 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    PRC - [2010/01/20 08:27:12 | 000,061,256 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2009/12/23 15:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/23 15:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/11/10 16:41:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/10/20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2009/10/20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2009/10/20 15:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
    PRC - [2009/10/20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
    PRC - [2009/10/20 14:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
    PRC - [2009/10/13 06:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/07/27 12:19:12 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2009/07/01 16:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2009/04/29 00:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2009/04/15 21:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/04/09 09:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/01 17:38:52 | 001,169,408 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._core_.pyd
    MOD - [2012/07/01 17:38:52 | 001,056,256 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._controls_.pyd
    MOD - [2012/07/01 17:38:52 | 001,018,368 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\windows._cacheinvalidation.pyd
    MOD - [2012/07/01 17:38:52 | 000,807,424 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._windows_.pyd
    MOD - [2012/07/01 17:38:52 | 000,792,576 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._gdi_.pyd
    MOD - [2012/07/01 17:38:52 | 000,731,136 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._misc_.pyd
    MOD - [2012/07/01 17:38:52 | 000,645,120 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\_ssl.pyd
    MOD - [2012/07/01 17:38:52 | 000,571,392 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\pysqlite2._sqlite.pyd
    MOD - [2012/07/01 17:38:52 | 000,354,304 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\pythoncom26.dll
    MOD - [2012/07/01 17:38:52 | 000,311,808 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\_hashlib.pyd
    MOD - [2012/07/01 17:38:52 | 000,263,168 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32com.shell.shell.pyd
    MOD - [2012/07/01 17:38:52 | 000,153,088 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\pyexpat.pyd
    MOD - [2012/07/01 17:38:52 | 000,121,856 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._wizard.pyd
    MOD - [2012/07/01 17:38:52 | 000,111,104 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32file.pyd
    MOD - [2012/07/01 17:38:52 | 000,110,592 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\pywintypes26.dll
    MOD - [2012/07/01 17:38:52 | 000,096,256 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32api.pyd
    MOD - [2012/07/01 17:38:52 | 000,086,016 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\_elementtree.pyd
    MOD - [2012/07/01 17:38:52 | 000,073,728 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\_ctypes.pyd
    MOD - [2012/07/01 17:38:52 | 000,070,656 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\wx._html2.pyd
    MOD - [2012/07/01 17:38:52 | 000,040,448 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\_socket.pyd
    MOD - [2012/07/01 17:38:52 | 000,039,424 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32inet.pyd
    MOD - [2012/07/01 17:38:52 | 000,036,352 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32process.pyd
    MOD - [2012/07/01 17:38:52 | 000,022,528 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32pdh.pyd
    MOD - [2012/07/01 17:38:52 | 000,017,920 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32event.pyd
    MOD - [2012/07/01 17:38:52 | 000,011,776 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\win32crypt.pyd
    MOD - [2012/07/01 17:38:50 | 000,585,728 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\unicodedata.pyd
    MOD - [2012/07/01 17:38:50 | 000,011,776 | ---- | M] () -- C:\Users\buck\AppData\Local\Temp\_MEI69882\select.pyd
    MOD - [2012/06/14 06:47:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 06:47:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 06:47:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 06:46:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 06:46:37 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/22 16:55:51 | 000,932,528 | ---- | M] () -- C:\Users\buck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012/05/15 07:39:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/15 07:20:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/15 07:18:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/15 07:18:20 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/15 07:17:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/15 07:17:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/15 07:17:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/15 07:17:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/15 07:17:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011/08/19 02:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll
    MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/16 10:25:58 | 015,502,336 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    MOD - [2011/03/16 10:25:58 | 000,159,744 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
    MOD - [2011/03/16 10:25:58 | 000,126,976 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\rt\bin\zip.dll
    MOD - [2011/03/16 10:25:58 | 000,069,632 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\rt\bin\java.dll
    MOD - [2011/03/16 10:25:58 | 000,020,480 | ---- | M] () -- C:\Users\buck\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
    MOD - [2011/01/25 18:13:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2011/01/25 18:13:26 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/10/29 13:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    MOD - [2010/10/29 13:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
    MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
    MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/04/30 15:16:59 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.87.0__bebb3c8816410241\LightFX.dll
    MOD - [2010/04/30 15:16:59 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll
    MOD - [2010/04/30 15:16:59 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
    MOD - [2010/04/30 15:16:59 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.87.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
    MOD - [2010/04/30 15:16:58 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.87.0__bebb3c8816410241\AlienwareAlienFXTools.dll
    MOD - [2010/04/30 15:16:57 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.87.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
    MOD - [2010/04/30 15:16:57 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.87.0__bebb3c8816410241\AlienLabsTools.dll
    MOD - [2010/04/30 15:16:57 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.87.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
    MOD - [2010/04/30 15:16:57 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
    MOD - [2010/04/30 15:16:57 | 000,036,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
    MOD - [2010/04/30 15:16:57 | 000,036,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
    MOD - [2010/04/30 15:16:57 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
    MOD - [2010/04/30 15:16:57 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
    MOD - [2010/04/30 15:16:57 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.87.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
    MOD - [2010/04/30 15:16:57 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.87.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
    MOD - [2010/04/30 15:16:57 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.87.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
    MOD - [2010/04/30 15:16:56 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.87.0__bebb3c8816410241\AlienFX.Communication.Core.dll
    MOD - [2010/04/30 15:16:56 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.87.0__bebb3c8816410241\AlienFX.Communication.dll
    MOD - [2010/03/29 18:28:10 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
    MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
    MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
    MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
    MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
    MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
    MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
    MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
    MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
    MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
    MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
    SRV:64bit: - [2010/01/24 10:59:30 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe -- (MCEBuddy)
    SRV:64bit: - [2009/10/27 12:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
    SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
    SRV:64bit: - [2009/07/01 16:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/06/03 16:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2012/06/22 18:03:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/17 06:56:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/16 08:11:31 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
    SRV - [2012/04/27 19:06:30 | 001,132,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/01 21:00:12 | 004,419,952 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
    SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/07/24 23:26:02 | 000,884,736 | ---- | M] () [On_Demand | Stopped] -- C:\Users\buck\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
    SRV - [2010/03/23 23:47:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/03/23 23:47:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2010/01/12 16:24:20 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
    SRV - [2009/12/23 15:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/11/10 16:41:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/10/20 15:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2009/10/20 15:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009/10/20 15:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2009/10/20 15:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009/10/20 14:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
    SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2009/10/13 06:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/07/27 12:19:12 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel(R)
    SRV - [2009/07/16 15:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/16 08:11:34 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2012/05/16 08:11:26 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2012/05/16 08:10:49 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/05/16 08:10:33 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2012/05/16 08:10:32 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67)
    DRV:64bit: - [2012/05/16 08:10:30 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/05/16 08:10:27 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
    DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 06:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 04:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/09/16 13:32:48 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/06/14 12:14:04 | 000,043,600 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
    DRV:64bit: - [2010/06/14 12:13:58 | 000,018,512 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
    DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/01/20 15:26:22 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/11/19 19:27:10 | 001,562,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
    DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2009/10/20 15:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2009/10/20 15:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2009/10/20 15:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2009/10/20 15:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2009/10/20 15:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2009/10/20 15:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
    DRV:64bit: - [2009/07/29 19:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
    DRV:64bit: - [2009/07/29 19:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
    DRV:64bit: - [2009/07/29 19:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/06 16:39:46 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/07/06 16:39:44 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/06 16:39:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/06 16:39:42 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/13 13:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)
    DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/09 08:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)
    DRV - [2009/04/15 21:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/24 02:30:29] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/news?vanilla=1
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 BA 9A 6F 6C FB C9 01 [binary data]
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes,DefaultScope = {A6FBFF8E-CA3F-4DDB-8988-5D36C61C1F71}
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{0DF4C149-769C-4C52-9379-1901FB5B6625}: "URL" = http://www.amazon.com/s?ie=UTF8&tag...=aps&link_code=qs&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{453FC0E8-5600-47E2-B2F9-DC4C9209CA3E}: "URL" = http://search.espn.go.com/results?searchString={searchTerms}&fromForm=true
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{A6FBFF8E-CA3F-4DDB-8988-5D36C61C1F71}: "URL" = http://www.google.com/search?q={sea...ncoding?}&oe={outputEncoding?}&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{B1010CE5-AA30-4BAE-9CBA-1858A56EBD04}: "URL" = http://www.pricegrabber.com/test/products.html/form_keyword={searchTerms}/st=query/sv=findit_top
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{E30CE2CD-6B46-4E62-9783-F96623971C03}: "URL" = http://www.youtube.com/results?search_query={searchTerms}
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\SearchScopes\{ECF6F5EA-F017-4BBD-A6DD-89EDC775CB77}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
  11. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    OTL.txt Part 2 of 3

