TechSpot

Sirefef virus.... grrr

By Jonny
Aug 21, 2012
  1. I have a Windows 7 64-bit machine apparently infected With Sirefef..........here are my symptoms

    Windows Firewall disabled

    Windows Update service is missing (actually haven't been able to update for ages)

    It forces the reboot after giving an error message about a "critical failure" in Windows......than will stay up after 1st reboot.

    If I leave the system idle for 30mins I will come back to a system that has restarted....all power schemes are off btw

    MSE scan functions but real-time protection is disabled. When I remove the virus with MSE, it reappears after a reboot. Sometimes it forces the reboot after giving an apparently false error message about a "critical failure" in Windows. According to MSE scan, the machine is infected with Win64/Sirefef.B, Win64/Sirefef.Y

    Also for a couple of weeks, I have been hearing strange music on my computer and audio ads

    I am completely stumped :confused: .....Thank you ahead of time for the assistance and willingness to help...You guys are the BEST!!!:cool:

    Here are the logs

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.20.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    diehlj :: ELECTQA-01 [administrator]

    8/21/2012 10:47:52 AM
    mbam-log-2012-08-21 (10-47-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289376
    Time elapsed: 5 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    gmer.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-21 11:13:37
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\67081c7cc168f335.sys (*** hidden *** ) [BOOT] 67081c7cc168f335 <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@ImagePath \SystemRoot\System32\Drivers\67081c7cc168f335.sys
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@Group Boot Bus Extender
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@ErrorControl 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@Start 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@Tag 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\67081c7cc168f335@DisplayName 0i763f66bz.exe
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@ImagePath \SystemRoot\System32\Drivers\67081c7cc168f335.sys
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@Group Boot Bus Extender
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@ErrorControl 0
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@Start 0
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@Tag 1
    Reg HKLM\SYSTEM\ControlSet002\services\67081c7cc168f335@DisplayName 0i763f66bz.exe

    ---- EOF - GMER 1.0.15 ----
     
  2. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    DDS.TXT

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by diehlj at 11:14:14 on 2012-08-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9878 [GMT -5:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\crypserv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\hasplms.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe
    C:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Bandoo\Bandoo.exe
    c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Users\diehlj\Desktop\virus tools\gmer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEHelperShim.dll
    BHO: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - No File
    BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

    \companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Akamai NetSession Interface] "C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
    StartupFolder: C:\Users\diehlj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SUPERF~1.LNK - C:\Program Files

    (x86)\FSL\SuperFinder\SuperFinder.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
    IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion

    \companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

    \WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

    \Office14\ONBttnIE.dll
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

    \Office14\ONBttnIELinkedNotes.dll
    LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?

    1305579442341
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/beje2/popcaploader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.16.2 66.43.215.1
    TCP: Interfaces\{9CDD4592-4A82-490A-B27F-C237CB14A24F} : DhcpNameServer = 192.168.16.2 66.43.215.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
    Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
    AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
    LSA: Authentication Packages = msv1_0 wvauth
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - No File
    BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

    \Windows Live\WindowsLiveLogin.dll
    BHO-X64: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    BHO-X64: SBCONVERT - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live

    \Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
    BHO-X64: Bandoo IE Plugin - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs

    \cpn1\YTSingleInstance.dll
    BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
    BHO-X64: GrabberObj Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar

    \tbcore3.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\diehlj\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\diehlj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
    FF - plugin: C:\Users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
    R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
    R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
    R2 MSSQL$MTCSOFTWARE;SQL Server (MTCSOFTWARE);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn

    \sqlservr.exe [2010-4-3 61913952]
    R2 MTCSqlJobService;MTC Sql Job Service;C:\Program Files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe [2011-8-16 33280]
    R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:

    \PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys

    [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    [2010-1-9 4925184]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-

    4-6 250056]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler

    \DTSCoordinatorService.exe [2012-1-20 89160]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-5-13 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-5-13 8456]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

    \FNPLicensingService64.exe [2011-12-6 1431888]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-19 114144]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation

    \binCFW\StandAloneSlv.exe [2011-9-28 109624]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat

    \WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$MTCSOFTWARE;SQL Server Agent (MTCSOFTWARE);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE

    \MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
    S4 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-12-6 2169592]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
     
  3. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    =============== Created Last 30 ================
    .
    2012-08-21 15:36:59 328704 ----a-w- C:\Windows\System32\services.exe.AE4A0D66CE1347CF
    2012-08-21 13:16:57 328704 ----a-w- C:\Windows\System32\services.exe.14C1CEB3F2D8EF49
    2012-08-21 12:09:45 328704 ----a-w- C:\Windows\System32\services.exe.EE3554E591C6E466
    2012-08-21 11:45:02 328704 ----a-w- C:\Windows\System32\services.exe.287F213DB3FAF903
    2012-08-21 11:22:47 -------- d-----w- C:\Windows\pss
    2012-08-20 19:19:21 328704 ----a-w- C:\Windows\System32\services.exe.F6A40C9FB085F34D
    2012-08-20 18:52:57 328704 ----a-w- C:\Windows\System32\services.exe.DC9BDFFDBCDF5569
    2012-08-20 14:17:48 328704 ----a-w- C:\Windows\System32\services.exe.B772D3007852BFDE
    2012-08-20 12:11:09 328704 ----a-w- C:\Windows\System32\services.exe.81AB8BCDB1352E61
    2012-08-20 12:11:00 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B47BCAD8-8D42-4C5D-A019-

    FBFEFA240673}\offreg.dll
    2012-08-20 12:09:56 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B47BCAD8-8D42-4C5D-A019-