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\buck\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\buck\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/12/14 11:16:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/25 09:01:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 06:56:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/10 10:25:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ocplugin@webex.com: C:\Program Files (x86)\WebEx\Productivity Tools\ [2011/08/19 16:08:50 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 06:56:57 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/10 10:25:14 | 000,000,000 | ---D | M]

    [2010/09/28 16:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Extensions
    [2010/09/28 16:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Extensions\Coder Preset
    [2010/09/28 16:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Extensions\MediaCoder
    [2010/09/28 16:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Extensions\MediaCoder-Benchmark
    [2010/09/28 16:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
    [2012/06/23 10:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\956i9uev.default\extensions
    [2010/06/30 10:04:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\956i9uev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/02/04 11:20:46 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\956i9uev.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2012/03/31 07:36:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\956i9uev.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/03 15:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\lneljwl2.default\extensions
    [2011/11/03 15:34:13 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\buck\AppData\Roaming\mozilla\Firefox\Profiles\lneljwl2.default\extensions\support@lastpass.com
    [2012/02/19 15:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/19 15:58:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/17 06:56:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/07/15 17:53:52 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
    [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/06/17 06:56:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/17 06:56:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\buck\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\buck\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\buck\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\buck\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: NPLastPass (Enabled) = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\nplastpass.dll
    CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Entanglement = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: YouTube = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: LastPass = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\
    CHR - Extension: LastPass = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\
    CHR - Extension: Skype Click to Call = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Poppit = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Gmail = C:\Users\buck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
  12. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    OTL.txt Part 3 of 3