    FBFEFA240673}\mpengine.dll
    2012-08-20 11:57:56 328704 ----a-w- C:\Windows\System32\services.exe.CB0D792C2639B3E9
    2012-08-16 16:57:36 328704 ----a-w- C:\Windows\System32\services.exe.56EEBE8006BFDBD1
    2012-08-16 11:43:16 328704 ----a-w- C:\Windows\System32\services.exe.34A0039CC3699DF8
    2012-08-15 11:32:25 328704 ----a-w- C:\Windows\System32\services.exe.A987DDA0D0AA20EB
    2012-08-15 11:13:50 328704 ----a-w- C:\Windows\System32\services.exe.FC908693256E15A6
    2012-08-14 11:03:49 328704 ----a-w- C:\Windows\System32\services.exe.21436C9A9766D35E
    2012-08-13 15:31:38 328704 ----a-w- C:\Windows\System32\services.exe.786E726CCC81ED8B
    2012-08-13 11:44:27 328704 ----a-w- C:\Windows\System32\services.exe.79FA8368E1176211
    2012-08-13 11:31:15 328704 ----a-w- C:\Windows\System32\services.exe.8E55C186A98A2C25
    2012-08-13 11:25:04 328704 ----a-w- C:\Windows\System32\services.exe.87B73C1C34EE663A
    2012-08-13 11:22:57 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-13 11:10:55 328704 ----a-w- C:\Windows\System32\services.exe.57BEE3C6F4F8AD24
    2012-08-10 17:10:31 328704 ----a-w- C:\Windows\System32\services.exe.CF51961F165EF7F7
    2012-08-10 14:50:54 -------- d-----w- C:\Users\diehlj\AppData\Local\{670EDA38-A963-47FB-917E-F31A99F1E8EF}
    2012-08-10 11:16:16 328704 ----a-w- C:\Windows\System32\services.exe.31B1C96AD34B1A76
    2012-08-10 10:42:44 328704 ----a-w- C:\Windows\System32\services.exe.70CED8CCAFDBCECD
    2012-08-10 10:09:10 328704 ----a-w- C:\Windows\System32\services.exe.5FEF27F4C13AE263
    2012-08-10 09:35:39 328704 ----a-w- C:\Windows\System32\services.exe.96BB268E2ED68ABF
    2012-08-10 09:02:10 328704 ----a-w- C:\Windows\System32\services.exe.56292A63575A4350
    2012-08-10 08:28:33 328704 ----a-w- C:\Windows\System32\services.exe.04637CDFFB62159D
    2012-08-10 07:43:05 328704 ----a-w- C:\Windows\System32\services.exe.C1A56F662F3F63B3
    2012-08-10 07:09:36 328704 ----a-w- C:\Windows\System32\services.exe.7D67129C2EF508CB
    2012-08-10 06:36:06 328704 ----a-w- C:\Windows\System32\services.exe.CC1194FFB84EB0BC
    2012-08-10 05:50:44 328704 ----a-w- C:\Windows\System32\services.exe.3BDE7D6B77715709
    2012-08-10 05:17:34 328704 ----a-w- C:\Windows\System32\services.exe.EA3A8D5F99E3EA12
    2012-08-10 04:44:20 328704 ----a-w- C:\Windows\System32\services.exe.B86E18D06E8B3E04
    2012-08-10 04:10:39 328704 ----a-w- C:\Windows\System32\services.exe.CF96E371FB843CFB
    2012-08-10 03:37:10 328704 ----a-w- C:\Windows\System32\services.exe.0779D54F59CA6BC8
    2012-08-10 03:03:43 328704 ----a-w- C:\Windows\System32\services.exe.773F8938055AEF70
    2012-08-10 02:30:12 328704 ----a-w- C:\Windows\System32\services.exe.2B9098C03C3F1765
    2012-08-10 01:56:33 328704 ----a-w- C:\Windows\System32\services.exe.85FDDF611848B5C5
    2012-08-10 01:22:47 328704 ----a-w- C:\Windows\System32\services.exe.CDC80B5668192A02
    2012-08-10 00:37:24 328704 ----a-w- C:\Windows\System32\services.exe.09EC4B970A72F0D9
    2012-08-10 00:03:52 328704 ----a-w- C:\Windows\System32\services.exe.C62B12210AEEAD56
    2012-08-09 23:30:23 328704 ----a-w- C:\Windows\System32\services.exe.6BEF76134DC62787
    2012-08-09 22:56:51 328704 ----a-w- C:\Windows\System32\services.exe.F1CEA09951D1BF75
    2012-08-09 22:23:14 328704 ----a-w- C:\Windows\System32\services.exe.CAC3EF5FA5D32A79
    2012-08-09 21:49:45 328704 ----a-w- C:\Windows\System32\services.exe.B377BAA79D97FCB3
    2012-08-09 20:40:18 328704 ----a-w- C:\Windows\System32\services.exe.EF3BF416BF743F56
    2012-08-09 14:03:41 -------- d-----w- C:\Users\diehlj\AppData\Local\LogMeIn
    2012-08-09 10:51:04 328704 ----a-w- C:\Windows\System32\services.exe.0D41064C765DF8B3
    2012-08-09 10:17:39 328704 ----a-w- C:\Windows\System32\services.exe.FA3028D6245D17CF
    2012-08-09 09:32:13 328704 ----a-w- C:\Windows\System32\services.exe.31B2EAD51930B276
    2012-08-09 08:58:48 328704 ----a-w- C:\Windows\System32\services.exe.8D0E7FE7FD0030B4
    2012-08-09 08:25:25 328704 ----a-w- C:\Windows\System32\services.exe.E479FF6ECBEB02D3
    2012-08-09 07:40:17 328704 ----a-w- C:\Windows\System32\services.exe.0838F16D2017C1B4
    2012-08-09 06:31:12 328704 ----a-w- C:\Windows\System32\services.exe.C917ABD82DEF1D7E
    2012-08-09 05:45:49 328704 ----a-w- C:\Windows\System32\services.exe.8F64B246A4761F0D
    2012-08-09 05:12:39 328704 ----a-w- C:\Windows\System32\services.exe.D31D2BA493F4EF6C
    2012-08-09 04:39:23 328704 ----a-w- C:\Windows\System32\services.exe.4A8EE1917624871D
    2012-08-09 04:05:52 328704 ----a-w- C:\Windows\System32\services.exe.18F3C0DDDF71076D
    2012-08-09 03:32:31 328704 ----a-w- C:\Windows\System32\services.exe.C98BE938B82A5B25
    2012-08-09 02:47:06 328704 ----a-w- C:\Windows\System32\services.exe.A225F23A76177ABE
    2012-08-09 02:13:12 328704 ----a-w- C:\Windows\System32\services.exe.6BFB01192DBD69E6
    2012-08-09 01:39:39 328704 ----a-w- C:\Windows\System32\services.exe.793673BCCE17E694
    2012-08-09 01:06:24 328704 ----a-w- C:\Windows\System32\services.exe.072982D6E56357AC
    2012-08-09 00:21:02 328704 ----a-w- C:\Windows\System32\services.exe.2368B5D2C7577148
    2012-08-08 23:47:26 328704 ----a-w- C:\Windows\System32\services.exe.2583CC5F30A95174
    2012-08-08 23:01:54 328704 ----a-w- C:\Windows\System32\services.exe.0B692D867B3FF6EB
    2012-08-08 22:28:20 328704 ----a-w- C:\Windows\System32\services.exe.5A8E1EFCADBCE53F
    2012-08-08 21:42:58 328704 ----a-w- C:\Windows\System32\services.exe.AA6DFBD6EF07701F
    2012-08-08 20:33:32 328704 ----a-w- C:\Windows\System32\services.exe.FA1F2B783E018189
    2012-08-08 11:13:48 328704 ----a-w- C:\Windows\System32\services.exe.046CCF7B8251621D
    2012-08-08 10:40:28 328704 ----a-w- C:\Windows\System32\services.exe.30951C83BDFF711C
    2012-08-08 10:07:00 328704 ----a-w- C:\Windows\System32\services.exe.B86EAF6B61C08E45
    2012-08-08 09:21:36 328704 ----a-w- C:\Windows\System32\services.exe.E64CA73FBF0EE376
    2012-08-08 08:48:10 328704 ----a-w- C:\Windows\System32\services.exe.1DC313C9BCDC2022
    2012-08-08 08:02:49 328704 ----a-w- C:\Windows\System32\services.exe.D43FA56101C7A801
    2012-08-08 07:29:23 328704 ----a-w- C:\Windows\System32\services.exe.4D3FD731B2E98708
    2012-08-08 06:55:56 328704 ----a-w- C:\Windows\System32\services.exe.C64BF182746C6A12
    2012-08-08 05:34:40 328704 ----a-w- C:\Windows\System32\services.exe.959EFD3B0BB894E5
    2012-08-08 05:00:02 328704 ----a-w- C:\Windows\System32\services.exe.4B562F355C4E9D92
    2012-08-08 04:26:38 328704 ----a-w- C:\Windows\System32\services.exe.2CE52A89042D4332
    2012-08-08 03:53:16 328704 ----a-w- C:\Windows\System32\services.exe.FE54CD67654FDF2F
    2012-08-08 02:55:53 328704 ----a-w- C:\Windows\System32\services.exe.0BCBD33BE4295288
    2012-08-08 02:10:31 328704 ----a-w- C:\Windows\System32\services.exe.D16CA00877B11915
    2012-08-08 01:13:10 328704 ----a-w- C:\Windows\System32\services.exe.21DD65A0C9AD0BD9
    2012-08-08 00:39:48 328704 ----a-w- C:\Windows\System32\services.exe.B80865B3065401F7
    2012-08-07 23:54:14 328704 ----a-w- C:\Windows\System32\services.exe.0CA424C2B9EA9EA3
    2012-08-07 23:20:40 328704 ----a-w- C:\Windows\System32\services.exe.162B1D90FE7AD305
    2012-08-07 22:47:27 328704 ----a-w- C:\Windows\System32\services.exe.BE0214E5B85CCE2B
    2012-08-07 22:01:50 328704 ----a-w- C:\Windows\System32\services.exe.8A4248A2BC5894D8
    2012-08-07 20:52:38 328704 ----a-w- C:\Windows\System32\services.exe.F6C4A626025BC10D
    2012-08-07 13:10:15 328704 ----a-w- C:\Windows\System32\services.exe.E65A08C92B3BFB5D
    2012-08-07 11:20:07 328704 ----a-w- C:\Windows\System32\services.exe.9087F79190C4624B
    2012-08-07 10:46:44 328704 ----a-w- C:\Windows\System32\services.exe.21B22934856BECEE
    2012-08-07 09:49:42 328704 ----a-w- C:\Windows\System32\services.exe.6B67B40894673CBD
    2012-08-07 09:04:37 328704 ----a-w- C:\Windows\System32\services.exe.4C05A1C18B25F178
    2012-08-07 07:43:19 328704 ----a-w- C:\Windows\System32\services.exe.AB63C4610721A54A
    2012-08-07 06:46:10 328704 ----a-w- C:\Windows\System32\services.exe.D12CEB217F19C782
    2012-08-07 06:13:01 328704 ----a-w- C:\Windows\System32\services.exe.768EBE20F35649DB
    2012-08-07 05:39:48 328704 ----a-w- C:\Windows\System32\services.exe.51F6C5EE687269E2
    2012-08-07 04:54:42 328704 ----a-w- C:\Windows\System32\services.exe.820D6EA40336FCEB
    2012-08-07 04:09:37 328704 ----a-w- C:\Windows\System32\services.exe.8B8329801DD06B56
    2012-08-07 03:56:23 328704 ----a-w- C:\Windows\System32\services.exe.CCEE5005AD801554
    2012-08-07 03:11:18 328704 ----a-w- C:\Windows\System32\services.exe.64C151CEE3A40AB1
    2012-08-07 02:38:06 328704 ----a-w- C:\Windows\System32\services.exe.4775EEB6B5C93E2B
    2012-08-07 01:52:54 328704 ----a-w- C:\Windows\System32\services.exe.D2F33E64CD5761BE
    2012-08-07 01:19:41 328704 ----a-w- C:\Windows\System32\services.exe.1E76EF4E793C6C9D
    2012-08-07 00:46:29 328704 ----a-w- C:\Windows\System32\services.exe.2A09916402F57602
    2012-08-07 00:01:16 328704 ----a-w- C:\Windows\System32\services.exe.14329BF4752CFC0F
    2012-08-06 23:16:08 328704 ----a-w- C:\Windows\System32\services.exe.CBB6732CD94F7FEC
    2012-08-06 22:30:58 328704 ----a-w- C:\Windows\System32\services.exe.4890D67C3C3441D9
    2012-08-06 21:33:49 328704 ----a-w- C:\Windows\System32\services.exe.9C997ED0879F465C
    2012-08-06 20:36:41 328704 ----a-w- C:\Windows\System32\services.exe.2954000000018B81
    2012-08-06 15:16:10 328704 ----a-w- C:\Windows\System32\services.exe.EF16BDE8263E7A8D
    2012-08-06 14:36:12 328704 ----a-w- C:\Windows\System32\services.exe.354656BE4D18349D
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2012-08-06 11:29:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2012-08-06 11:16:04 328704 ----a-w- C:\Windows\System32\services.exe.42785F79AAB58293
    2012-08-03 17:41:17 328704 ----a-w- C:\Windows\System32\services.exe.2D9F4241F5CFFC73
    2012-08-03 17:07:55 328704 ----a-w- C:\Windows\System32\services.exe.1B7F06D4CA870611
    2012-08-03 14:14:30 -------- d-----w- C:\Program Files (x86)\Common Files\Real
    2012-08-03 11:17:47 328704 ----a-w- C:\Windows\System32\services.exe.DB921AEE3FC11B8C
    2012-08-02 14:42:43 328704 ----a-w- C:\Windows\System32\services.exe.090AD02303831B6C
    2012-08-02 13:32:41 -------- d-----w- C:\Users\diehlj\AppData\Local\{08AD4B9C-F8EA-4E35-A361-ECEBAAA2E3CD}
    2012-08-02 13:32:28 -------- d-----w- C:\Users\diehlj\AppData\Local\{113C53BA-B2FC-4498-95F8-1A225921BF96}
    2012-08-02 10:30:29 328704 ----a-w- C:\Windows\System32\services.exe.224CBADFDED25BC8
    2012-08-02 09:54:01 328704 ----a-w- C:\Windows\System32\services.exe.357356ECC0289E94
    2012-08-02 09:05:41 328704 ----a-w- C:\Windows\System32\services.exe.F9F5619CA0C8F43B
    2012-08-02 08:17:29 328704 ----a-w- C:\Windows\System32\services.exe.3722A8D89B5DA503
    2012-08-02 07:29:37 328704 ----a-w- C:\Windows\System32\services.exe.24CCCAFF3F705690
    2012-08-02 06:53:32 328704 ----a-w- C:\Windows\System32\services.exe.0BA6127F167CB43F
    2012-08-02 06:05:46 328704 ----a-w- C:\Windows\System32\services.exe.1CD4BDF867C798A4
    2012-08-02 05:17:58 328704 ----a-w- C:\Windows\System32\services.exe.9D4B8203064E1319
    2012-08-02 04:42:07 328704 ----a-w- C:\Windows\System32\services.exe.7999528496614964
    2012-08-02 04:06:01 328704 ----a-w- C:\Windows\System32\services.exe.01A83A1195FE5819
    2012-08-02 03:18:08 328704 ----a-w- C:\Windows\System32\services.exe.FEA9AB1F1D6067FA
    2012-08-02 01:30:10 328704 ----a-w- C:\Windows\System32\services.exe.7835CBA1D647540A
    2012-08-02 00:54:05 328704 ----a-w- C:\Windows\System32\services.exe.5A0D44792EF167EC
    2012-08-02 00:18:10 328704 ----a-w- C:\Windows\System32\services.exe.BF07EF6A8B4045D8
    2012-08-01 23:30:17 328704 ----a-w- C:\Windows\System32\services.exe.215E0438E1062620
    2012-08-01 22:54:14 328704 ----a-w- C:\Windows\System32\services.exe.019ADC46CC42D4D4
    2012-08-01 22:18:16 328704 ----a-w- C:\Windows\System32\services.exe.7B1935C61EB2A66A
    2012-08-01 21:42:11 328704 ----a-w- C:\Windows\System32\services.exe.0129EAAB3665E0C4
    2012-08-01 20:30:14 328704 ----a-w- C:\Windows\System32\services.exe.1B2CAEEA9E5B5996
    2012-08-01 15:19:19 328704 ----a-w- C:\Windows\System32\services.exe.E883354F5B2FD7FF
    2012-08-01 11:26:10 328704 ----a-w- C:\Windows\System32\services.exe.A1955BA19914F868
    2012-08-01 11:12:03 328704 ----a-w- C:\Windows\System32\services.exe.84C5F16DF400A505
    2012-08-01 10:36:11 328704 ----a-w- C:\Windows\System32\services.exe.9134468CD42F760A
    2012-08-01 10:00:19 328704 ----a-w- C:\Windows\System32\services.exe.9716A08E3D5CBC92
    2012-08-01 09:12:37 328704 ----a-w- C:\Windows\System32\services.exe.B31D5A6789158139
    2012-08-01 08:36:45 328704 ----a-w- C:\Windows\System32\services.exe.04462462FC2F91DB
    2012-08-01 08:00:50 328704 ----a-w- C:\Windows\System32\services.exe.D79EB1653F1D1CAD
    2012-08-01 07:13:08 328704 ----a-w- C:\Windows\System32\services.exe.675A3DD176BC94D5
    2012-08-01 06:36:50 328704 ----a-w- C:\Windows\System32\services.exe.2DCF39852EDF21BA
    2012-08-01 06:00:32 328704 ----a-w- C:\Windows\System32\services.exe.AB349FE4854546FD
    2012-08-01 05:24:38 328704 ----a-w- C:\Windows\System32\services.exe.8C6682271786045B
    2012-08-01 04:48:54 328704 ----a-w- C:\Windows\System32\services.exe.706EEFACB952986D
    2012-08-01 04:01:07 328704 ----a-w- C:\Windows\System32\services.exe.738970F558A9A2CC
    2012-08-01 03:13:23 328704 ----a-w- C:\Windows\System32\services.exe.9372AF8C48F83C5B
    2012-08-01 02:37:30 328704 ----a-w- C:\Windows\System32\services.exe.A057CC222A2FF9B7
    2012-08-01 02:01:37 328704 ----a-w- C:\Windows\System32\services.exe.3295C28D319F0BAD
    2012-08-01 01:25:43 328704 ----a-w- C:\Windows\System32\services.exe.FF984E55FDAD8CCB
    2012-08-01 00:49:51 328704 ----a-w- C:\Windows\System32\services.exe.7DE1EDC94A7C45EB
    2012-08-01 00:02:09 328704 ----a-w- C:\Windows\System32\services.exe.F6EB81EB661B84F3
    2012-07-31 23:26:12 328704 ----a-w- C:\Windows\System32\services.exe.D3DB528C66E5CEA0
    2012-07-31 22:50:21 328704 ----a-w- C:\Windows\System32\services.exe.DF02590C50F5E301
    2012-07-31 22:14:28 328704 ----a-w- C:\Windows\System32\services.exe.5922F95F7E3581EC
    2012-07-31 21:38:41 328704 ----a-w- C:\Windows\System32\services.exe.43F52A7B496DBAD4
    2012-07-31 20:51:01 328704 ----a-w- C:\Windows\System32\services.exe.F09AC6EEDAB76EB9
    2012-07-31 20:14:53 328704 ----a-w- C:\Windows\System32\services.exe.412B80B1ED7785F5
    2012-07-31 15:59:20 328704 ----a-w- C:\Windows\System32\services.exe.A308782FA1AB350C
    2012-07-31 15:11:27 328704 ----a-w- C:\Windows\System32\services.exe.32F9C54A74985798
    2012-07-31 10:29:53 328704 ----a-w- C:\Windows\System32\services.exe.2C89E96FDCC6D9C4
    2012-07-31 09:53:59 328704 ----a-w- C:\Windows\System32\services.exe.C6683264FBD76A8D
    2012-07-31 09:06:12 328704 ----a-w- C:\Windows\System32\services.exe.B62C8FA4D666141F
    2012-07-31 08:30:18 328704 ----a-w- C:\Windows\System32\services.exe.DF4212D8F99440C1
    2012-07-31 07:54:23 328704 ----a-w- C:\Windows\System32\services.exe.C06BA1F84F891FD3
    2012-07-31 07:06:39 328704 ----a-w- C:\Windows\System32\services.exe.A1C2D6C7697BECFF
    2012-07-31 06:30:40 328704 ----a-w- C:\Windows\System32\services.exe.C66B495DF1B7F901
    2012-07-31 05:54:47 328704 ----a-w- C:\Windows\System32\services.exe.796FD406606A3CE2
    2012-07-31 05:18:50 328704 ----a-w- C:\Windows\System32\services.exe.3415CF5AFFD40B25
    2012-07-31 04:43:04 328704 ----a-w- C:\Windows\System32\services.exe.2C3333F8084AF71F
    2012-07-31 04:06:40 328704 ----a-w- C:\Windows\System32\services.exe.2166FA9F1198D9CA
    2012-07-31 03:18:26 328704 ----a-w- C:\Windows\System32\services.exe.D11DB06A54D3E37B
    2012-07-31 02:30:23 328704 ----a-w- C:\Windows\System32\services.exe.2A080C4203F1AC22
    2012-07-31 01:54:33 328704 ----a-w- C:\Windows\System32\services.exe.917B4F8DC97DC6B7
    2012-07-31 01:06:50 328704 ----a-w- C:\Windows\System32\services.exe.AF99F1FE9CBCC65E
    2012-07-31 00:31:00 328704 ----a-w- C:\Windows\System32\services.exe.51C45D9FA4E2035B
    2012-07-30 23:55:02 328704 ----a-w- C:\Windows\System32\services.exe.341F7906C0C19A6A
    2012-07-30 23:07:20 328704 ----a-w- C:\Windows\System32\services.exe.53E6124CBD32EE59
    2012-07-30 22:31:26 328704 ----a-w- C:\Windows\System32\services.exe.93210D4FC540276F
    2012-07-30 21:55:32 328704 ----a-w- C:\Windows\System32\services.exe.27879C0E88BCDCF7
    2012-07-30 21:19:33 328704 ----a-w- C:\Windows\System32\services.exe.9E364D5380263BE0
    2012-07-30 20:31:40 328704 ----a-w- C:\Windows\System32\services.exe.651B0DED75DD9B79
    2012-07-30 18:08:51 328704 ----a-w- C:\Windows\System32\services.exe.7A545F2D806886A3
    2012-07-30 11:29:09 328704 ----a-w- C:\Windows\System32\services.exe.0F37882B2ECB85E6
    2012-07-27 11:13:54 328704 ----a-w- C:\Windows\System32\services.exe.AB944DDB1E320CFA
    2012-07-27 10:38:05 328704 ----a-w- C:\Windows\System32\services.exe.F9940C91BA45BCB2
    2012-07-27 10:01:42 328704 ----a-w- C:\Windows\System32\services.exe.59EB6CE104512D3E
    2012-07-27 09:25:33 328704 ----a-w- C:\Windows\System32\services.exe.D8FF1F8BD696CA66
    2012-07-27 08:49:15 328704 ----a-w- C:\Windows\System32\services.exe.15E5D6A146FC6512
    2012-07-27 08:13:21 328704 ----a-w- C:\Windows\System32\services.exe.20CC49734DCCEC04
    2012-07-27 07:25:38 328704 ----a-w- C:\Windows\System32\services.exe.5E63D7E6DB924910
    2012-07-27 06:37:52 328704 ----a-w- C:\Windows\System32\services.exe.DD22F2965D863039
    2012-07-27 06:01:53 328704 ----a-w- C:\Windows\System32\services.exe.72A0C6FAE6059C57
    2012-07-27 05:26:02 328704 ----a-w- C:\Windows\System32\services.exe.F6699AD5C93E65FD
    2012-07-27 04:50:17 328704 ----a-w- C:\Windows\System32\services.exe.477CCF94941EEF17
    2012-07-27 04:02:30 328704 ----a-w- C:\Windows\System32\services.exe.69763CE38BEB8B36
    2012-07-27 03:26:42 328704 ----a-w- C:\Windows\System32\services.exe.F003012E4C96D3BE
    2012-07-27 02:50:47 328704 ----a-w- C:\Windows\System32\services.exe.7AA48050D3A52F01
    2012-07-27 02:14:57 328704 ----a-w- C:\Windows\System32\services.exe.62F7433A90462B94
    2012-07-27 01:39:06 328704 ----a-w- C:\Windows\System32\services.exe.9A97FB002CB4166D
    2012-07-27 01:03:08 328704 ----a-w- C:\Windows\System32\services.exe.A8BCA8E978BDA19A
    2012-07-27 00:27:07 328704 ----a-w- C:\Windows\System32\services.exe.BA5B979F024BFC5E
    2012-07-26 23:51:14 328704 ----a-w- C:\Windows\System32\services.exe.147DECF07E0CC8D3
    2012-07-26 23:15:22 328704 ----a-w- C:\Windows\System32\services.exe.6E8F6CBDDD51E143
    2012-07-26 22:27:39 328704 ----a-w- C:\Windows\System32\services.exe.7281D37D96E686B2
    2012-07-26 21:51:45 328704 ----a-w- C:\Windows\System32\services.exe.E621CB58766E34B3
    2012-07-26 20:51:55 328704 ----a-w- C:\Windows\System32\services.exe.8B93817A900E05EB
    2012-07-26 18:19:06 328704 ----a-w- C:\Windows\System32\services.exe.20363FB1120D456F
    2012-07-26 11:19:03 328704 ----a-w- C:\Windows\System32\services.exe.D5F1E81C291D290C
    2012-07-26 11:04:56 328704 ----a-w- C:\Windows\System32\services.exe.FAA65D5AD776ABCD
    2012-07-26 10:30:03 328704 ----a-w- C:\Windows\System32\services.exe.52408FE129B19A39
    2012-07-26 09:55:06 328704 ----a-w- C:\Windows\System32\services.exe.00A14A39D0051F6A
    2012-07-26 09:08:13 328704 ----a-w- C:\Windows\System32\services.exe.A6902218D58BAC35
    2012-07-26 08:33:19 328704 ----a-w- C:\Windows\System32\services.exe.3E03AF086EA39B82
    2012-07-26 07:58:25 328704 ----a-w- C:\Windows\System32\services.exe.3382151FFA20B9BC
    2012-07-26 07:23:10 328704 ----a-w- C:\Windows\System32\services.exe.7FE84371D650F6CA
    2012-07-26 06:47:55 328704 ----a-w- C:\Windows\System32\services.exe.F75120D5A085289C
    2012-07-26 06:12:49 328704 ----a-w- C:\Windows\System32\services.exe.D4238C640FF9DB19
    2012-07-26 05:37:52 328704 ----a-w- C:\Windows\System32\services.exe.C4CB76BF8B6CA21E
    2012-07-26 05:02:56 328704 ----a-w- C:\Windows\System32\services.exe.7C94F17A4DFAB9CD
    2012-07-26 04:27:58 328704 ----a-w- C:\Windows\System32\services.exe.967D8FAA58768A4A
    2012-07-26 03:41:11 328704 ----a-w- C:\Windows\System32\services.exe.FD0D57A88112A306
    2012-07-26 03:06:11 328704 ----a-w- C:\Windows\System32\services.exe.AF3683F7549EF42C
    2012-07-26 02:31:17 328704 ----a-w- C:\Windows\System32\services.exe.8A5BAE3BE21F1E4B
    2012-07-26 01:56:18 328704 ----a-w- C:\Windows\System32\services.exe.34E3693D95EC86AB
    2012-07-26 01:21:24 328704 ----a-w- C:\Windows\System32\services.exe.A0BC506040BD372E
    2012-07-26 00:34:37 328704 ----a-w- C:\Windows\System32\services.exe.883DB89A9857FCBD
    2012-07-25 23:59:42 328704 ----a-w- C:\Windows\System32\services.exe.31740C6C0336F06B
    2012-07-25 23:24:41 328704 ----a-w- C:\Windows\System32\services.exe.0348043D60C009A6
    2012-07-25 22:49:41 328704 ----a-w- C:\Windows\System32\services.exe.DAAF1CE68C03DA64
    2012-07-25 22:02:54 328704 ----a-w- C:\Windows\System32\services.exe.1960C865AA639565
    2012-07-25 21:27:56 328704 ----a-w- C:\Windows\System32\services.exe.6B020D065A8D4034
    2012-07-25 20:52:53 328704 ----a-w- C:\Windows\System32\services.exe.28217BBE2F60AAB1
    2012-07-25 20:17:44 328704 ----a-w- C:\Windows\System32\services.exe.926C925DA6C6AF89
    2012-07-25 19:21:19 -------- d-----w- C:\Windows\en
    2012-07-25 19:18:30 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-07-25 19:16:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fa8977581cd6a9902\MeshBetaRemover.exe
    2012-07-25 19:16:22 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DSETUP.dll
    2012-07-25 19:16:22 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DXSETUP.exe
    2012-07-25 19:16:22 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\dsetup32.dll
    2012-07-25 19:06:39 -------- d-----w- C:\Users\diehlj\AppData\Local\{EC586BF2-888F-4CDD-959D-EDB5F69AC112}
    2012-07-25 19:06:29 -------- d-----w- C:\Users\diehlj\AppData\Local\{12D8FB23-6D7C-48BB-B08B-83114219671A}
    2012-07-25 19:06:20 -------- d-----w- C:\Users\diehlj\AppData\Local\{092ED90A-E16F-418A-9CE8-7DE892763208}
    2012-07-25 19:06:11 -------- d-----w- C:\Users\diehlj\AppData\Local\{B6A7A86D-FC12-4351-BAC0-9D710281FA91}
    2012-07-25 19:06:01 -------- d-----w- C:\Users\diehlj\AppData\Local\{1F586F0F-6260-4704-A204-E8D5304F2CC0}
    2012-07-25 19:05:50 -------- d-----w- C:\Users\diehlj\AppData\Local\{E18E82AA-9A0C-4C6B-95E7-061B824F2774}
    2012-07-25 19:05:41 -------- d-----w- C:\Users\diehlj\AppData\Local\{EDC427DC-B291-4B6A-AD99-382336AE888E}
    2012-07-25 19:05:32 -------- d-----w- C:\Users\diehlj\AppData\Local\{BB932961-495A-4D84-BA19-A1C41A09084A}
    2012-07-25 19:05:21 -------- d-----w- C:\Users\diehlj\AppData\Local\{A416B975-C3C2-4973-889E-6918077DA3EF}
    2012-07-25 19:05:12 -------- d-----w- C:\Users\diehlj\AppData\Local\{05483F89-E5F1-462B-9469-5392E5178B2E}
    2012-07-25 19:05:03 -------- d-----w- C:\Users\diehlj\AppData\Local\{57D4F123-D4B2-4D83-AF22-D4A5756891D7}
    2012-07-25 19:04:53 -------- d-----w- C:\Users\diehlj\AppData\Local\{68D0A384-2BDD-4B22-B585-0930A6768AD6}
    2012-07-25 19:04:44 -------- d-----w- C:\Users\diehlj\AppData\Local\{68F3F894-0C38-4658-80B5-F638E2F57F9A}
    2012-07-25 19:04:35 -------- d-----w- C:\Users\diehlj\AppData\Local\{A0604A03-614A-4D6A-AC91-A98858334553}
    2012-07-25 14:44:29 -------- d-----w- C:\Users\diehlj\AppData\Local\{1E02ED42-3295-4504-B269-B0A43F7BA749}
    2012-07-25 14:44:11 -------- d-----w- C:\Users\diehlj\AppData\Local\{F591A578-21FD-4631-AAB3-20C2079FE9CD}
    2012-07-25 10:34:04 328704 ----a-w- C:\Windows\System32\services.exe.582021393E0CE0D0
    2012-07-25 09:47:09 328704 ----a-w- C:\Windows\System32\services.exe.001A62493D3E4CC9
    2012-07-25 09:00:21 328704 ----a-w- C:\Windows\System32\services.exe.06C606FEBF6575EB
    2012-07-25 08:25:17 328704 ----a-w- C:\Windows\System32\services.exe.19D7E767400627FC
    2012-07-25 07:50:14 328704 ----a-w- C:\Windows\System32\services.exe.D0BB045569659D67
    2012-07-25 07:15:10 328704 ----a-w- C:\Windows\System32\services.exe.E33548A8928F00BF
    2012-07-25 06:28:20 328704 ----a-w- C:\Windows\System32\services.exe.4D5DAF7534FB6A61
    2012-07-25 05:53:19 328704 ----a-w- C:\Windows\System32\services.exe.EE50D92F0BAFBAE9
    2012-07-25 05:06:28 328704 ----a-w- C:\Windows\System32\services.exe.7B6689DAB8A973C8
    2012-07-25 04:31:15 328704 ----a-w- C:\Windows\System32\services.exe.D6009CC263DA8EB6
    2012-07-25 03:55:57 328704 ----a-w- C:\Windows\System32\services.exe.93F95679E43FE4E7
    2012-07-25 03:20:40 328704 ----a-w- C:\Windows\System32\services.exe.12B6CD4473F87796
    2012-07-25 02:45:42 328704 ----a-w- C:\Windows\System32\services.exe.7B1C9783BC07C55A
    2012-07-25 02:10:37 328704 ----a-w- C:\Windows\System32\services.exe.244FA627F615E06B
    2012-07-25 01:35:33 328704 ----a-w- C:\Windows\System32\services.exe.CB102292C11AF55B
    2012-07-25 01:00:29 328704 ----a-w- C:\Windows\System32\services.exe.4C5DC3D11BD6ACED
    2012-07-25 00:25:25 328704 ----a-w- C:\Windows\System32\services.exe.4FF16E8A5BCD838A
    2012-07-24 23:50:19 328704 ----a-w- C:\Windows\System32\services.exe.0A22F5F787C7E0D3
    2012-07-24 23:15:16 328704 ----a-w- C:\Windows\System32\services.exe.F73F9F3EF2BB6058
    2012-07-24 22:16:17 328704 ----a-w- C:\Windows\System32\services.exe.7C13ED303DCD0A0A
    2012-07-24 10:43:52 328704 ----a-w- C:\Windows\System32\services.exe.4858A7A5E5F1140D
    2012-07-24 10:08:55 328704 ----a-w- C:\Windows\System32\services.exe.CE6C79D837BAE0E9
    2012-07-24 09:22:02 328704 ----a-w- C:\Windows\System32\services.exe.E435E06C7AAF08DF
    2012-07-24 08:47:05 328704 ----a-w- C:\Windows\System32\services.exe.9D5C5781D44F04FC
    2012-07-24 08:12:05 328704 ----a-w- C:\Windows\System32\services.exe.013C64B6ACEBD3D8
    2012-07-24 07:37:06 328704 ----a-w- C:\Windows\System32\services.exe.2F76FD0E32BBE53E
    2012-07-24 07:02:01 328704 ----a-w- C:\Windows\System32\services.exe.EBD62F9E516EF7DD
    2012-07-24 06:15:07 328704 ----a-w- C:\Windows\System32\services.exe.C766D78DFADCC299
    2012-07-24 05:40:02 328704 ----a-w- C:\Windows\System32\services.exe.061B63583EFC3D15
    2012-07-24 05:04:56 328704 ----a-w- C:\Windows\System32\services.exe.AAEA6D73D25346C1
    2012-07-24 04:29:51 328704 ----a-w- C:\Windows\System32\services.exe.C54217461DC4B332
    2012-07-24 03:54:47 328704 ----a-w- C:\Windows\System32\services.exe.76ADC0F749F32C04
    2012-07-24 03:19:50 328704 ----a-w- C:\Windows\System32\services.exe.26F3DFD6CFABC36F
    2012-07-24 02:44:51 328704 ----a-w- C:\Windows\System32\services.exe.3F1B16ACE022F19B
    2012-07-24 02:09:29 328704 ----a-w- C:\Windows\System32\services.exe.33E49513CD86298A
    2012-07-24 01:34:01 328704 ----a-w- C:\Windows\System32\services.exe.59F1349C4D4DBEE3
    2012-07-24 00:58:40 328704 ----a-w- C:\Windows\System32\services.exe.F8AFE994FC16EEE2
    2012-07-24 00:23:36 328704 ----a-w- C:\Windows\System32\services.exe.C9E98A92281E03DA
    2012-07-23 23:48:38 328704 ----a-w- C:\Windows\System32\services.exe.A5B74F26906EED03
    2012-07-23 23:01:44 328704 ----a-w- C:\Windows\System32\services.exe.49E72D84B667B96A
    2012-07-23 22:26:43 328704 ----a-w- C:\Windows\System32\services.exe.A21946A49706A84E
    2012-07-23 21:51:42 328704 ----a-w- C:\Windows\System32\services.exe.6A862C16F49CA3BD
    2012-07-23 21:16:42 328704 ----a-w- C:\Windows\System32\services.exe.C3A9F7B90284FE1F
    2012-07-23 20:41:41 328704 ----a-w- C:\Windows\System32\services.exe.B0FA8699B07BFB79
    2012-07-23 20:06:38 328704 ----a-w- C:\Windows\System32\services.exe.ED34B2139D6B8FAA
    2012-07-23 19:31:38 328704 ----a-w- C:\Windows\System32\services.exe.C312191CA3233186
    2012-07-23 18:44:48 328704 ----a-w- C:\Windows\System32\services.exe.8DFCCE21F073F7DD
    2012-07-23 18:09:48 328704 ----a-w- C:\Windows\System32\services.exe.ED30D3467EAD6236
    2012-07-23 17:34:43 328704 ----a-w- C:\Windows\System32\services.exe.872297B9C36BDC63
    2012-07-23 11:55:10 328704 ----a-w- C:\Windows\System32\services.exe.55C0669102F69A5A
    .
    ==================== Find3M ====================
    .
    2012-08-15 13:16:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 13:16:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 13:16:09 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-20 13:46:13 328704 ----a-w- C:\Windows\System32\services.exe.04164AF44AB5BBA9
    2012-07-20 13:39:59 328704 ----a-w- C:\Windows\System32\services.exe.9C03CE4335D70312
    2012-07-20 12:27:02 328704 ----a-w- C:\Windows\System32\services.exe.536C9A5EAEBB349A
    2012-07-20 11:35:12 328704 ----a-w- C:\Windows\System32\services.exe.7114EA135DE5C9F4
    2012-07-19 17:00:55 328704 ----a-w- C:\Windows\System32\services.exe.E57E67AFF36DDE1D
    2012-07-19 13:50:58 328704 ----a-w- C:\Windows\System32\services.exe.BCCD69C0AFA450E7
    2012-07-18 11:09:29 328704 ----a-w- C:\Windows\System32\services.exe.1B3433327E237B34
    2012-07-18 10:21:33 328704 ----a-w- C:\Windows\System32\services.exe.D06EC83FC5215054
    2012-07-18 09:33:39 328704 ----a-w- C:\Windows\System32\services.exe.8027E250749D0706
    2012-07-18 08:57:33 328704 ----a-w- C:\Windows\System32\services.exe.19C0A0193B904D13
    2012-07-18 08:21:22 328704 ----a-w- C:\Windows\System32\services.exe.182C9B982285583E
    2012-07-18 06:45:31 328704 ----a-w- C:\Windows\System32\services.exe.BE9C88F38C2EA78C
    2012-07-18 05:57:37 328704 ----a-w- C:\Windows\System32\services.exe.F7CB87ADFA01B4A6
    2012-07-18 05:21:39 328704 ----a-w- C:\Windows\System32\services.exe.5A58B52BDC01A465
    2012-07-18 04:45:46 328704 ----a-w- C:\Windows\System32\services.exe.F060F8E767B73E09
    2012-07-18 04:09:39 328704 ----a-w- C:\Windows\System32\services.exe.8120657FA21DDF0E
    2012-07-18 03:33:34 328704 ----a-w- C:\Windows\System32\services.exe.D9E9F83ED17A3FCF
    2012-07-18 02:45:42 328704 ----a-w- C:\Windows\System32\services.exe.C1A93FF2953850B5
    2012-07-18 02:09:24 328704 ----a-w- C:\Windows\System32\services.exe.20D80ECA98F48EC1
    2012-07-18 01:33:20 328704 ----a-w- C:\Windows\System32\services.exe.CC81BF20D545F26C
    2012-07-18 00:57:10 328704 ----a-w- C:\Windows\System32\services.exe.A76B110D632195EE
    2012-07-18 00:21:07 328704 ----a-w- C:\Windows\System32\services.exe.B7380A62727798D0
    2012-07-17 23:45:02 328704 ----a-w- C:\Windows\System32\services.exe.226BBF36AB9139D0
    2012-07-17 22:56:19 328704 ----a-w- C:\Windows\System32\services.exe.FD83BA99B1BFD7B5
    2012-07-17 22:20:16 328704 ----a-w- C:\Windows\System32\services.exe.C6FC978D366EAB4A
    2012-07-17 21:20:19 328704 ----a-w- C:\Windows\System32\services.exe.B801ADEB0849BBFB
    2012-07-16 11:21:26 328704 ----a-w- C:\Windows\System32\services.exe.4C6DFED4E2C43CE8
    2012-07-13 17:10:22 328704 ----a-w- C:\Windows\System32\services.exe.C252A12DB9CA4294
    2012-07-13 15:53:28 328704 ----a-w- C:\Windows\System32\services.exe.DF5F3F7B22985D34
    2012-07-13 13:31:49 328704 ----a-w- C:\Windows\System32\services.exe.DE3C00E5A3DE77EB
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 11:14:38.53 ===============
     