    O1 HOSTS File: ([2012/07/01 17:27:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Set UA String (BHO)) - {3CE56DB6-FCBE-4422-9454-63C354178985} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\.DEFAULT..\Run: [PxDotNetLoader] C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-18..\Run: [PxDotNetLoader] C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [PTIM.exe] C:\Program Files (x86)\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [PxDotNetLoader] C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [Spotify] C:\Users\buck\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [Spotify Web Helper] C:\Users\buck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\buck\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\buck\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
    O4 - Startup: C:\Users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk = C:\Program Files (x86)\PS3 Media Server\PMS.exe (A. Brochard)
    O4 - Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
    O9 - Extra 'Tools' menuitem : Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
    O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: dev-alienware ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: idscientific.com ([virtuallab] https in Trusted sites)
    O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: maximumcontrol.net ([vpn] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} C:\Users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class)
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\buck\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
    O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} C:\Users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class)
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\buck\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\buck\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)
    O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} C:\Users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class)
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\buck\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} C:\Users\buck\AppData\Local\Temp\f5tmp\urTermProxy.cab (F5 Networks Static Application Tunnel Control)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\buck\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://idscientific.webex.com/client/T27LB/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\buck\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} C:\Users\buck\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6225FE4E-817D-494A-AAE2-A18DA888E1A0}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09109FF-31A8-4EAB-BEF3-507E1001D1E0}: NameServer = 24.234.0.71,24.234.0.7
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\x-atng - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/11 20:47:03 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 19:37:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Buck\Desktop\OTL.exe
    [2012/07/01 19:29:24 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Roaming\Malwarebytes
    [2012/07/01 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/01 19:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/01 19:29:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/01 19:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/01 19:26:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- D:\Buck\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/07/01 17:39:11 | 000,000,000 | R--D | C] -- C:\Users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
    [2012/07/01 17:27:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/01 17:05:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/01 17:05:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/01 17:05:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/01 17:05:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/01 17:05:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/01 17:05:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/01 17:02:18 | 004,568,829 | R--- | C] (Swearware) -- D:\Buck\Desktop\ComboFix.exe
    [2012/07/01 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{3D73366A-F751-423C-A823-8E6914DC9B5E}
    [2012/07/01 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{800320E1-D470-4C79-A256-E1A64F4422C8}
    [2012/07/01 14:49:27 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{D9C10AAE-85EF-44AA-BE68-2BEA205E893B}
    [2012/07/01 13:28:03 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/27 06:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/27 06:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/26 19:41:20 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{1DD4E96E-9970-4E31-8C06-AE1403832A65}
    [2012/06/26 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{3B019084-8DDA-4A48-ABC6-88DA0A64969D}
    [2012/06/26 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{DBA0FC09-D54B-4E6F-9859-333011957B97}
    [2012/06/26 07:40:44 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{9E0D01AC-CC2C-42C8-BC88-D299234A44C5}
    [2012/06/26 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/06/26 06:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/06/26 06:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/06/26 06:36:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/06/25 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{F3831C8C-2F72-4E73-BE92-08BB76709258}
    [2012/06/25 07:39:43 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{A366F3D4-65FE-4655-93F0-86EB47309B28}
    [2012/06/25 07:39:07 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{9CE3610D-E264-4F99-9B6F-C5B90D86829D}
    [2012/06/23 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{9B5ACD62-AE69-42EA-A8C5-46615C42A79F}
    [2012/06/23 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{F6C42234-50A2-4871-9400-C4C9DB594C74}
    [2012/06/23 10:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP2
    [2012/06/23 10:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
    [2012/06/23 10:12:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/23 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{2B78583C-54F4-4475-8C56-2B3DE0BBC0B4}
    [2012/06/23 10:06:18 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{C5EBB131-A927-4C18-BEA6-1C1406B9FD26}
    [2012/06/22 18:59:01 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{D63D4467-EB21-497E-964B-35BE5DD0B819}
    [2012/06/22 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{647D932F-426C-45B6-840D-0F39734C975D}
    [2012/06/22 06:58:33 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{0C9BE8CD-54AD-492B-82DE-1C18F0B3D247}
    [2012/06/22 06:58:21 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{E7BF1E66-6997-48D0-8470-FB97B143A76E}
    [2012/06/21 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{7562B8DF-5FED-46F3-A5EF-31EEF335479A}
    [2012/06/21 18:41:33 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{BA19C136-EE00-45A5-8A63-CB141D570778}
    [2012/06/21 06:41:14 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{91151682-C74B-4D5E-8A69-47D7D61B047E}
    [2012/06/21 06:41:02 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{53EFF38C-7B31-4CFD-8DF0-CE331D5B7146}
    [2012/06/19 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{9E306DF7-1E2F-47B7-8B6C-C09CFA8F9493}
    [2012/06/19 22:06:12 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{1B72C576-5D23-4D1F-9E98-B43BD4B4C2DB}
    [2012/06/19 11:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/06/19 11:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/06/19 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{46AFA0A1-82D0-42FB-962E-E19BDB9EFC76}
    [2012/06/19 10:05:49 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{3C2C5D87-21F3-49B8-A701-EC5F7DD83DD5}