  4. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/13/2011 9:07:52 AM
    System Uptime: 8/21/2012 10:38:19 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 09KPNV
    Processor: Intel(R) Xeon(R) CPU W3530 @ 2.80GHz | CPU | 2800/4800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 195 GiB total, 72.837 GiB free.
    D: is FIXED (NTFS) - 270 GiB total, 56.771 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PROCEXP151
    Device ID: ROOT\LEGACY_PROCEXP151\0000
    Manufacturer:
    Name: PROCEXP151
    PNP Device ID: ROOT\LEGACY_PROCEXP151\0000
    Service: PROCEXP151
    .
    ==== System Restore Points ===================
    .
    RP106: 7/10/2012 6:23:05 AM - Removed Ad-Aware
    RP107: 7/25/2012 12:08:33 PM - Scheduled Checkpoint
    RP108: 7/25/2012 2:16:19 PM - Windows Live Essentials
    RP109: 7/25/2012 2:16:49 PM - Installed DirectX
    RP110: 7/25/2012 2:17:33 PM - Installed DirectX
    RP111: 7/25/2012 2:18:18 PM - WLSetup
    RP112: 8/7/2012 8:27:10 AM - Removed Skype™ 5.8
    RP113: 8/7/2012 8:27:47 AM - Removed Skype Click to Call
    RP114: 8/7/2012 8:28:30 AM - Removed PicoSoft 6
    RP115: 8/7/2012 8:29:35 AM - Removed LogMeIn
    RP116: 8/15/2012 6:25:16 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    3Dconnexion 3DxSoftware (SpacePilot PRO x64 Edition)
    3Dconnexion Collage
    3Dconnexion Extension for SketchUp
    3Dconnexion Plug-in for Acrobat 3D
    3Dconnexion Trainer
    Active@ Password Changer Professional
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    AI Viewer
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    Auslogics Duplicate File Finder
    Avery Wizard 4.0
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Bandoo
    Bing Bar
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY MyCamera Download Plugin
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow Launcher
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CyberLink PowerDVD 9.5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Download Accelerator Plus (DAP)
    DraftSight
    Duplicate Cleaner 2.1b
    EASEUS Partition Master 8.0.1 Home Edition
    Google Chrome
    Google Earth
    Google Update Helper
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 31
    join.me
    Junk Mail filter update
    jZip
    Malwarebytes Anti-Malware version 1.62.0.1300
    MDI2PDF 2.61
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Standard 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Browser
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MTCSqlJobService
    NVIDIA PhysX
    OpenAL
    Pazera Free Video to 3GP Converter 1.2
    PC Connectivity Solution
    ProNest 2010 Nesting Software
    ProNest 8 Nesting System
    QuickTime
    Rhapsody
    Samsung PC Studio 3 USB Driver Installer
    SamsungConnectivityCableDriver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    SolidWorks 2012 x64 Edition SP01
    SolidWorks 2012 x64 Edition SP02
    SpeedBit Video Accelerator
    SpeedBit Video Downloader
    Super Finder XT 1.6.3.2
    swMSM
    System Requirements Lab
    System Requirements Lab CYRI
    TreeSize Free V2.5
    Tunatic
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Vextractor 3.97 Demo
    VLC media player 1.1.11
    VNC Free Edition 4.1.1
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/21/2012 8:30:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New