    [2012/06/18 22:05:19 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{7CBD0B4A-9B91-4A59-8D86-A0D1136014C8}
    [2012/06/18 22:05:08 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{001B419A-2B27-4E1F-8AC2-193026403319}
    [2012/06/18 10:04:56 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{A5D1D2A8-75E1-4C26-B09E-25B0428FD2D1}
    [2012/06/17 22:04:32 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{7C224A3F-042C-4F89-B4E5-B2AA18E1B927}
    [2012/06/17 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{3506B5BC-2BAD-428A-811F-5B0B4F021C1F}
    [2012/06/16 22:03:56 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{30CBB957-2F26-426A-9829-9184E50CD783}
    [2012/06/16 10:03:44 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{B52859E5-56ED-4144-B4EB-2699D8E857FA}
    [2012/06/15 18:52:24 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{5C926100-52AA-4A98-81B3-DE0DF878C36E}
    [2012/06/15 06:52:12 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{721D4990-4EA7-4C20-93A0-E6046E30E072}
    [2012/06/14 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{EE68A639-DED3-4C69-AF7B-907DC141CC33}
    [2012/06/14 06:51:36 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{6EE93C17-AD03-46E4-B645-C08DE96A1B35}
    [2012/06/14 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{F6D1BDD7-C285-4A56-97EF-41929741C222}
    [2012/06/13 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{853EA8D0-D35A-41AC-ABA7-E2778C230BB6}
    [2012/06/13 18:50:46 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{87FEB6D0-0C4D-4A83-8925-B59F37757BCE}
    [2012/06/13 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{25B032B8-2542-4BBB-AA2E-B902CC9FE338}
    [2012/06/13 06:50:22 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{1E9232D0-477D-480A-9896-24FE895490D6}
    [2012/06/12 18:49:57 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{24BB4953-6AF7-4F1C-B108-667F5E1E3E0E}
    [2012/06/12 18:49:46 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{6F9C3395-354E-4358-B9E9-6002E169DE8D}
    [2012/06/12 06:49:29 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{19FD366B-9439-4BDB-821A-AF9A07539307}
    [2012/06/12 06:49:17 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{225D60B4-8A04-422D-9C2C-CE4324858CA3}
    [2012/06/11 18:19:05 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{971C1551-94C8-47F2-9742-5CA4AD33007B}
    [2012/06/11 18:18:54 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{FB9D14A0-4E92-463D-B971-357B1486BE19}
    [2012/06/11 06:41:48 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\Macromedia
    [2012/06/11 06:18:39 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{F153F86C-3916-4606-9B64-0948621C9E03}
    [2012/06/11 06:18:27 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{CE7B7F7E-5018-4BA6-8A6D-FA1B5A6BD343}
    [2012/06/10 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{44C9E583-2EF5-4039-AA39-5386C0EB0421}
    [2012/06/10 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{4DC952DE-5ABE-4761-A2ED-8AFC71337F06}
    [2012/06/02 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{5D67CD77-88C2-487F-B31F-3FAEF2218F70}
    [2012/06/02 12:35:49 | 000,000,000 | ---D | C] -- C:\Users\buck\AppData\Local\{A467CF58-F5A9-4ACD-84D7-BE8CA1DCFCC7}
    [2011/11/03 15:34:07 | 013,571,624 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
    [2010/09/16 13:32:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\buck\AppData\Roaming\pcouffin.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 19:37:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Buck\Desktop\OTL.exe
    [2012/07/01 19:29:20 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 19:26:46 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- D:\Buck\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/07/01 19:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004UA.job
    [2012/07/01 19:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/01 18:58:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/01 17:46:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 17:46:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 17:38:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/01 17:38:14 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/07/01 17:38:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/01 17:37:54 | 1066,651,646 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/01 17:36:58 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/07/01 17:36:58 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/07/01 17:36:58 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/07/01 17:27:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/01 17:02:23 | 004,568,829 | R--- | M] (Swearware) -- D:\Buck\Desktop\ComboFix.exe
    [2012/06/30 23:14:08 | 000,000,047 | ---- | M] () -- C:\.directory
    [2012/06/27 06:36:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/27 06:35:31 | 001,267,908 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/27 06:35:31 | 000,990,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/27 06:35:31 | 000,252,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/26 16:10:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651726694-1363144605-2224526261-1004Core.job
    [2012/06/15 06:21:49 | 000,001,057 | ---- | M] () -- C:\Users\buck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/06/15 06:21:42 | 000,000,937 | ---- | M] () -- D:\Buck\Desktop\Dropbox.lnk
    [2012/06/14 06:40:13 | 000,421,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/14 06:31:22 | 001,268,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/01 19:29:20 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 17:05:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/01 17:05:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/01 17:05:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/01 17:05:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/01 17:05:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/30 23:14:08 | 000,000,047 | ---- | C] () -- C:\.directory
    [2012/06/27 06:35:33 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/03/10 11:26:33 | 000,000,436 | RHS- | C] () -- C:\Users\buck\ntuser.pol
    [2011/11/20 12:29:22 | 000,000,965 | ---- | C] () -- C:\Users\buck\_viminfo
    [2011/10/16 08:44:48 | 000,038,417 | ---- | C] () -- C:\Users\buck\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2011/10/07 12:00:22 | 000,038,401 | ---- | C] () -- C:\Users\buck\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/09/13 10:29:37 | 000,000,012 | ---- | C] () -- C:\Users\buck\.javafx_ping_sent
    [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/01/04 15:34:34 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
    [2010/12/31 09:31:24 | 000,000,600 | ---- | C] () -- C:\Users\buck\AppData\Roaming\winscp.rnd
    [2010/09/16 13:32:48 | 000,007,859 | ---- | C] () -- C:\Users\buck\AppData\Roaming\pcouffin.cat
    [2010/09/16 13:32:48 | 000,001,167 | ---- | C] () -- C:\Users\buck\AppData\Roaming\pcouffin.inf
    [2010/08/16 16:08:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/07 13:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/07/07 12:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
    [2010/07/07 12:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
    [2010/07/07 12:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
    [2010/07/07 12:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
    [2010/07/07 12:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
    [2010/07/07 12:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
    [2010/06/14 07:22:11 | 000,025,600 | ---- | C] () -- C:\Users\buck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/21 15:49:55 | 000,007,615 | ---- | C] () -- C:\Users\buck\AppData\Local\resmon.resmoncfg