    Signature Version: Previous Signature Version: 1.131.2371.0 Update Source: Microsoft Update Server Update Stage: Search Source

    Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous

    Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/21/2012 8:20:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    was unloaded unexpectedly.
    8/21/2012 8:20:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/21/2012 8:20:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver was unloaded unexpectedly.
    8/21/2012 8:20:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/21/2012 8:16:57 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or

    other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe

    Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:596

    Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

    \Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error

    description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2371.0,

    AS: 1.131.2371.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    8/21/2012 8:16:35 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done

    this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    8/21/2012 8:15:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    was unloaded unexpectedly.
    8/21/2012 8:15:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/21/2012 8:15:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver was unloaded unexpectedly.
    8/21/2012 8:15:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/21/2012 7:21:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New

    Signature Version: Previous Signature Version: 1.131.2371.0 Update Source: Microsoft Update Server Update Stage: Search Source

    Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous

    Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/21/2012 7:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with

    arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047}
    8/21/2012 7:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with

    arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    8/21/2012 7:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with

    arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/21/2012 7:12:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with

    arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/21/2012 7:12:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with

    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/21/2012 7:12:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with

    arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/21/2012 7:11:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection

    with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/21/2012 7:11:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter

    NetworkX SASDIFSV SASKUTIL spldr Wanarpv6
    8/21/2012 7:11:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with

    arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    8/21/2012 7:11:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start

    because of the following error: The dependency service or group failed to start.
    8/21/2012 7:09:45 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or

    other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe

    Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496

    Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

    \Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error

    description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2371.0,

    AS: 1.131.2371.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    8/21/2012 6:46:58 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain GENCOR

    due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure

    that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer

    is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain.

    Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    8/21/2012 6:45:02 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or

    other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe

    Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496

    Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

    \Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error

    description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2371.0,

    AS: 1.131.2371.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
    8/21/2012 10:48:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New

    Signature Version: Previous Signature Version: 1.131.2371.0 Update Source: Microsoft Update Server Update Stage: Search Source

    Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous

    Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/21/2012 10:40:13 AM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: A device attached to

    the system is not functioning.
    8/21/2012 10:39:44 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: A device attached to

    the system is not functioning.
    8/21/2012 10:39:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV

    SASKUTIL
    8/21/2012 10:39:24 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might

    not be installed.
    8/21/2012 10:38:55 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE.

    This service might not be installed.
    8/21/2012 10:38:55 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find

    the file specified.
    8/21/2012 10:38:54 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following

    error: %%-2147024891
    8/21/2012 10:38:52 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified
     
  5. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/14/2012 6:03:49 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or

    other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe

    Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:560

    Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

    \Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error

    description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.1930.0,

    AS: 1.131.1930.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    8/14/2012 6:03:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search

    service to connect.
    8/14/2012 6:03:19 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did

    not respond to the start or control request in a timely fashion.
    8/14/2012 6:03:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with

    arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/14/2012 6:02:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server

    (MTCSOFTWARE) service to connect.
    8/14/2012 6:02:12 AM, Error: Service Control Manager [7000] - The SQL Server (MTCSOFTWARE) service failed to start due to the following error: The

    service did not respond to the start or control request in a timely fashion.
    8/14/2012 6:01:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    was unloaded unexpectedly.
    8/14/2012 6:01:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver

    requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/14/2012 6:01:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver was unloaded unexpectedly.
    8/14/2012 6:01:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter

    driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================


    Sorry there was so much.....
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    Please disable "word wrap" in Notepad as your logs are hard to read.

    ======================================

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and MSE.
    You must uninstall one of them.
    I suggest Lavasoft goes.

    =====================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  7. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Broni,

    Thanks for the reply

    You mentioned that I have 2 AV programs running

    ======================================

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and MSE.
    You must uninstall one of them.
    I suggest Lavasoft goes.

    =====================================

    I did have Lavasoft installed a while back but thought I had unistalled it.

    Attached is a pic of my programs from A to M and I don't see it in there?

    Sooooo.....should I leave MSE on my system?

    I really appreciate you helping me fix this problem........since this is my work pc I really :confused: don't want to screw it up following anybody else's directions but yours;)

    Here are the Farbar logs

    FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 22-08-2012 07:06:58
    Running from G:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
    HKU\Admingen\...\Run: [Google Update] "C:\Users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-07] (Google Inc.)
    HKU\Admingen\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
    HKU\Admingen\...\Run: [Akamai NetSession Interface] "C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    HKU\Admingen\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
    HKU\Admingen\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
    HKU\Administrator\...\Run: [Google Update] "C:\Users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-07] (Google Inc.)
    HKU\Administrator\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
    HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    HKU\Administrator\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
    HKU\Administrator\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\diehlj\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
    HKU\diehlj\...\Run: [Akamai NetSession Interface] "C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.16.2 66.43.215.1
    Lsa: [Authentication Packages] msv1_0
    wvauth
    Startup: C:\Users\diehlj\Start Menu\Programs\Startup\AutorunsDisabled ()

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 Bandoo Coordinator; "C:\Program Files (x86)\Bandoo\Bandoo.exe" [2051472 2011-12-14] (Bandoo Media Inc.)
    2 Crypkey License; crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
    2 hasplms; C:\Windows\system32\hasplms.exe -run [4913608 2011-12-02] (SafeNet Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$MTCSOFTWARE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\sqlservr.exe" -sMTCSOFTWARE [61913952 2010-04-03] (Microsoft Corporation)
    2 MTCSqlJobService; "C:\Program Files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe" [33280 2011-08-16] (Hypertherm, Inc.)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-09-28] (Mentor Graphics Corporation)
    4 SQLAgent$MTCSOFTWARE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\SQLAGENT.EXE" -I MTCSOFTWARE [428384 2010-04-03] (Microsoft Corporation)
    2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1629696 2010-07-13] ()
    4 uvnc_service; "C:\Program Files\UltraVNC\WinVNC.exe" -service [2169592 2011-05-18] (UltraVNC)
    2 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [265928 2012-01-03] (SpeedBit Ltd.)
    4 WinVNC4; "C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service [455632 2005-03-11] (RealVNC Ltd.)