    ========== LOP Check ==========

    [2012/05/16 08:17:46 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Acronis
    [2010/09/28 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Broad Intelligence
    [2010/05/28 16:26:38 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\CocoonSoftware
    [2012/07/01 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Dropbox
    [2010/07/02 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\DVDFab
    [2010/04/15 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\EPSON
    [2011/04/13 08:48:11 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\FileZilla
    [2011/11/03 17:33:31 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\GoodSync
    [2012/03/10 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\HandBrake
    [2010/11/20 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\ImgBurn
    [2010/03/26 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\IrfanView
    [2010/10/19 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\JAM Software
    [2010/08/13 10:29:01 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\JGoodies
    [2010/06/10 14:15:42 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Leadertech
    [2011/07/05 12:54:33 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\LINQPad
    [2010/10/11 10:01:09 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Little Richie Software
    [2012/01/07 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\MusicNet
    [2010/03/28 10:56:52 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Notepad++
    [2011/08/12 15:30:37 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\NuGet
    [2012/02/26 05:59:05 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Octoshape
    [2010/12/17 07:37:24 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\PMS
    [2011/09/24 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\RoboForm
    [2010/03/26 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Scooter Software
    [2010/06/25 06:50:49 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Sinvise Systems
    [2010/05/30 08:02:34 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Smart Recorder
    [2012/07/01 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Spotify
    [2011/03/31 07:11:26 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2012/07/01 19:46:06 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\uTorrent
    [2010/09/16 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\Vso
    [2011/07/26 09:26:01 | 000,000,000 | ---D | M] -- C:\Users\buck\AppData\Roaming\WebEx
    [2012/03/23 06:37:12 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.metadatakMDItemWhereFroms
    @Alternate Data Stream - 72 bytes -> C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.quarantine
    @Alternate Data Stream - 70 bytes -> C:\Users\Public\Documents\ACTIVE-2012-20120118:com.apple.quarantine
    @Alternate Data Stream - 70 bytes -> C:\Users\Public\Documents\ACTIVE-2012-20120117:com.apple.quarantine
    @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
    < End of report >
     
  13. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Extras.txt Part 1

    OTL Extras logfile created on: 7/1/2012 7:39:15 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = D:\Buck\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 7.39 Gb Available Physical Memory | 61.63% Memory free
    23.98 Gb Paging File | 17.41 Gb Available in Paging File | 72.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.50 Gb Total Space | 151.41 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
    Drive D: | 1397.26 Gb Total Space | 208.40 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
    Drive E: | 3.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DEV-ALIENWARE | User Name: buck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\Users\buck\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\Users\buck\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0253071D-1E2F-4E0E-9B4F-219BA2463D85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A0D6B010-3AA3-405F-9A52-5F6CE8E6EAEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CA3057CE-4F90-42A7-8E05-4A81D01ECCA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{658D3587-6F7A-4879-9D8D-4BF3949E4D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{780878E4-78EF-436F-83CB-67A117055C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AB7FF6A4-2C70-4F28-83B3-50B1BB3A33A4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D23058AD-EACE-4102-856E-85B6FFB4D37C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{04BA3A6F-5BA6-4A99-9932-F39F3E0CC663}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "TCP Query User{3117B91A-2ADC-44AD-9326-01EA3A13C99D}C:\users\buck\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\buck\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{E08DD2DF-F7D4-44C8-96FF-854629A8B382}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{E371DE81-DF2A-4F2C-9BDD-6B5AB68C2B5A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{38FA1562-D8D4-4FF2-B06C-3669A88ACA5A}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "UDP Query User{5B60ECE5-E4F0-4E0A-9BD9-08B0B04BB220}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{B20C45B6-2459-4A4E-A320-6153672DF54D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{CB879ED1-ABD8-4E01-A0CE-53AE1ED0657B}C:\users\buck\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\buck\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1330309E-64D3-43F4-AA18-BC856182B5DB}" = SQL Server 2008 R2 SP1 BI Development Studio
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 SP1 Reporting Services
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
    "{312E8540-0799-45D5-A02E-DFB8FCA93CCA}" = SQL Server 2008 R2 SP1 BI Development Studio
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{4322C618-94E5-3EB0-8BA5-4675C4803C34}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
    "{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{578354FC-76F7-439C-B435-7171B4743ACE}" = Microsoft SQL Server 2008R2 Integration Services RTM Samples (x64)
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 SP1 Analysis Services
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
    "{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 SP1 Integration Services
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{962BAEA5-DE95-47B0-8D62-BC6DF8123C87}" = Microsoft SQL Server 2008 R2 Upgrade Advisor
    "{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9C9F93A3-7E30-439C-8BD8-78FF9D4BCAE9}" = Windows Azure SDK
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 SP1 Integration Services
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
    "{CEEC0AD1-588C-4DD1-AD56-839120A39B06}" = MCEBuddy
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL Rewrite Module 2
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 SP1 Analysis Services
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Drivers" = NVIDIA Drivers
    "SMBus" = Intel(R) SMBus
    "Vim 7.3" = Vim 7.3 (self-installing)
    "Windows Azure SDK" = Windows Azure SDK
     
  14. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Extras.txt Part 2 of 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{11ED2660-09E9-4618-8729-49C429A69CC6}" = XAML Power Toys
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34216904-3278-4417-BDF9-5A8DE79AC070}" = Exemplar Scan
    "{368B385B-0F7B-4E0E-B5BF-855D73B26937}" = Microsoft Expression Encoder 4 Pro
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{39970EE2-C8E3-3095-8B15-A7B99863527F}" = Visual C++ 2008 x64 Runtime - KB2465361 - (v9.0.30729.5570)
    "{39970EE2-C8E3-3095-8B15-A7B99863527F}.vc_x64runtime_30729_5570" = Visual C++ 2008 x64 Runtime - v9.0.30729.5570
    "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
    "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E421598-0E2D-4272-8734-3E2A0FF662EB}" = Deep Zoom Composer
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
    "{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
    "{4946979B-3624-3F97-997E-49F4CA0E3E90}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729.6161)
    "{4946979B-3624-3F97-997E-49F4CA0E3E90}.vc_i64runtime_30729_6161" = Visual C++ 2008 IA64 Runtime - v9.0.30729.6161
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{505c1460-fed0-4e9b-9bf8-ed5246cc62ca}" = Nero 9 Essentials
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
    "{6721AC10-3743-38F1-B178-C0EC6C9A4108}" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A1F4E2C-D10A-411B-A95C-EC6D38066DA7}" = WCF RIA Services V1.0 SP2
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
    "{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
    "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{779A19AC-A302-425D-B295-F12116C2D731}" = DGOControls
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{7DC3DE95-7B7D-47FD-9EF2-D0198FDC0C9E}" = WCF RIA Services Toolkit (April 2011)
    "{7FEDF49B-01B3-3E2B-9C41-3A6F9583A040}" = Visual C++ 2008 IA64 Runtime - KB2465361 - (v9.0.30729.5570)
    "{7FEDF49B-01B3-3E2B-9C41-3A6F9583A040}.vc_i64runtime_30729_5570" = Visual C++ 2008 IA64 Runtime - v9.0.30729.5570
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PRJPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PRJPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PRJPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PRJPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PRJPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{9476BEE5-5D91-402A-A434-6EBA126E2B03}" = XAML Power Toys 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{96FEADCE-241A-4CD6-ABF0-68610E4065AC}" = Microsoft ADO.NET Entity Framework 4.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}" = Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
    "{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}.vc_x86runtime_30729_5570" = Visual C++ 2008 x86 Runtime - v9.0.30729.5570
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
    "{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
    "{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}" = Microsoft SQL Server 2000 Sample Database Scripts
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
    "{AC8BED63-211C-45D0-A0FF-6FF02D0E29B3}" = PlayOn
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ACE984AB-A42F-409B-A295-4190F0079101}" = Windows Azure Tools for Microsoft Visual Studio 2010 1.3
    "{AD16D30B-1E73-4009-8DD2-ACC771C1D840}" = Fidelity Active Trader Pro®
    "{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B23606D5-CD40-4B89-97C3-4B5F70FFA768}" = WebEx Productivity Tools
    "{B28FC790-C93F-3A9C-A913-7E891487D1F1}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729.4148)
    "{B28FC790-C93F-3A9C-A913-7E891487D1F1}.vc_i64runtime_30729_4148" = Visual C++ 2008 IA64 Runtime - v9.0.30729.4148
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    "{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}" = Acronis True Image Home 2012
    "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible" = Acronis True Image Home 2012
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C182D467-6F0A-418A-8B38-788F376F7502}" = Windows Migration Assistant
    "{C55E7B0F-1363-499F-8608-4D9D33DAF305}" = Google Drive
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D25C502E-FF51-424C-8C38-8596FE47D0CD}" = Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
    "{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
    "{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161" = Visual C++ 2008 x64 Runtime - v9.0.30729.6161
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
    "{EAEDA25D-F718-4436-8413-85529758C205}" = Cisco WebEx Meeting Center for Firefox or Chrome
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.1
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9823E37-7E55-466f-893D-3E4168D55A46}" = SourceGear Vault Professional Client
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FC6B78BE-922F-45D4-9D47-D10C494658F6}" = TSConverter
    "{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AI RoboForm" = RoboForm 7-7-4 (All Users)
    "AudioCS" = Creative Audio Control Panel
    "BC2_is1" = Beyond Compare Version 2.5.3
    "Blend_3.0.1927.0" = Microsoft Expression Blend 3
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Design_6.0.1739.0" = Microsoft Expression Design 3
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "D-Link Powerline AV Utility" = D-Link Powerline AV Utility
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "DVDFab 7_is1" = DVDFab 7.0.9.2 (05/08/2010)
    "DVDFab 8 Qt_is1" = DVDFab 8.1.2.0 (15/09/2011) Qt
    "Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4 Pro
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "F5 Networks Client Components" = BIG-IP Edge Client Components (All Users)
    "Fiddler2" = Fiddler2
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "h3viewerXX_is1" = H3Viewer by http://www.Helpware.net
    "HandBrake" = HandBrake 0.9.5
    "Hauppauge WinTV 7" = Hauppauge WinTV 7
    "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
    "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
    "iCopy" = iCopy
    "iMesh" = iMesh
    "ImgBurn" = ImgBurn
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
    "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "IntelliJ IDEA Community Edition 10.5.2" = IntelliJ IDEA Community Edition 10.5.2
    "IrfanView" = IrfanView (remove only)
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MediaCoder x64" = MediaCoder x64 0.7.5.4740
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Microsoft Visual Studio Team System 2008 Development Edition - ENU" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PRJPROR" = Microsoft Project Professional 2010
    "OpenAL" = OpenAL
    "PS3 Media Server" = PS3 Media Server
    "Quotes Plus3.1" = Quotes Plus
    "Skeleton Pro 1.9" = JGoodies Skeleton Pro 1.9
    "Stock Picker Pro" = Stock Picker Pro
    "TreeSize Free_is1" = TreeSize Free V2.4
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.2
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "UAPick" = Bayden UAPick
    "uTorrent" = µTorrent
    "VISPROR" = Microsoft Office Visio Professional 2007
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 1.1.3
    "Web_3.0.3813.0" = Microsoft Expression Web 3
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1
    "winscp3_is1" = WinSCP 4.2.9
    "WZCLINE" = WinZip Command Line Support Add-On 3.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BoxLayoutDemo2" = BoxLayoutDemo2
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "GridLayoutDemo" = GridLayoutDemo
    "JGoodies Forms Demo" = JGoodies Forms Demo
    "JGoodies Looks Demo" = JGoodies Looks Demo
    "JoinMe" = join.me
    "LastPass" = LastPass (uninstall only)
    "QUICKMEDIACONVERTER" = QMC
    "Simple Table Demo Application" = Simple Table Demo Application
    "Skeleton" = Skeleton
    "Skeleton Pro" = Skeleton Pro
    "Spotify" = Spotify
    "SpringDemo1" = SpringDemo1
    "SpringDemo2" = SpringDemo2
    "SpringDemo3" = SpringDemo3
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2012 8:39:58 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32\Win 7 32.vmx