    ========================== Drivers (Whitelisted) =============

    0 67081c7cc168f335; C:\Windows\System32\Drivers\67081c7cc168f335.sys [74184 2012-06-22] () ATTENTION =====> Rootkit?
    2 aksdf; C:\Windows\System32\Drivers\aksdf.sys [78208 2011-11-24] (SafeNet Inc.)
    2 aksfridge; C:\Windows\System32\Drivers\aksfridge.sys [139592 2011-11-24] (SafeNet Inc.)
    3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [53760 2010-09-27] (Aladdin Knowledge Systems Ltd.)
    3 akshhl; C:\Windows\System32\Drivers\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
    3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
    3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-03-24] ()
    3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-03-24] ()
    2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
    3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
    3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
    3 mv2; C:\Windows\System32\Drivers\mv2.sys [12904 2011-12-06] (UVNC BVBA)
    1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 dump_wmimmc; \??\C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 ISODrive; \??\UNC\Bitumadc01\apps\UltraISO\drivers\ISODrv64.sys [x]
    2 MCSTRM; [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-22 07:06 - 2012-08-22 07:06 - 00000000 ____D C:\FRST
    2012-08-22 03:29 - 2012-08-22 03:29 - 00001348 ____A C:\Windows\WindowsUpdate.log
    2012-08-22 03:17 - 2012-08-22 03:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9E07894FD0AA652
    2012-08-22 03:16 - 2012-08-22 03:19 - 00000248 ____A C:\Windows\error.log
    2012-08-22 03:15 - 2012-08-22 03:19 - 00000112 ____A C:\Windows\setupact.log
    2012-08-22 03:15 - 2012-08-22 03:19 - 00000056 ____A C:\Windows\errord.log
    2012-08-22 03:15 - 2012-08-22 03:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-21 09:06 - 2012-08-21 09:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.382C5CAD45DA4418
    2012-08-21 09:01 - 2012-08-21 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6223F8580D82AD0C
    2012-08-21 07:36 - 2012-08-21 07:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE4A0D66CE1347CF
    2012-08-21 06:22 - 2012-08-22 03:58 - 00000000 ____D C:\Users\diehlj\Desktop\virus tools
    2012-08-21 05:16 - 2012-08-21 05:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14C1CEB3F2D8EF49
    2012-08-21 04:09 - 2012-08-21 04:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE3554E591C6E466
    2012-08-21 04:08 - 2012-08-21 04:09 - 71673392 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\msert.exe
    2012-08-21 03:58 - 2012-08-21 03:58 - 00000000 ____A C:\Users\diehlj\Desktop\New Text Document (2).txt
    2012-08-21 03:45 - 2012-08-21 03:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.287F213DB3FAF903
    2012-08-21 03:22 - 2012-08-21 03:22 - 00000000 ____D C:\Windows\pss
    2012-08-20 11:19 - 2012-08-20 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6A40C9FB085F34D
    2012-08-20 10:52 - 2012-08-20 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DC9BDFFDBCDF5569
    2012-08-20 07:40 - 2012-08-20 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-08-20 06:51 - 2012-08-20 06:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\diehlj\Downloads\mbam-setup-1.62.0.1300(1).exe
    2012-08-20 06:46 - 2012-08-20 06:48 - 89340632 ____A C:\Users\diehlj\Downloads\avast_free_antivirus_setup(1).exe
    2012-08-20 06:17 - 2012-08-20 06:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B772D3007852BFDE
    2012-08-20 04:11 - 2012-08-20 04:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.81AB8BCDB1352E61
    2012-08-20 03:57 - 2012-08-20 03:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB0D792C2639B3E9
    2012-08-16 08:57 - 2012-08-16 08:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56EEBE8006BFDBD1
    2012-08-16 03:43 - 2012-08-16 03:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34A0039CC3699DF8
    2012-08-15 03:32 - 2012-08-15 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A987DDA0D0AA20EB
    2012-08-15 03:13 - 2012-08-15 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC908693256E15A6
    2012-08-14 03:03 - 2012-08-14 03:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21436C9A9766D35E
    2012-08-13 08:33 - 2012-08-13 08:33 - 00001568 ____A C:\Users\diehlj\Desktop\KEVIN'S RAILING.dwg - Shortcut.lnk
    2012-08-13 07:46 - 2012-08-13 07:54 - 00000000 ____D C:\Users\diehlj\Desktop\400T PORT DRUM PICS
    2012-08-13 07:31 - 2012-08-13 07:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.786E726CCC81ED8B
    2012-08-13 03:44 - 2012-08-13 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79FA8368E1176211
    2012-08-13 03:31 - 2012-08-13 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E55C186A98A2C25
    2012-08-13 03:25 - 2012-08-13 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87B73C1C34EE663A
    2012-08-13 03:10 - 2012-08-13 03:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57BEE3C6F4F8AD24
    2012-08-10 09:47 - 2012-08-10 09:47 - 00144099 ____A C:\Users\diehlj\Downloads\PARTserver47838521.zip
    2012-08-10 09:10 - 2012-08-10 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF51961F165EF7F7
    2012-08-10 06:50 - 2012-08-10 06:50 - 00000000 ____D C:\Users\diehlj\AppData\Local\{670EDA38-A963-47FB-917E-F31A99F1E8EF}
    2012-08-10 03:16 - 2012-08-10 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31B1C96AD34B1A76
    2012-08-10 02:42 - 2012-08-10 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70CED8CCAFDBCECD
    2012-08-10 02:09 - 2012-08-10 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FEF27F4C13AE263
    2012-08-10 01:35 - 2012-08-10 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96BB268E2ED68ABF
    2012-08-10 01:02 - 2012-08-10 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56292A63575A4350
    2012-08-10 00:28 - 2012-08-10 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04637CDFFB62159D
    2012-08-09 23:43 - 2012-08-09 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1A56F662F3F63B3
    2012-08-09 23:09 - 2012-08-09 23:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D67129C2EF508CB
    2012-08-09 22:36 - 2012-08-09 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC1194FFB84EB0BC
    2012-08-09 21:50 - 2012-08-09 21:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BDE7D6B77715709
    2012-08-09 21:17 - 2012-08-09 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA3A8D5F99E3EA12
    2012-08-09 20:44 - 2012-08-09 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B86E18D06E8B3E04
    2012-08-09 20:10 - 2012-08-09 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF96E371FB843CFB
    2012-08-09 19:37 - 2012-08-09 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0779D54F59CA6BC8
    2012-08-09 19:03 - 2012-08-09 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.773F8938055AEF70
    2012-08-09 18:30 - 2012-08-09 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2B9098C03C3F1765
    2012-08-09 17:56 - 2012-08-09 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85FDDF611848B5C5
    2012-08-09 17:22 - 2012-08-09 17:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDC80B5668192A02
    2012-08-09 16:37 - 2012-08-09 16:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09EC4B970A72F0D9
    2012-08-09 16:03 - 2012-08-09 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C62B12210AEEAD56
    2012-08-09 15:30 - 2012-08-09 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BEF76134DC62787
    2012-08-09 14:56 - 2012-08-09 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1CEA09951D1BF75
    2012-08-09 14:23 - 2012-08-09 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAC3EF5FA5D32A79
    2012-08-09 13:49 - 2012-08-09 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B377BAA79D97FCB3
    2012-08-09 12:40 - 2012-08-09 12:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF3BF416BF743F56
    2012-08-09 06:03 - 2012-08-09 06:03 - 00000000 ____D C:\Users\diehlj\AppData\Local\LogMeIn
    2012-08-09 04:04 - 2012-08-09 04:04 - 00000000 ____A C:\Users\diehlj\Desktop\New Text Document.txt
    2012-08-09 03:48 - 2012-08-09 03:48 - 00347424 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\MicrosoftFixit.wu.RNP.135267943584513158.1.1.Run.exe
    2012-08-09 02:51 - 2012-08-09 02:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D41064C765DF8B3
    2012-08-09 02:17 - 2012-08-09 02:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA3028D6245D17CF
    2012-08-09 01:32 - 2012-08-09 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31B2EAD51930B276
    2012-08-09 00:58 - 2012-08-09 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D0E7FE7FD0030B4
    2012-08-09 00:25 - 2012-08-09 00:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E479FF6ECBEB02D3
    2012-08-08 23:40 - 2012-08-08 23:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0838F16D2017C1B4
    2012-08-08 22:31 - 2012-08-08 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C917ABD82DEF1D7E
    2012-08-08 21:45 - 2012-08-08 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F64B246A4761F0D
    2012-08-08 21:12 - 2012-08-08 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D31D2BA493F4EF6C
    2012-08-08 20:39 - 2012-08-08 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A8EE1917624871D
    2012-08-08 20:05 - 2012-08-08 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18F3C0DDDF71076D
    2012-08-08 19:32 - 2012-08-08 19:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C98BE938B82A5B25
    2012-08-08 18:47 - 2012-08-08 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A225F23A76177ABE
    2012-08-08 18:13 - 2012-08-08 18:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BFB01192DBD69E6
    2012-08-08 17:39 - 2012-08-08 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.793673BCCE17E694
    2012-08-08 17:06 - 2012-08-08 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.072982D6E56357AC
    2012-08-08 16:21 - 2012-08-08 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2368B5D2C7577148
    2012-08-08 15:47 - 2012-08-08 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2583CC5F30A95174
    2012-08-08 15:01 - 2012-08-08 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0B692D867B3FF6EB
    2012-08-08 14:28 - 2012-08-08 14:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A8E1EFCADBCE53F
    2012-08-08 13:42 - 2012-08-08 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA6DFBD6EF07701F
    2012-08-08 12:33 - 2012-08-08 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA1F2B783E018189
    2012-08-08 03:13 - 2012-08-08 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.046CCF7B8251621D
    2012-08-08 02:40 - 2012-08-08 02:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30951C83BDFF711C
    2012-08-08 02:07 - 2012-08-08 02:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B86EAF6B61C08E45
    2012-08-08 01:21 - 2012-08-08 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E64CA73FBF0EE376
    2012-08-08 00:48 - 2012-08-08 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DC313C9BCDC2022
    2012-08-08 00:02 - 2012-08-08 00:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D43FA56101C7A801
    2012-08-07 23:29 - 2012-08-07 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D3FD731B2E98708
    2012-08-07 22:55 - 2012-08-07 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C64BF182746C6A12
    2012-08-07 21:34 - 2012-08-07 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFD3B0BB894E5
    2012-08-07 21:00 - 2012-08-07 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B562F355C4E9D92
    2012-08-07 20:26 - 2012-08-07 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CE52A89042D4332
    2012-08-07 19:53 - 2012-08-07 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE54CD67654FDF2F
    2012-08-07 18:55 - 2012-08-07 18:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BCBD33BE4295288
    2012-08-07 18:10 - 2012-08-07 18:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D16CA00877B11915
    2012-08-07 17:13 - 2012-08-07 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21DD65A0C9AD0BD9
    2012-08-07 16:39 - 2012-08-07 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80865B3065401F7
    2012-08-07 15:54 - 2012-08-07 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CA424C2B9EA9EA3
    2012-08-07 15:20 - 2012-08-07 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.162B1D90FE7AD305
    2012-08-07 14:47 - 2012-08-07 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BE0214E5B85CCE2B
    2012-08-07 14:01 - 2012-08-07 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A4248A2BC5894D8
    2012-08-07 12:52 - 2012-08-07 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6C4A626025BC10D
    2012-08-07 05:16 - 2012-07-03 00:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-07 05:10 - 2012-08-07 05:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E65A08C92B3BFB5D
    2012-08-07 04:50 - 2012-08-07 04:50 - 00448512 ____A (OldTimer Tools) C:\Users\diehlj\Downloads\TFC.exe
    2012-08-07 03:20 - 2012-08-07 03:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9087F79190C4624B
    2012-08-07 02:46 - 2012-08-07 02:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21B22934856BECEE
    2012-08-07 01:49 - 2012-08-07 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B67B40894673CBD
    2012-08-07 01:04 - 2012-08-07 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C05A1C18B25F178
    2012-08-06 23:43 - 2012-08-06 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB63C4610721A54A
    2012-08-06 22:46 - 2012-08-06 22:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D12CEB217F19C782
    2012-08-06 22:13 - 2012-08-06 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.768EBE20F35649DB
    2012-08-06 21:39 - 2012-08-06 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51F6C5EE687269E2
    2012-08-06 20:54 - 2012-08-06 20:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.820D6EA40336FCEB
    2012-08-06 20:09 - 2012-08-06 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B8329801DD06B56
    2012-08-06 19:56 - 2012-08-06 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCEE5005AD801554
    2012-08-06 19:11 - 2012-08-06 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64C151CEE3A40AB1
    2012-08-06 18:38 - 2012-08-06 18:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4775EEB6B5C93E2B
    2012-08-06 17:52 - 2012-08-06 17:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2F33E64CD5761BE
    2012-08-06 17:19 - 2012-08-06 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E76EF4E793C6C9D
    2012-08-06 16:46 - 2012-08-06 16:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A09916402F57602
    2012-08-06 16:01 - 2012-08-06 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14329BF4752CFC0F
    2012-08-06 15:16 - 2012-08-06 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBB6732CD94F7FEC
    2012-08-06 14:30 - 2012-08-06 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4890D67C3C3441D9
    2012-08-06 13:33 - 2012-08-06 13:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C997ED0879F465C
    2012-08-06 12:36 - 2012-08-06 12:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2954000000018B81
    2012-08-06 07:16 - 2012-08-06 07:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF16BDE8263E7A8D
    2012-08-06 06:36 - 2012-08-06 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.354656BE4D18349D
    2012-08-06 03:29 - 2012-08-06 03:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-08-06 03:16 - 2012-08-06 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42785F79AAB58293
    2012-08-03 09:41 - 2012-08-03 09:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D9F4241F5CFFC73
    2012-08-03 09:07 - 2012-08-03 09:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B7F06D4CA870611
    2012-08-03 06:14 - 2012-08-16 09:03 - 00870128 ____A C:\Users\diehlj\AppData\Roaming\mcs.rma
    2012-08-03 06:14 - 2012-08-16 09:03 - 00000004 ____A C:\Users\diehlj\AppData\Roaming\926A63
    2012-08-03 04:31 - 2012-08-22 03:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-03 03:17 - 2012-08-03 03:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB921AEE3FC11B8C
    2012-08-02 06:42 - 2012-08-02 06:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.090AD02303831B6C
    2012-08-02 05:32 - 2012-08-02 05:32 - 00000000 ____D C:\Users\diehlj\AppData\Local\{113C53BA-B2FC-4498-95F8-1A225921BF96}
    2012-08-02 05:32 - 2012-08-02 05:32 - 00000000 ____D C:\Users\diehlj\AppData\Local\{08AD4B9C-F8EA-4E35-A361-ECEBAAA2E3CD}
    2012-08-02 03:27 - 2012-08-13 04:07 - 00001414 ____A C:\Users\diehlj\Desktop\Standard dwgs for job compiled from what I had here on HDD - Shortcut.lnk
    2012-08-02 02:30 - 2012-08-02 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.224CBADFDED25BC8
    2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357356ECC0289E94
    2012-08-02 01:05 - 2012-08-02 01:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9F5619CA0C8F43B
    2012-08-02 00:17 - 2012-08-02 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3722A8D89B5DA503
    2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24CCCAFF3F705690
    2012-08-01 22:53 - 2012-08-01 22:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BA6127F167CB43F
    2012-08-01 22:05 - 2012-08-01 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CD4BDF867C798A4
    2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D4B8203064E1319
    2012-08-01 20:42 - 2012-08-01 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7999528496614964
    2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01A83A1195FE5819
    2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEA9AB1F1D6067FA
    2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7835CBA1D647540A
    2012-08-01 16:54 - 2012-08-01 16:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A0D44792EF167EC
    2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BF07EF6A8B4045D8
    2012-08-01 15:30 - 2012-08-01 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.215E0438E1062620
    2012-08-01 14:54 - 2012-08-01 14:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.019ADC46CC42D4D4
    2012-08-01 14:18 - 2012-08-01 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B1935C61EB2A66A
    2012-08-01 13:42 - 2012-08-01 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0129EAAB3665E0C4
    2012-08-01 12:30 - 2012-08-01 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B2CAEEA9E5B5996
    2012-08-01 11:42 - 2012-08-01 11:42 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\diehlj\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-01 11:42 - 2012-08-01 11:42 - 03907920 ____A (Piriform Ltd) C:\Users\diehlj\Downloads\ccsetup321.exe
    2012-08-01 07:19 - 2012-08-01 07:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E883354F5B2FD7FF
    2012-08-01 03:26 - 2012-08-01 03:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1955BA19914F868
    2012-08-01 03:12 - 2012-08-01 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84C5F16DF400A505
    2012-08-01 02:36 - 2012-08-01 02:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9134468CD42F760A
    2012-08-01 02:00 - 2012-08-01 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9716A08E3D5CBC92
    2012-08-01 01:12 - 2012-08-01 01:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31D5A6789158139
    2012-08-01 00:36 - 2012-08-01 00:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04462462FC2F91DB
    2012-08-01 00:00 - 2012-08-01 00:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79EB1653F1D1CAD
    2012-07-31 23:13 - 2012-07-31 23:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.675A3DD176BC94D5
    2012-07-31 22:36 - 2012-07-31 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DCF39852EDF21BA
    2012-07-31 22:00 - 2012-07-31 22:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB349FE4854546FD
    2012-07-31 21:24 - 2012-07-31 21:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6682271786045B
    2012-07-31 20:48 - 2012-07-31 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.706EEFACB952986D
    2012-07-31 20:01 - 2012-07-31 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.738970F558A9A2CC
    2012-07-31 19:13 - 2012-07-31 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9372AF8C48F83C5B
    2012-07-31 18:37 - 2012-07-31 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A057CC222A2FF9B7
    2012-07-31 18:01 - 2012-07-31 18:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3295C28D319F0BAD
    2012-07-31 17:25 - 2012-07-31 17:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF984E55FDAD8CCB
    2012-07-31 16:49 - 2012-07-31 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DE1EDC94A7C45EB
    2012-07-31 16:02 - 2012-07-31 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6EB81EB661B84F3
    2012-07-31 15:26 - 2012-07-31 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3DB528C66E5CEA0
    2012-07-31 14:50 - 2012-07-31 14:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF02590C50F5E301
    2012-07-31 14:14 - 2012-07-31 14:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5922F95F7E3581EC
    2012-07-31 13:38 - 2012-07-31 13:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.43F52A7B496DBAD4
    2012-07-31 12:51 - 2012-07-31 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F09AC6EEDAB76EB9
    2012-07-31 12:14 - 2012-07-31 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.412B80B1ED7785F5
    2012-07-31 07:59 - 2012-07-31 07:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A308782FA1AB350C
    2012-07-31 07:11 - 2012-07-31 07:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32F9C54A74985798
    2012-07-31 03:09 - 2010-12-31 22:14 - 00002254 ___RA C:\Users\diehlj\Downloads\eula.txt
    2012-07-31 03:08 - 2012-07-31 03:09 - 02117108 ____A C:\Users\diehlj\Downloads\tdsskiller(1).zip
    2012-07-31 03:07 - 2012-07-31 03:07 - 00000587 ____A C:\rkill.log
    2012-07-31 02:29 - 2012-07-31 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C89E96FDCC6D9C4
    2012-07-31 01:53 - 2012-07-31 01:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6683264FBD76A8D
    2012-07-31 01:06 - 2012-07-31 01:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B62C8FA4D666141F
    2012-07-31 00:30 - 2012-07-31 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF4212D8F99440C1
    2012-07-30 23:54 - 2012-07-30 23:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C06BA1F84F891FD3
    2012-07-30 23:06 - 2012-07-30 23:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1C2D6C7697BECFF
    2012-07-30 22:30 - 2012-07-30 22:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C66B495DF1B7F901
    2012-07-30 21:54 - 2012-07-30 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.796FD406606A3CE2
    2012-07-30 21:18 - 2012-07-30 21:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3415CF5AFFD40B25
    2012-07-30 20:43 - 2012-07-30 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C3333F8084AF71F
    2012-07-30 20:06 - 2012-07-30 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2166FA9F1198D9CA
    2012-07-30 19:18 - 2012-07-30 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D11DB06A54D3E37B
    2012-07-30 18:30 - 2012-07-30 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A080C4203F1AC22
    2012-07-30 17:54 - 2012-07-30 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917B4F8DC97DC6B7
    2012-07-30 17:06 - 2012-07-30 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF99F1FE9CBCC65E
    2012-07-30 16:31 - 2012-07-30 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51C45D9FA4E2035B
    2012-07-30 15:55 - 2012-07-30 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.341F7906C0C19A6A
    2012-07-30 15:07 - 2012-07-30 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53E6124CBD32EE59
    2012-07-30 14:31 - 2012-07-30 14:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93210D4FC540276F
    2012-07-30 13:55 - 2012-07-30 13:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27879C0E88BCDCF7
    2012-07-30 13:19 - 2012-07-30 13:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E364D5380263BE0
    2012-07-30 12:31 - 2012-07-30 12:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.651B0DED75DD9B79
    2012-07-30 10:08 - 2012-07-30 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A545F2D806886A3
    2012-07-30 03:29 - 2012-07-30 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F37882B2ECB85E6
    2012-07-27 03:13 - 2012-07-27 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB944DDB1E320CFA
    2012-07-27 02:38 - 2012-07-27 02:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9940C91BA45BCB2
    2012-07-27 02:01 - 2012-07-27 02:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59EB6CE104512D3E
    2012-07-27 01:25 - 2012-07-27 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D8FF1F8BD696CA66
    2012-07-27 00:49 - 2012-07-27 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15E5D6A146FC6512
    2012-07-27 00:13 - 2012-07-27 00:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20CC49734DCCEC04
    2012-07-26 23:25 - 2012-07-26 23:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E63D7E6DB924910
    2012-07-26 22:37 - 2012-07-26 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD22F2965D863039
    2012-07-26 22:01 - 2012-07-26 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72A0C6FAE6059C57
    2012-07-26 21:26 - 2012-07-26 21:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6699AD5C93E65FD
    2012-07-26 20:50 - 2012-07-26 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.477CCF94941EEF17
    2012-07-26 20:02 - 2012-07-26 20:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.69763CE38BEB8B36
    2012-07-26 19:26 - 2012-07-26 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F003012E4C96D3BE
    2012-07-26 18:50 - 2012-07-26 18:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AA48050D3A52F01
    2012-07-26 18:14 - 2012-07-26 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62F7433A90462B94
    2012-07-26 17:39 - 2012-07-26 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A97FB002CB4166D
    2012-07-26 17:03 - 2012-07-26 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8BCA8E978BDA19A
    2012-07-26 16:27 - 2012-07-26 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA5B979F024BFC5E
    2012-07-26 15:51 - 2012-07-26 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.147DECF07E0CC8D3
    2012-07-26 15:15 - 2012-07-26 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E8F6CBDDD51E143
    2012-07-26 14:27 - 2012-07-26 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7281D37D96E686B2
    2012-07-26 13:51 - 2012-07-26 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E621CB58766E34B3
    2012-07-26 12:51 - 2012-07-26 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B93817A900E05EB
    2012-07-26 10:19 - 2012-07-26 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20363FB1120D456F
    2012-07-26 03:19 - 2012-07-26 03:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5F1E81C291D290C
    2012-07-26 03:04 - 2012-07-26 03:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAA65D5AD776ABCD
    2012-07-26 02:30 - 2012-07-26 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52408FE129B19A39
    2012-07-26 01:55 - 2012-07-26 01:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00A14A39D0051F6A
    2012-07-26 01:08 - 2012-07-26 01:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6902218D58BAC35
    2012-07-26 00:33 - 2012-07-26 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E03AF086EA39B82
    2012-07-25 23:58 - 2012-07-25 23:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3382151FFA20B9BC
    2012-07-25 23:23 - 2012-07-25 23:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FE84371D650F6CA
    2012-07-25 22:47 - 2012-07-25 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F75120D5A085289C
    2012-07-25 22:12 - 2012-07-25 22:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D4238C640FF9DB19
    2012-07-25 21:37 - 2012-07-25 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4CB76BF8B6CA21E
    2012-07-25 21:02 - 2012-07-25 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C94F17A4DFAB9CD
    2012-07-25 20:27 - 2012-07-25 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.967D8FAA58768A4A
    2012-07-25 19:41 - 2012-07-25 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD0D57A88112A306
    2012-07-25 19:06 - 2012-07-25 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF3683F7549EF42C
    2012-07-25 18:31 - 2012-07-25 18:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A5BAE3BE21F1E4B
    2012-07-25 17:56 - 2012-07-25 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E3693D95EC86AB
    2012-07-25 17:21 - 2012-07-25 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0BC506040BD372E
    2012-07-25 16:34 - 2012-07-25 16:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.883DB89A9857FCBD
    2012-07-25 15:59 - 2012-07-25 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31740C6C0336F06B
    2012-07-25 15:24 - 2012-07-25 15:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0348043D60C009A6
    2012-07-25 14:49 - 2012-07-25 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAAF1CE68C03DA64
    2012-07-25 14:02 - 2012-07-25 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1960C865AA639565
    2012-07-25 13:27 - 2012-07-25 13:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B020D065A8D4034
    2012-07-25 12:52 - 2012-07-25 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28217BBE2F60AAB1
    2012-07-25 12:17 - 2012-07-25 12:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.926C925DA6C6AF89
    2012-07-25 11:21 - 2012-07-25 11:21 - 00000000 ____D C:\Windows\en
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{EC586BF2-888F-4CDD-959D-EDB5F69AC112}
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{B6A7A86D-FC12-4351-BAC0-9D710281FA91}
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{1F586F0F-6260-4704-A204-E8D5304F2CC0}
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{12D8FB23-6D7C-48BB-B08B-83114219671A}
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{092ED90A-E16F-418A-9CE8-7DE892763208}
    2012-07-25 11:05 - 2012-07-25 11:06 - 00000000 ____D C:\Users\diehlj\AppData\Local\{E18E82AA-9A0C-4C6B-95E7-061B824F2774}
    2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{EDC427DC-B291-4B6A-AD99-382336AE888E}
    2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{BB932961-495A-4D84-BA19-A1C41A09084A}
    2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{A416B975-C3C2-4973-889E-6918077DA3EF}
    2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{57D4F123-D4B2-4D83-AF22-D4A5756891D7}
    2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{05483F89-E5F1-462B-9469-5392E5178B2E}
    2012-07-25 11:04 - 2012-07-25 11:05 - 00000000 ____D C:\Users\diehlj\AppData\Local\{68D0A384-2BDD-4B22-B585-0930A6768AD6}
    2012-07-25 11:04 - 2012-07-25 11:04 - 00000000 ____D C:\Users\diehlj\AppData\Local\{A0604A03-614A-4D6A-AC91-A98858334553}
    2012-07-25 11:04 - 2012-07-25 11:04 - 00000000 ____D C:\Users\diehlj\AppData\Local\{68F3F894-0C38-4658-80B5-F638E2F57F9A}
    2012-07-25 06:44 - 2012-07-25 06:44 - 00000000 ____D C:\Users\diehlj\AppData\Local\{F591A578-21FD-4631-AAB3-20C2079FE9CD}
    2012-07-25 06:44 - 2012-07-25 06:44 - 00000000 ____D C:\Users\diehlj\AppData\Local\{1E02ED42-3295-4504-B269-B0A43F7BA749}
    2012-07-25 02:34 - 2012-07-25 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.582021393E0CE0D0
    2012-07-25 01:47 - 2012-07-25 01:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.001A62493D3E4CC9
    2012-07-25 01:00 - 2012-07-25 01:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06C606FEBF6575EB
    2012-07-25 00:25 - 2012-07-25 00:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19D7E767400627FC
    2012-07-24 23:50 - 2012-07-24 23:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0BB045569659D67
    2012-07-24 23:15 - 2012-07-24 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E33548A8928F00BF
    2012-07-24 22:28 - 2012-07-24 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D5DAF7534FB6A61
    2012-07-24 21:53 - 2012-07-24 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE50D92F0BAFBAE9
    2012-07-24 21:06 - 2012-07-24 21:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B6689DAB8A973C8
    2012-07-24 20:31 - 2012-07-24 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6009CC263DA8EB6
    2012-07-24 19:55 - 2012-07-24 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93F95679E43FE4E7
    2012-07-24 19:20 - 2012-07-24 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12B6CD4473F87796
    2012-07-24 18:45 - 2012-07-24 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B1C9783BC07C55A
    2012-07-24 18:10 - 2012-07-24 18:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.244FA627F615E06B
    2012-07-24 17:35 - 2012-07-24 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB102292C11AF55B
    2012-07-24 17:00 - 2012-07-24 17:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C5DC3D11BD6ACED
    2012-07-24 16:25 - 2012-07-24 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF16E8A5BCD838A
    2012-07-24 15:50 - 2012-07-24 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A22F5F787C7E0D3
    2012-07-24 15:15 - 2012-07-24 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F73F9F3EF2BB6058
    2012-07-24 14:16 - 2012-07-24 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C13ED303DCD0A0A
    2012-07-24 02:43 - 2012-07-24 02:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4858A7A5E5F1140D
    2012-07-24 02:08 - 2012-07-24 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE6C79D837BAE0E9
    2012-07-24 01:22 - 2012-07-24 01:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E435E06C7AAF08DF
    2012-07-24 00:47 - 2012-07-24 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D5C5781D44F04FC
    2012-07-24 00:12 - 2012-07-24 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.013C64B6ACEBD3D8
    2012-07-23 23:37 - 2012-07-23 23:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F76FD0E32BBE53E
    2012-07-23 23:02 - 2012-07-23 23:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBD62F9E516EF7DD
    2012-07-23 22:15 - 2012-07-23 22:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C766D78DFADCC299
    2012-07-23 21:40 - 2012-07-23 21:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.061B63583EFC3D15
    2012-07-23 21:04 - 2012-07-23 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAEA6D73D25346C1
    2012-07-23 20:29 - 2012-07-23 20:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C54217461DC4B332
    2012-07-23 19:54 - 2012-07-23 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76ADC0F749F32C04
    2012-07-23 19:19 - 2012-07-23 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26F3DFD6CFABC36F
    2012-07-23 18:44 - 2012-07-23 18:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F1B16ACE022F19B
    2012-07-23 18:09 - 2012-07-23 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33E49513CD86298A
    2012-07-23 17:34 - 2012-07-23 17:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59F1349C4D4DBEE3
    2012-07-23 16:58 - 2012-07-23 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8AFE994FC16EEE2
    2012-07-23 16:23 - 2012-07-23 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9E98A92281E03DA
    2012-07-23 15:48 - 2012-07-23 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B74F26906EED03
    2012-07-23 15:01 - 2012-07-23 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49E72D84B667B96A
    2012-07-23 14:26 - 2012-07-23 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A21946A49706A84E
    2012-07-23 13:51 - 2012-07-23 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A862C16F49CA3BD
    2012-07-23 13:16 - 2012-07-23 13:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3A9F7B90284FE1F
    2012-07-23 12:41 - 2012-07-23 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0FA8699B07BFB79
    2012-07-23 12:06 - 2012-07-23 12:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED34B2139D6B8FAA
    2012-07-23 11:31 - 2012-07-23 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C312191CA3233186
    2012-07-23 10:44 - 2012-07-23 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DFCCE21F073F7DD
    2012-07-23 10:09 - 2012-07-23 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED30D3467EAD6236
    2012-07-23 09:34 - 2012-07-23 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.872297B9C36BDC63
    2012-07-23 03:55 - 2012-07-23 03:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55C0669102F69A5A
     