    Error - 7/1/2012 8:39:59 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32 - ALC1\Win 7 32.vmx


    Error - 7/1/2012 8:40:00 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32 - ALC2\Win 7 32.vmx


    Error - 7/1/2012 8:40:01 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32 - ALC3\Win 7 32.vmx


    Error - 7/1/2012 8:40:01 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32 - ALC4\Win 7 32.vmx


    Error - 7/1/2012 8:40:02 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Win 7 32 - ALC5\Win 7 32.vmx


    Error - 7/1/2012 8:40:03 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Virtual Machine\Virtual
    Machine.vmx

    Error - 7/1/2012 8:40:04 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\Linux Ubuntu 10 Desktop\Linux
    Ubuntu 10 Desktop.vmx

    Error - 7/1/2012 8:40:04 PM | Computer Name = Dev-Alienware | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: D:\Virtual Machines\XP 32\XP 32.vmx

    Error - 7/1/2012 9:00:11 PM | Computer Name = Dev-Alienware | Source = Windows Backup | ID = 4103
    Description =

    Error - 7/1/2012 9:55:19 PM | Computer Name = Dev-Alienware | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    [ Media Center Events ]
    Error - 5/19/2012 6:46:06 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 3:45:58 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/19/2012 7:49:40 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 4:49:33 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/19/2012 8:49:54 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 5:49:46 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 4:33:18 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 1:33:17 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/20/2012 9:47:13 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:46:26 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 9:56:01 AM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:56:01 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 9:31:42 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:30:49 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 9:33:04 AM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:33:04 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 9:02:34 PM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:02:24 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/23/2012 9:50:43 AM | Computer Name = Dev-Alienware | Source = MCUpdate | ID = 0
    Description = 6:50:43 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    [ OSession Events ]
    Error - 4/2/2010 1:03:08 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10396
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 8/26/2010 6:30:32 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 32723
    seconds with 1740 seconds of active time. This session ended with a crash.

    Error - 9/22/2010 8:00:33 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38506
    seconds with 2460 seconds of active time. This session ended with a crash.

    Error - 10/19/2010 10:59:38 AM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5393
    seconds with 1260 seconds of active time. This session ended with a crash.

    Error - 10/25/2010 7:14:58 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35022
    seconds with 1380 seconds of active time. This session ended with a crash.

    Error - 11/24/2010 3:47:40 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19269
    seconds with 1200 seconds of active time. This session ended with a crash.

    Error - 3/2/2011 1:24:27 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9513
    seconds with 1080 seconds of active time. This session ended with a crash.

    Error - 3/13/2011 10:58:44 AM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 217
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/16/2011 10:27:42 AM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3319
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 11/8/2011 2:43:59 PM | Computer Name = Dev-Alienware | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 210
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/1/2012 8:11:54 PM | Computer Name = Dev-Alienware | Source = WAS | ID = 5002
    Description =

    Error - 7/1/2012 8:17:16 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/1/2012 8:21:32 PM | Computer Name = Dev-Alienware | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/1/2012 8:22:37 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/1/2012 8:22:54 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 7/1/2012 8:26:12 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/1/2012 8:26:51 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RsFx0152

    Error - 7/1/2012 8:36:45 PM | Computer Name = Dev-Alienware | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.549.0 Update Source: %%859 Update Stage:
    %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024001e Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/1/2012 8:36:48 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 7/1/2012 8:39:39 PM | Computer Name = Dev-Alienware | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RsFx0152


    < End of report >
     
  15. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Still no issues.

    What's next ?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
      O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
      O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
      O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
      O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: dev-alienware ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: idscientific.com ([virtuallab] https in Trusted sites)
      O15 - HKU\S-1-5-21-1651726694-1363144605-2224526261-1004\..Trusted Domains: maximumcontrol.net ([vpn] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 98 bytes -> C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.metadata"kMDItemWhereFroms
      @Alternate Data Stream - 72 bytes -> C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.quarantine
      @Alternate Data Stream - 70 bytes -> C:\Users\Public\Documents\ACTIVE-2012-20120118:com.apple.quarantine
      @Alternate Data Stream - 70 bytes -> C:\Users\Public\Documents\ACTIVE-2012-20120117:com.apple.quarantine
      @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    OTL Custom scans/fixes output :
    (on to "Last Scans" next)


    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
    Registry key HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dev-alienware\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\idscientific.com\virtuallab\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1651726694-1363144605-2224526261-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\maximumcontrol.net\vpn\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Unable to delete ADS C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.metadata"kMDItemWhereFroms .
    ADS C:\Users\Public\Documents\All_paymentReport-18.xlsx:com.apple.quarantine deleted successfully.
    ADS C:\Users\Public\Documents\ACTIVE-2012-20120118:com.apple.quarantine deleted successfully.
    ADS C:\Users\Public\Documents\ACTIVE-2012-20120117:com.apple.quarantine deleted successfully.
    ADS C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->Flash cache emptied: 434 bytes