    Attached Files:

  8. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    ============ 3 Months Modified Files ========================

    2012-08-22 03:29 - 2012-08-22 03:29 - 00001348 ____A C:\Windows\WindowsUpdate.log
    2012-08-22 03:27 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-22 03:27 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-22 03:24 - 2009-07-13 21:13 - 00840952 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-22 03:23 - 2011-09-07 06:45 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265UA.job
    2012-08-22 03:23 - 2011-07-28 06:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-22 03:19 - 2012-08-22 03:16 - 00000248 ____A C:\Windows\error.log
    2012-08-22 03:19 - 2012-08-22 03:15 - 00000112 ____A C:\Windows\setupact.log
    2012-08-22 03:19 - 2012-08-22 03:15 - 00000056 ____A C:\Windows\errord.log
    2012-08-22 03:19 - 2011-07-28 06:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-22 03:19 - 2011-04-14 07:58 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
    2012-08-22 03:19 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-22 03:17 - 2012-08-22 03:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9E07894FD0AA652
    2012-08-22 03:16 - 2012-08-03 04:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-22 03:15 - 2012-08-22 03:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-21 09:06 - 2012-08-21 09:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.382C5CAD45DA4418
    2012-08-21 09:01 - 2012-08-21 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6223F8580D82AD0C
    2012-08-21 07:37 - 2012-08-21 07:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE4A0D66CE1347CF
    2012-08-21 05:16 - 2012-08-21 05:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14C1CEB3F2D8EF49
    2012-08-21 04:09 - 2012-08-21 04:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE3554E591C6E466
    2012-08-21 04:09 - 2012-08-21 04:08 - 71673392 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\msert.exe
    2012-08-21 03:58 - 2012-08-21 03:58 - 00000000 ____A C:\Users\diehlj\Desktop\New Text Document (2).txt
    2012-08-21 03:45 - 2012-08-21 03:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.287F213DB3FAF903
    2012-08-20 11:19 - 2012-08-20 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6A40C9FB085F34D
    2012-08-20 10:52 - 2012-08-20 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DC9BDFFDBCDF5569
    2012-08-20 06:52 - 2012-08-20 06:51 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\diehlj\Downloads\mbam-setup-1.62.0.1300(1).exe
    2012-08-20 06:48 - 2012-08-20 06:46 - 89340632 ____A C:\Users\diehlj\Downloads\avast_free_antivirus_setup(1).exe
    2012-08-20 06:17 - 2012-08-20 06:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B772D3007852BFDE
    2012-08-20 04:23 - 2011-09-07 06:45 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265Core.job
    2012-08-20 04:11 - 2012-08-20 04:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.81AB8BCDB1352E61
    2012-08-20 03:57 - 2012-08-20 03:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB0D792C2639B3E9
    2012-08-16 09:03 - 2012-08-03 06:14 - 00870128 ____A C:\Users\diehlj\AppData\Roaming\mcs.rma
    2012-08-16 09:03 - 2012-08-03 06:14 - 00000004 ____A C:\Users\diehlj\AppData\Roaming\926A63
    2012-08-16 08:57 - 2012-08-16 08:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56EEBE8006BFDBD1
    2012-08-16 03:43 - 2012-08-16 03:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34A0039CC3699DF8
    2012-08-15 05:16 - 2012-04-30 03:37 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-15 05:16 - 2012-04-06 07:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 05:16 - 2011-05-14 05:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-15 03:32 - 2012-08-15 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A987DDA0D0AA20EB
    2012-08-15 03:13 - 2012-08-15 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC908693256E15A6
    2012-08-14 03:03 - 2012-08-14 03:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21436C9A9766D35E
    2012-08-13 08:33 - 2012-08-13 08:33 - 00001568 ____A C:\Users\diehlj\Desktop\KEVIN'S RAILING.dwg - Shortcut.lnk
    2012-08-13 07:31 - 2012-08-13 07:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.786E726CCC81ED8B
    2012-08-13 04:07 - 2012-08-02 03:27 - 00001414 ____A C:\Users\diehlj\Desktop\Standard dwgs for job compiled from what I had here on HDD - Shortcut.lnk
    2012-08-13 03:44 - 2012-08-13 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79FA8368E1176211
    2012-08-13 03:34 - 2011-04-13 11:12 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-08-13 03:31 - 2012-08-13 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E55C186A98A2C25
    2012-08-13 03:25 - 2012-08-13 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87B73C1C34EE663A
    2012-08-13 03:10 - 2012-08-13 03:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57BEE3C6F4F8AD24
    2012-08-10 09:47 - 2012-08-10 09:47 - 00144099 ____A C:\Users\diehlj\Downloads\PARTserver47838521.zip
    2012-08-10 09:10 - 2012-08-10 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF51961F165EF7F7
    2012-08-10 03:16 - 2012-08-10 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31B1C96AD34B1A76
    2012-08-10 02:42 - 2012-08-10 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70CED8CCAFDBCECD
    2012-08-10 02:09 - 2012-08-10 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FEF27F4C13AE263
    2012-08-10 01:35 - 2012-08-10 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96BB268E2ED68ABF
    2012-08-10 01:02 - 2012-08-10 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56292A63575A4350
    2012-08-10 00:28 - 2012-08-10 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04637CDFFB62159D
    2012-08-09 23:43 - 2012-08-09 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1A56F662F3F63B3
    2012-08-09 23:09 - 2012-08-09 23:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D67129C2EF508CB
    2012-08-09 22:36 - 2012-08-09 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC1194FFB84EB0BC
    2012-08-09 21:50 - 2012-08-09 21:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3BDE7D6B77715709
    2012-08-09 21:17 - 2012-08-09 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA3A8D5F99E3EA12
    2012-08-09 20:44 - 2012-08-09 20:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B86E18D06E8B3E04
    2012-08-09 20:10 - 2012-08-09 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF96E371FB843CFB
    2012-08-09 19:37 - 2012-08-09 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0779D54F59CA6BC8
    2012-08-09 19:03 - 2012-08-09 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.773F8938055AEF70
    2012-08-09 18:30 - 2012-08-09 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2B9098C03C3F1765
    2012-08-09 17:56 - 2012-08-09 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85FDDF611848B5C5
    2012-08-09 17:22 - 2012-08-09 17:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDC80B5668192A02
    2012-08-09 16:37 - 2012-08-09 16:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09EC4B970A72F0D9
    2012-08-09 16:03 - 2012-08-09 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C62B12210AEEAD56
    2012-08-09 15:30 - 2012-08-09 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BEF76134DC62787
    2012-08-09 14:56 - 2012-08-09 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1CEA09951D1BF75
    2012-08-09 14:23 - 2012-08-09 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAC3EF5FA5D32A79
    2012-08-09 13:49 - 2012-08-09 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B377BAA79D97FCB3
    2012-08-09 12:40 - 2012-08-09 12:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF3BF416BF743F56
    2012-08-09 04:04 - 2012-08-09 04:04 - 00000000 ____A C:\Users\diehlj\Desktop\New Text Document.txt
    2012-08-09 03:48 - 2012-08-09 03:48 - 00347424 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\MicrosoftFixit.wu.RNP.135267943584513158.1.1.Run.exe
    2012-08-09 02:51 - 2012-08-09 02:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D41064C765DF8B3
    2012-08-09 02:17 - 2012-08-09 02:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA3028D6245D17CF
    2012-08-09 01:32 - 2012-08-09 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31B2EAD51930B276
    2012-08-09 00:58 - 2012-08-09 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D0E7FE7FD0030B4
    2012-08-09 00:25 - 2012-08-09 00:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E479FF6ECBEB02D3
    2012-08-08 23:40 - 2012-08-08 23:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0838F16D2017C1B4
    2012-08-08 22:31 - 2012-08-08 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C917ABD82DEF1D7E
    2012-08-08 21:45 - 2012-08-08 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F64B246A4761F0D
    2012-08-08 21:12 - 2012-08-08 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D31D2BA493F4EF6C
    2012-08-08 20:39 - 2012-08-08 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A8EE1917624871D
    2012-08-08 20:05 - 2012-08-08 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18F3C0DDDF71076D
    2012-08-08 19:32 - 2012-08-08 19:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C98BE938B82A5B25
    2012-08-08 18:47 - 2012-08-08 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A225F23A76177ABE
    2012-08-08 18:13 - 2012-08-08 18:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BFB01192DBD69E6
    2012-08-08 17:39 - 2012-08-08 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.793673BCCE17E694
    2012-08-08 17:06 - 2012-08-08 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.072982D6E56357AC
    2012-08-08 16:21 - 2012-08-08 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2368B5D2C7577148
    2012-08-08 15:47 - 2012-08-08 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2583CC5F30A95174
    2012-08-08 15:01 - 2012-08-08 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0B692D867B3FF6EB
    2012-08-08 14:28 - 2012-08-08 14:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A8E1EFCADBCE53F
    2012-08-08 13:42 - 2012-08-08 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA6DFBD6EF07701F
    2012-08-08 12:33 - 2012-08-08 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA1F2B783E018189
    2012-08-08 03:13 - 2012-08-08 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.046CCF7B8251621D
    2012-08-08 02:40 - 2012-08-08 02:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30951C83BDFF711C
    2012-08-08 02:07 - 2012-08-08 02:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B86EAF6B61C08E45
    2012-08-08 01:21 - 2012-08-08 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E64CA73FBF0EE376
    2012-08-08 00:48 - 2012-08-08 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DC313C9BCDC2022
    2012-08-08 00:02 - 2012-08-08 00:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D43FA56101C7A801
    2012-08-07 23:29 - 2012-08-07 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D3FD731B2E98708
    2012-08-07 22:55 - 2012-08-07 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C64BF182746C6A12
    2012-08-07 21:34 - 2012-08-07 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFD3B0BB894E5
    2012-08-07 21:00 - 2012-08-07 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B562F355C4E9D92
    2012-08-07 20:26 - 2012-08-07 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CE52A89042D4332
    2012-08-07 19:53 - 2012-08-07 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE54CD67654FDF2F
    2012-08-07 18:55 - 2012-08-07 18:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BCBD33BE4295288
    2012-08-07 18:10 - 2012-08-07 18:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D16CA00877B11915
    2012-08-07 17:13 - 2012-08-07 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21DD65A0C9AD0BD9
    2012-08-07 16:39 - 2012-08-07 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80865B3065401F7
    2012-08-07 15:54 - 2012-08-07 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CA424C2B9EA9EA3
    2012-08-07 15:20 - 2012-08-07 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.162B1D90FE7AD305
    2012-08-07 14:47 - 2012-08-07 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BE0214E5B85CCE2B
    2012-08-07 14:01 - 2012-08-07 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A4248A2BC5894D8
    2012-08-07 12:52 - 2012-08-07 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6C4A626025BC10D
    2012-08-07 05:10 - 2012-08-07 05:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E65A08C92B3BFB5D
    2012-08-07 04:50 - 2012-08-07 04:50 - 00448512 ____A (OldTimer Tools) C:\Users\diehlj\Downloads\TFC.exe
    2012-08-07 03:20 - 2012-08-07 03:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9087F79190C4624B
    2012-08-07 02:46 - 2012-08-07 02:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21B22934856BECEE
    2012-08-07 01:49 - 2012-08-07 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B67B40894673CBD
    2012-08-07 01:04 - 2012-08-07 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C05A1C18B25F178
    2012-08-06 23:43 - 2012-08-06 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB63C4610721A54A
    2012-08-06 22:46 - 2012-08-06 22:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D12CEB217F19C782
    2012-08-06 22:13 - 2012-08-06 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.768EBE20F35649DB
    2012-08-06 21:39 - 2012-08-06 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51F6C5EE687269E2
    2012-08-06 20:54 - 2012-08-06 20:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.820D6EA40336FCEB
    2012-08-06 20:09 - 2012-08-06 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B8329801DD06B56
    2012-08-06 19:56 - 2012-08-06 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCEE5005AD801554
    2012-08-06 19:11 - 2012-08-06 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64C151CEE3A40AB1
    2012-08-06 18:38 - 2012-08-06 18:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4775EEB6B5C93E2B
    2012-08-06 17:52 - 2012-08-06 17:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2F33E64CD5761BE
    2012-08-06 17:19 - 2012-08-06 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E76EF4E793C6C9D
    2012-08-06 16:46 - 2012-08-06 16:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A09916402F57602
    2012-08-06 16:01 - 2012-08-06 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14329BF4752CFC0F
    2012-08-06 15:18 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-06 15:16 - 2012-08-06 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBB6732CD94F7FEC
    2012-08-06 14:30 - 2012-08-06 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4890D67C3C3441D9
    2012-08-06 13:33 - 2012-08-06 13:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C997ED0879F465C
    2012-08-06 12:36 - 2012-08-06 12:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2954000000018B81
    2012-08-06 07:16 - 2012-08-06 07:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF16BDE8263E7A8D
    2012-08-06 06:36 - 2012-08-06 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.354656BE4D18349D
    2012-08-06 03:48 - 2012-01-04 12:18 - 00000179 ____A C:\Users\diehlj\.MIDI_PRT.CFG
    2012-08-06 03:16 - 2012-08-06 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42785F79AAB58293
    2012-08-03 09:41 - 2012-08-03 09:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D9F4241F5CFFC73
    2012-08-03 09:07 - 2012-08-03 09:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B7F06D4CA870611
    2012-08-03 03:17 - 2012-08-03 03:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB921AEE3FC11B8C
    2012-08-02 06:42 - 2012-08-02 06:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.090AD02303831B6C
    2012-08-02 02:30 - 2012-08-02 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.224CBADFDED25BC8
    2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357356ECC0289E94
    2012-08-02 01:05 - 2012-08-02 01:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9F5619CA0C8F43B
    2012-08-02 00:17 - 2012-08-02 00:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3722A8D89B5DA503
    2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24CCCAFF3F705690
    2012-08-01 22:53 - 2012-08-01 22:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0BA6127F167CB43F
    2012-08-01 22:05 - 2012-08-01 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CD4BDF867C798A4
    2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D4B8203064E1319
    2012-08-01 20:42 - 2012-08-01 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7999528496614964
    2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01A83A1195FE5819
    2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEA9AB1F1D6067FA
    2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7835CBA1D647540A
    2012-08-01 16:54 - 2012-08-01 16:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A0D44792EF167EC
    2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BF07EF6A8B4045D8
    2012-08-01 15:30 - 2012-08-01 15:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.215E0438E1062620
    2012-08-01 14:54 - 2012-08-01 14:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.019ADC46CC42D4D4
    2012-08-01 14:18 - 2012-08-01 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B1935C61EB2A66A
    2012-08-01 13:42 - 2012-08-01 13:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0129EAAB3665E0C4
    2012-08-01 12:30 - 2012-08-01 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B2CAEEA9E5B5996
    2012-08-01 11:42 - 2012-08-01 11:42 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\diehlj\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-01 11:42 - 2012-08-01 11:42 - 03907920 ____A (Piriform Ltd) C:\Users\diehlj\Downloads\ccsetup321.exe
    2012-08-01 07:19 - 2012-08-01 07:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E883354F5B2FD7FF
    2012-08-01 03:26 - 2012-08-01 03:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1955BA19914F868
    2012-08-01 03:12 - 2012-08-01 03:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.84C5F16DF400A505
    2012-08-01 02:36 - 2012-08-01 02:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9134468CD42F760A
    2012-08-01 02:00 - 2012-08-01 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9716A08E3D5CBC92
    2012-08-01 01:12 - 2012-08-01 01:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31D5A6789158139
    2012-08-01 00:36 - 2012-08-01 00:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04462462FC2F91DB
    2012-08-01 00:00 - 2012-08-01 00:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79EB1653F1D1CAD
    2012-07-31 23:13 - 2012-07-31 23:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.675A3DD176BC94D5
    2012-07-31 22:36 - 2012-07-31 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DCF39852EDF21BA
    2012-07-31 22:00 - 2012-07-31 22:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB349FE4854546FD
    2012-07-31 21:24 - 2012-07-31 21:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C6682271786045B
    2012-07-31 20:48 - 2012-07-31 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.706EEFACB952986D
    2012-07-31 20:01 - 2012-07-31 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.738970F558A9A2CC
    2012-07-31 19:13 - 2012-07-31 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9372AF8C48F83C5B
    2012-07-31 18:37 - 2012-07-31 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A057CC222A2FF9B7
    2012-07-31 18:01 - 2012-07-31 18:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3295C28D319F0BAD
    2012-07-31 17:25 - 2012-07-31 17:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF984E55FDAD8CCB
    2012-07-31 16:49 - 2012-07-31 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DE1EDC94A7C45EB
    2012-07-31 16:02 - 2012-07-31 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6EB81EB661B84F3
    2012-07-31 15:26 - 2012-07-31 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3DB528C66E5CEA0
    2012-07-31 14:50 - 2012-07-31 14:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF02590C50F5E301
    2012-07-31 14:14 - 2012-07-31 14:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5922F95F7E3581EC
    2012-07-31 13:38 - 2012-07-31 13:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.43F52A7B496DBAD4
    2012-07-31 12:51 - 2012-07-31 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F09AC6EEDAB76EB9
    2012-07-31 12:14 - 2012-07-31 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.412B80B1ED7785F5
    2012-07-31 07:59 - 2012-07-31 07:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A308782FA1AB350C
    2012-07-31 07:11 - 2012-07-31 07:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32F9C54A74985798
    2012-07-31 03:09 - 2012-07-31 03:08 - 02117108 ____A C:\Users\diehlj\Downloads\tdsskiller(1).zip
    2012-07-31 03:07 - 2012-07-31 03:07 - 00000587 ____A C:\rkill.log
    2012-07-31 02:29 - 2012-07-31 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C89E96FDCC6D9C4
    2012-07-31 01:53 - 2012-07-31 01:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6683264FBD76A8D
    2012-07-31 01:06 - 2012-07-31 01:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B62C8FA4D666141F
    2012-07-31 00:30 - 2012-07-31 00:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF4212D8F99440C1
    2012-07-30 23:54 - 2012-07-30 23:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C06BA1F84F891FD3
    2012-07-30 23:06 - 2012-07-30 23:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1C2D6C7697BECFF
    2012-07-30 22:30 - 2012-07-30 22:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C66B495DF1B7F901
    2012-07-30 21:54 - 2012-07-30 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.796FD406606A3CE2
    2012-07-30 21:18 - 2012-07-30 21:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3415CF5AFFD40B25
    2012-07-30 20:43 - 2012-07-30 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C3333F8084AF71F
    2012-07-30 20:06 - 2012-07-30 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2166FA9F1198D9CA
    2012-07-30 19:18 - 2012-07-30 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D11DB06A54D3E37B
    2012-07-30 18:30 - 2012-07-30 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A080C4203F1AC22
    2012-07-30 17:54 - 2012-07-30 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917B4F8DC97DC6B7
    2012-07-30 17:06 - 2012-07-30 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF99F1FE9CBCC65E
    2012-07-30 16:31 - 2012-07-30 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51C45D9FA4E2035B
    2012-07-30 15:55 - 2012-07-30 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.341F7906C0C19A6A
    2012-07-30 15:07 - 2012-07-30 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53E6124CBD32EE59
    2012-07-30 14:31 - 2012-07-30 14:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93210D4FC540276F
    2012-07-30 13:55 - 2012-07-30 13:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27879C0E88BCDCF7
    2012-07-30 13:19 - 2012-07-30 13:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E364D5380263BE0
    2012-07-30 12:31 - 2012-07-30 12:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.651B0DED75DD9B79
    2012-07-30 10:08 - 2012-07-30 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A545F2D806886A3
    2012-07-30 03:29 - 2012-07-30 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F37882B2ECB85E6
    2012-07-27 03:13 - 2012-07-27 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB944DDB1E320CFA
    2012-07-27 02:38 - 2012-07-27 02:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9940C91BA45BCB2
    2012-07-27 02:01 - 2012-07-27 02:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59EB6CE104512D3E
    2012-07-27 01:25 - 2012-07-27 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D8FF1F8BD696CA66
    2012-07-27 00:49 - 2012-07-27 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15E5D6A146FC6512
    2012-07-27 00:13 - 2012-07-27 00:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20CC49734DCCEC04
    2012-07-26 23:25 - 2012-07-26 23:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E63D7E6DB924910
    2012-07-26 22:37 - 2012-07-26 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD22F2965D863039
    2012-07-26 22:01 - 2012-07-26 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72A0C6FAE6059C57
    2012-07-26 21:26 - 2012-07-26 21:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6699AD5C93E65FD
    2012-07-26 20:50 - 2012-07-26 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.477CCF94941EEF17
    2012-07-26 20:02 - 2012-07-26 20:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.69763CE38BEB8B36
    2012-07-26 19:26 - 2012-07-26 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F003012E4C96D3BE
    2012-07-26 18:50 - 2012-07-26 18:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AA48050D3A52F01
    2012-07-26 18:14 - 2012-07-26 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62F7433A90462B94
    2012-07-26 17:39 - 2012-07-26 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A97FB002CB4166D
    2012-07-26 17:03 - 2012-07-26 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8BCA8E978BDA19A
    2012-07-26 16:27 - 2012-07-26 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA5B979F024BFC5E
    2012-07-26 15:51 - 2012-07-26 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.147DECF07E0CC8D3
    2012-07-26 15:15 - 2012-07-26 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E8F6CBDDD51E143
    2012-07-26 14:27 - 2012-07-26 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7281D37D96E686B2
    2012-07-26 13:51 - 2012-07-26 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E621CB58766E34B3
    2012-07-26 12:51 - 2012-07-26 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B93817A900E05EB
    2012-07-26 10:19 - 2012-07-26 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20363FB1120D456F
    2012-07-26 03:22 - 2012-07-20 04:38 - 00001975 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-07-26 03:22 - 2012-03-15 05:04 - 00000989 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-26 03:19 - 2012-07-26 03:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5F1E81C291D290C
    2012-07-26 03:04 - 2012-07-26 03:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAA65D5AD776ABCD
    2012-07-26 02:30 - 2012-07-26 02:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52408FE129B19A39
    2012-07-26 01:55 - 2012-07-26 01:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00A14A39D0051F6A
    2012-07-26 01:08 - 2012-07-26 01:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6902218D58BAC35
    2012-07-26 00:33 - 2012-07-26 00:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E03AF086EA39B82
    2012-07-25 23:58 - 2012-07-25 23:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3382151FFA20B9BC
    2012-07-25 23:23 - 2012-07-25 23:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FE84371D650F6CA
    2012-07-25 22:47 - 2012-07-25 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F75120D5A085289C
    2012-07-25 22:12 - 2012-07-25 22:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D4238C640FF9DB19
    2012-07-25 21:37 - 2012-07-25 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4CB76BF8B6CA21E
    2012-07-25 21:02 - 2012-07-25 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C94F17A4DFAB9CD
    2012-07-25 20:27 - 2012-07-25 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.967D8FAA58768A4A
    2012-07-25 19:41 - 2012-07-25 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD0D57A88112A306
    2012-07-25 19:06 - 2012-07-25 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF3683F7549EF42C
    2012-07-25 18:31 - 2012-07-25 18:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A5BAE3BE21F1E4B
    2012-07-25 17:56 - 2012-07-25 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E3693D95EC86AB
    2012-07-25 17:21 - 2012-07-25 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0BC506040BD372E
    2012-07-25 16:34 - 2012-07-25 16:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.883DB89A9857FCBD
    2012-07-25 15:59 - 2012-07-25 15:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31740C6C0336F06B
    2012-07-25 15:24 - 2012-07-25 15:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0348043D60C009A6
    2012-07-25 14:49 - 2012-07-25 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAAF1CE68C03DA64
    2012-07-25 14:02 - 2012-07-25 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1960C865AA639565
    2012-07-25 13:27 - 2012-07-25 13:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B020D065A8D4034
    2012-07-25 12:52 - 2012-07-25 12:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28217BBE2F60AAB1
    2012-07-25 12:17 - 2012-07-25 12:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.926C925DA6C6AF89
    2012-07-25 02:34 - 2012-07-25 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.582021393E0CE0D0
    2012-07-25 01:47 - 2012-07-25 01:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.001A62493D3E4CC9
    2012-07-25 01:00 - 2012-07-25 01:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06C606FEBF6575EB
    2012-07-25 00:25 - 2012-07-25 00:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19D7E767400627FC
    2012-07-24 23:50 - 2012-07-24 23:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0BB045569659D67
    2012-07-24 23:15 - 2012-07-24 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E33548A8928F00BF
    2012-07-24 22:28 - 2012-07-24 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D5DAF7534FB6A61
    2012-07-24 21:53 - 2012-07-24 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE50D92F0BAFBAE9
    2012-07-24 21:06 - 2012-07-24 21:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B6689DAB8A973C8
    2012-07-24 20:31 - 2012-07-24 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6009CC263DA8EB6
    2012-07-24 19:55 - 2012-07-24 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93F95679E43FE4E7
    2012-07-24 19:20 - 2012-07-24 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12B6CD4473F87796
    2012-07-24 18:45 - 2012-07-24 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B1C9783BC07C55A
    2012-07-24 18:10 - 2012-07-24 18:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.244FA627F615E06B
    2012-07-24 17:35 - 2012-07-24 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB102292C11AF55B
    2012-07-24 17:00 - 2012-07-24 17:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C5DC3D11BD6ACED
    2012-07-24 16:25 - 2012-07-24 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF16E8A5BCD838A
    2012-07-24 15:50 - 2012-07-24 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A22F5F787C7E0D3
    2012-07-24 15:15 - 2012-07-24 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F73F9F3EF2BB6058
    2012-07-24 14:16 - 2012-07-24 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C13ED303DCD0A0A
    2012-07-24 10:22 - 2012-01-09 09:30 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\diehlj\Downloads\TDSSKiller.exe
    2012-07-24 02:43 - 2012-07-24 02:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4858A7A5E5F1140D
    2012-07-24 02:08 - 2012-07-24 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE6C79D837BAE0E9
    2012-07-24 01:22 - 2012-07-24 01:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E435E06C7AAF08DF
    2012-07-24 00:47 - 2012-07-24 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D5C5781D44F04FC
    2012-07-24 00:12 - 2012-07-24 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.013C64B6ACEBD3D8
    2012-07-23 23:37 - 2012-07-23 23:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F76FD0E32BBE53E
    2012-07-23 23:02 - 2012-07-23 23:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBD62F9E516EF7DD
    2012-07-23 22:15 - 2012-07-23 22:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C766D78DFADCC299
    2012-07-23 21:40 - 2012-07-23 21:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.061B63583EFC3D15
    2012-07-23 21:04 - 2012-07-23 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAEA6D73D25346C1
    2012-07-23 20:29 - 2012-07-23 20:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C54217461DC4B332
    2012-07-23 19:54 - 2012-07-23 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.76ADC0F749F32C04
    2012-07-23 19:19 - 2012-07-23 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26F3DFD6CFABC36F
    2012-07-23 18:44 - 2012-07-23 18:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F1B16ACE022F19B
    2012-07-23 18:09 - 2012-07-23 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33E49513CD86298A
    2012-07-23 17:34 - 2012-07-23 17:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59F1349C4D4DBEE3
    2012-07-23 16:58 - 2012-07-23 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8AFE994FC16EEE2
    2012-07-23 16:23 - 2012-07-23 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9E98A92281E03DA
    2012-07-23 15:48 - 2012-07-23 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B74F26906EED03
    2012-07-23 15:01 - 2012-07-23 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49E72D84B667B96A
    2012-07-23 14:26 - 2012-07-23 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A21946A49706A84E
    2012-07-23 13:51 - 2012-07-23 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A862C16F49CA3BD
    2012-07-23 13:16 - 2012-07-23 13:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3A9F7B90284FE1F
    2012-07-23 12:41 - 2012-07-23 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0FA8699B07BFB79
    2012-07-23 12:06 - 2012-07-23 12:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED34B2139D6B8FAA
    2012-07-23 11:31 - 2012-07-23 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C312191CA3233186
    2012-07-23 10:44 - 2012-07-23 10:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DFCCE21F073F7DD
    2012-07-23 10:09 - 2012-07-23 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED30D3467EAD6236
    2012-07-23 09:34 - 2012-07-23 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.872297B9C36BDC63
    2012-07-23 03:55 - 2012-07-23 03:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.55C0669102F69A5A
    2012-07-20 05:46 - 2012-07-20 05:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04164AF44AB5BBA9
    2012-07-20 05:39 - 2012-07-20 05:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C03CE4335D70312
    2012-07-20 04:51 - 2012-07-20 04:51 - 00001227 ____A C:\Users\diehlj\Desktop\wuapp.exe - Shortcut.lnk
    2012-07-20 04:27 - 2012-07-20 04:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.536C9A5EAEBB349A
    2012-07-20 03:35 - 2012-07-20 03:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7114EA135DE5C9F4
    2012-07-19 09:00 - 2012-07-19 09:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E57E67AFF36DDE1D
    2012-07-19 05:50 - 2012-07-19 05:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCCD69C0AFA450E7
    2012-07-18 06:41 - 2012-07-17 07:19 - 00001372 ____A C:\Users\diehlj\Desktop\MONOPART TEXT NO ITEM - Shortcut.lnk
    2012-07-18 03:09 - 2012-07-18 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B3433327E237B34
    2012-07-18 02:21 - 2012-07-18 02:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D06EC83FC5215054
    2012-07-18 01:33 - 2012-07-18 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8027E250749D0706
    2012-07-18 00:57 - 2012-07-18 00:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19C0A0193B904D13
    2012-07-18 00:21 - 2012-07-18 00:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.182C9B982285583E
    2012-07-17 22:45 - 2012-07-17 22:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BE9C88F38C2EA78C
    2012-07-17 21:57 - 2012-07-17 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7CB87ADFA01B4A6
    2012-07-17 21:21 - 2012-07-17 21:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A58B52BDC01A465
    2012-07-17 20:45 - 2012-07-17 20:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F060F8E767B73E09
    2012-07-17 20:09 - 2012-07-17 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8120657FA21DDF0E
    2012-07-17 19:33 - 2012-07-17 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9E9F83ED17A3FCF
    2012-07-17 18:45 - 2012-07-17 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1A93FF2953850B5
    2012-07-17 18:09 - 2012-07-17 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20D80ECA98F48EC1
    2012-07-17 17:33 - 2012-07-17 17:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC81BF20D545F26C
    2012-07-17 16:57 - 2012-07-17 16:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A76B110D632195EE
    2012-07-17 16:21 - 2012-07-17 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7380A62727798D0
    2012-07-17 15:45 - 2012-07-17 15:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.226BBF36AB9139D0
    2012-07-17 14:56 - 2012-07-17 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD83BA99B1BFD7B5
    2012-07-17 14:20 - 2012-07-17 14:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6FC978D366EAB4A
    2012-07-17 13:20 - 2012-07-17 13:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B801ADEB0849BBFB
    2012-07-16 03:21 - 2012-07-16 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C6DFED4E2C43CE8
    2012-07-13 09:10 - 2012-07-13 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C252A12DB9CA4294
    2012-07-13 07:53 - 2012-07-13 07:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF5F3F7B22985D34
    2012-07-13 05:36 - 2012-05-04 11:12 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-13 05:31 - 2012-07-13 05:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE3C00E5A3DE77EB
    2012-07-13 05:22 - 2012-07-13 05:21 - 18544280 ____A (SUPERAntiSpyware.com) C:\Users\diehlj\Downloads\SUPERAntiSpyware.exe
    2012-07-13 05:22 - 2011-04-13 11:12 - 00854610 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-13 04:10 - 2012-07-13 04:10 - 00462103 ____A (Macromedia, Inc.) C:\Users\diehlj\Downloads\fluke_180_digital_multimeter_series_demo.exe
    2012-07-11 07:06 - 2012-07-11 07:06 - 00347424 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\MicrosoftFixit.Devices.Run.exe
    2012-07-10 03:07 - 2012-01-13 07:46 - 00014944 ____A C:\aaw7boot.log
    2012-07-10 03:06 - 2012-01-13 03:56 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-07-10 03:06 - 2012-01-13 03:56 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-07-03 10:46 - 2011-05-25 06:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 00:13 - 2012-08-07 05:16 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-28 04:01 - 2012-06-28 04:01 - 01012656 ____A C:\Users\diehlj\Downloads\rkill.exe
    2012-06-26 05:27 - 2012-06-26 05:27 - 12621696 ____A (Microsoft Corporation) C:\Users\diehlj\Downloads\mseinstall.exe
    2012-06-22 07:10 - 2011-12-14 07:37 - 00006144 ____A C:\Users\diehlj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-22 03:54 - 2012-06-22 03:54 - 00074184 ____A C:\Windows\System32\Drivers\67081c7cc168f335.sys
    2012-06-22 03:50 - 2009-07-13 20:45 - 00456184 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-22 03:46 - 2012-06-22 03:46 - 00000118 ____A C:\Windows\System32\MRT.INI
    2012-06-22 03:43 - 2011-04-14 07:14 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-06-22 03:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 03:36 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 03:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 03:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 03:36 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 03:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 03:36 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-22 03:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-22 03:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 09:25 - 2011-04-13 07:26 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