    User: All Users

    User: buck
    ->Temp folder emptied: 30923866 bytes
    ->Temporary Internet Files folder emptied: 785200028 bytes
    ->Java cache emptied: 10828808 bytes
    ->FireFox cache emptied: 1076869060 bytes
    ->Google Chrome cache emptied: 384967831 bytes
    ->Flash cache emptied: 88577 bytes

    User: Classic .NET AppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 101375 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 129769996 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 2,307.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: buck
    ->Java cache emptied: 0 bytes

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: buck
    ->Flash cache emptied: 0 bytes

    User: Classic .NET AppPool
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07012012_203251
    Files\Folders moved on Reboot...
    C:\Users\buck\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\buck\AppData\Local\Temp\~DF6BE45AF2FBE115BB.TMP not found!
    File\Folder C:\Users\buck\AppData\Local\Temp\~DF8008EE86FE1D2748.TMP not found!
    File\Folder C:\Users\buck\AppData\Local\Temp\~DFDBF136E7739262D4.TMP not found!
    File\Folder C:\Users\buck\AppData\Local\Temp\~DFE69CD0E6B06EB25E.TMP not found!
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTA1YTUQ\0[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTA1YTUQ\ads[5].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\0[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\0[2].htm moved successfully.
    File\Folder C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\bind[1].htm not found!
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\canvas[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\sirefef-removal-help-please[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TPRBHU0\frame[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0A1QF7\0[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0A1QF7\recentposts[1].htm moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_DEV-ALIENWARE$\4168 not found!
    PendingFileRenameOperations files...
    File C:\Users\buck\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\buck\AppData\Local\Temp\~DF6BE45AF2FBE115BB.TMP not found!
    File C:\Users\buck\AppData\Local\Temp\~DF8008EE86FE1D2748.TMP not found!
    File C:\Users\buck\AppData\Local\Temp\~DFDBF136E7739262D4.TMP not found!
    File C:\Users\buck\AppData\Local\Temp\~DFE69CD0E6B06EB25E.TMP not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTA1YTUQ\0[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTA1YTUQ\ads[5].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\0[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\0[2].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\bind[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\canvas[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DII9MADG\sirefef-removal-help-please[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TPRBHU0\frame[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0A1QF7\0[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0A1QF7\recentposts[1].htm not found!
    File C:\Windows\temp\hsperfdata_DEV-ALIENWARE$\4168 not found!
    Registry entries deleted on Reboot...
     
  18. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Security Check output:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Flash Player 11.3.300.262
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    MediaMall MediaMallServer.exe
    Alienware Command Center ThermalController.exe
    ``````````End of Log````````````
     
  19. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    FSS output

    Farbar Service Scanner Version: 01-07-2012
    Ran by buck (administrator) on 01-07-2012 at 20:59:48
    Running from "D:\Buck\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  20. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    TFC run
    ESET run, found and removed 1 threat
    Re-enabled virus scanning sw (MSE)

    ESET output :
    --------------------
    D:\Buck\Downloads\SoftonicDownloader_for_windows-live-messenger.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    -------------------

    What's next ?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    1. Java Updated (note, had to use Chrome, getting error with IE 9, think it was a website/IE issue)
    2. Old java removed

    =================
    1. OTL run to reset system restore to clean restore point, log posted below :

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: buck
    ->Temp folder emptied: 32738573 bytes
    ->Temporary Internet Files folder emptied: 54126262 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 125315734 bytes
    ->Google Chrome cache emptied: 8899816 bytes
    ->Flash cache emptied: 6190 bytes

    User: Classic .NET AppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 102468 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 211.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: buck
    ->Flash cache emptied: 0 bytes

    User: Classic .NET AppPool
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: buck
    ->Java cache emptied: 0 bytes

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07022012_181557
    Files\Folders moved on Reboot...
    C:\Users\buck\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[4].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[5].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[6].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\page2[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\partner[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\partner[2].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\recentposts[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\0[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\bizo_multi[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\fastbutton[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\page-2[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\0[3].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\like[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\like[2].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\net[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\ads[2].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\bind[1].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\frame[2].htm moved successfully.
    C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\sirefef-removal-help-please[2].htm moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_DEV-ALIENWARE$\1480 not found!
    C:\Windows\temp\JET6B11.tmp moved successfully.
    C:\Windows\temp\MpCmdRun.log moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\buck\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[4].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[5].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\billboard[6].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\page2[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\partner[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\partner[2].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKKBIOAW\recentposts[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\0[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\bizo_multi[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\fastbutton[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YRWB1GN\page-2[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\0[3].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\like[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\like[2].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FALTAF3\net[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\ads[2].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\bind[1].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\frame[2].htm not found!
    File C:\Users\buck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T2LNHVV\sirefef-removal-help-please[2].htm not found!
    File C:\Windows\temp\hsperfdata_DEV-ALIENWARE$\1480 not found!
    File C:\Windows\temp\JET6B11.tmp not found!
    File C:\Windows\temp\MpCmdRun.log not found!
    Registry entries deleted on Reboot...
    =============
    Now doing cleanup...
     
  23. Nefs1234

    Nefs1234 TS Rookie Topic Starter Posts: 18

    Cleanup complete.
    Everything running fantastic !
    Thanks so much for all the help
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...