    ZeroAccess:
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\@
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\L
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\00000001.@
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\80000000.@
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\800000cb.@

    ZeroAccess:
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\@
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\L
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\80000000.@
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\800000cb.@
     
  9. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 8%
    Total physical RAM: 12285.55 MB
    Available physical RAM: 11182.95 MB
    Total Pagefile: 12283.7 MB
    Available Pagefile: 11180.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:195.32 GB) (Free:72.67 GB) NTFS
    2 Drive d: (Storage) (Fixed) (Total:269.67 GB) (Free:56.77 GB) NTFS
    4 Drive g: () (Removable) (Total:7.39 GB) (Free:6.22 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7580 MB 0 B

    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 750 MB 40 MB
    Partition 3 Primary 195 GB 790 MB
    Partition 0 Extended 269 GB 196 GB
    Partition 4 Logical 269 GB 196 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 750 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 195 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Storage NTFS Partition 269 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7580 MB 0 B
    ==================================================================================
    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    Last Boot: 2012-08-20 10:39

    ======================= End Of Log ==========================

    Search.txt

    Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 2012-08-22 07:09:21
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     

    Attached Files:

  11. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    I ran the Farbar fix than restarted...

    I noticed that MSC is now protecting in real time........It did not tell me that there was a critical error and needed to restart after a minute......and that the Windows Update is back on the list of services(y)

    I went to run ComboFix and it tells me I still have Lavasoft Ad-Watch Live running.........Yet I do not see it anywhere to uninstall it

    So I stopped ComboFix from continuing to run for fear that I may screw my system up:confused:

    What should I do next?..............Thanks for your help......You Rock!!!!:cool:
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    :)

    I still need...
    Disregard Combofix warning.
     
  13. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    sorry I didn't get back to you sooner.....The ComboFix Log Report seemed to take a while to do it's thing and it was quitting time here at work.........so I let it run

    Here are the logs

    fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012
    Ran by SYSTEM at 2012-08-22 13:40:02 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    67081c7cc168f335 service deleted successfully.
    C:\Windows\System32\Drivers\67081c7cc168f335.sys moved successfully.
    C:\Windows\System32\services.exe.C9E07894FD0AA652 moved successfully.
    C:\Windows\System32\services.exe.382C5CAD45DA4418 moved successfully.
    C:\Windows\System32\services.exe.6223F8580D82AD0C moved successfully.
    C:\Windows\System32\services.exe.AE4A0D66CE1347CF moved successfully.
    C:\Windows\System32\services.exe.14C1CEB3F2D8EF49 moved successfully.
    C:\Windows\System32\services.exe.EE3554E591C6E466 moved successfully.
    C:\Windows\System32\services.exe.287F213DB3FAF903 moved successfully.
    C:\Windows\System32\services.exe.F6A40C9FB085F34D moved successfully.
    C:\Windows\System32\services.exe.DC9BDFFDBCDF5569 moved successfully.
    C:\Windows\System32\services.exe.B772D3007852BFDE moved successfully.
    C:\Windows\System32\services.exe.81AB8BCDB1352E61 moved successfully.
    C:\Windows\System32\services.exe.CB0D792C2639B3E9 moved successfully.
    C:\Windows\System32\services.exe.56EEBE8006BFDBD1 moved successfully.
    C:\Windows\System32\services.exe.34A0039CC3699DF8 moved successfully.
    C:\Windows\System32\services.exe.A987DDA0D0AA20EB moved successfully.
    C:\Windows\System32\services.exe.FC908693256E15A6 moved successfully.
    C:\Windows\System32\services.exe.21436C9A9766D35E moved successfully.
    C:\Windows\System32\services.exe.786E726CCC81ED8B moved successfully.
    C:\Windows\System32\services.exe.79FA8368E1176211 moved successfully.
    C:\Windows\System32\services.exe.8E55C186A98A2C25 moved successfully.
    C:\Windows\System32\services.exe.87B73C1C34EE663A moved successfully.
    C:\Windows\System32\services.exe.57BEE3C6F4F8AD24 moved successfully.
    C:\Windows\System32\services.exe.CF51961F165EF7F7 moved successfully.
    C:\Windows\System32\services.exe.31B1C96AD34B1A76 moved successfully.
    C:\Windows\System32\services.exe.70CED8CCAFDBCECD moved successfully.
    C:\Windows\System32\services.exe.5FEF27F4C13AE263 moved successfully.
    C:\Windows\System32\services.exe.96BB268E2ED68ABF moved successfully.
    C:\Windows\System32\services.exe.56292A63575A4350 moved successfully.
    C:\Windows\System32\services.exe.04637CDFFB62159D moved successfully.
    C:\Windows\System32\services.exe.C1A56F662F3F63B3 moved successfully.
    C:\Windows\System32\services.exe.7D67129C2EF508CB moved successfully.
    C:\Windows\System32\services.exe.CC1194FFB84EB0BC moved successfully.
    C:\Windows\System32\services.exe.3BDE7D6B77715709 moved successfully.
    C:\Windows\System32\services.exe.EA3A8D5F99E3EA12 moved successfully.
    C:\Windows\System32\services.exe.B86E18D06E8B3E04 moved successfully.
    C:\Windows\System32\services.exe.CF96E371FB843CFB moved successfully.
    C:\Windows\System32\services.exe.0779D54F59CA6BC8 moved successfully.
    C:\Windows\System32\services.exe.773F8938055AEF70 moved successfully.
    C:\Windows\System32\services.exe.2B9098C03C3F1765 moved successfully.
    C:\Windows\System32\services.exe.85FDDF611848B5C5 moved successfully.
    C:\Windows\System32\services.exe.CDC80B5668192A02 moved successfully.
    C:\Windows\System32\services.exe.09EC4B970A72F0D9 moved successfully.
    C:\Windows\System32\services.exe.C62B12210AEEAD56 moved successfully.
    C:\Windows\System32\services.exe.6BEF76134DC62787 moved successfully.
    C:\Windows\System32\services.exe.F1CEA09951D1BF75 moved successfully.
    C:\Windows\System32\services.exe.CAC3EF5FA5D32A79 moved successfully.
    C:\Windows\System32\services.exe.B377BAA79D97FCB3 moved successfully.
    C:\Windows\System32\services.exe.EF3BF416BF743F56 moved successfully.
    C:\Windows\System32\services.exe.0D41064C765DF8B3 moved successfully.
    C:\Windows\System32\services.exe.FA3028D6245D17CF moved successfully.
    C:\Windows\System32\services.exe.31B2EAD51930B276 moved successfully.
    C:\Windows\System32\services.exe.8D0E7FE7FD0030B4 moved successfully.
    C:\Windows\System32\services.exe.E479FF6ECBEB02D3 moved successfully.
    C:\Windows\System32\services.exe.0838F16D2017C1B4 moved successfully.
    C:\Windows\System32\services.exe.C917ABD82DEF1D7E moved successfully.
    C:\Windows\System32\services.exe.8F64B246A4761F0D moved successfully.
    C:\Windows\System32\services.exe.D31D2BA493F4EF6C moved successfully.
    C:\Windows\System32\services.exe.4A8EE1917624871D moved successfully.
    C:\Windows\System32\services.exe.18F3C0DDDF71076D moved successfully.
    C:\Windows\System32\services.exe.C98BE938B82A5B25 moved successfully.
    C:\Windows\System32\services.exe.A225F23A76177ABE moved successfully.
    C:\Windows\System32\services.exe.6BFB01192DBD69E6 moved successfully.
    C:\Windows\System32\services.exe.793673BCCE17E694 moved successfully.
    C:\Windows\System32\services.exe.072982D6E56357AC moved successfully.
    C:\Windows\System32\services.exe.2368B5D2C7577148 moved successfully.
    C:\Windows\System32\services.exe.2583CC5F30A95174 moved successfully.
    C:\Windows\System32\services.exe.0B692D867B3FF6EB moved successfully.
    C:\Windows\System32\services.exe.5A8E1EFCADBCE53F moved successfully.
    C:\Windows\System32\services.exe.AA6DFBD6EF07701F moved successfully.
    C:\Windows\System32\services.exe.FA1F2B783E018189 moved successfully.
    C:\Windows\System32\services.exe.046CCF7B8251621D moved successfully.
    C:\Windows\System32\services.exe.30951C83BDFF711C moved successfully.
    C:\Windows\System32\services.exe.B86EAF6B61C08E45 moved successfully.
    C:\Windows\System32\services.exe.E64CA73FBF0EE376 moved successfully.
    C:\Windows\System32\services.exe.1DC313C9BCDC2022 moved successfully.
    C:\Windows\System32\services.exe.D43FA56101C7A801 moved successfully.
    C:\Windows\System32\services.exe.4D3FD731B2E98708 moved successfully.
    C:\Windows\System32\services.exe.C64BF182746C6A12 moved successfully.
    C:\Windows\System32\services.exe.959EFD3B0BB894E5 moved successfully.
    C:\Windows\System32\services.exe.4B562F355C4E9D92 moved successfully.
    C:\Windows\System32\services.exe.2CE52A89042D4332 moved successfully.
    C:\Windows\System32\services.exe.FE54CD67654FDF2F moved successfully.
    C:\Windows\System32\services.exe.0BCBD33BE4295288 moved successfully.
    C:\Windows\System32\services.exe.D16CA00877B11915 moved successfully.
    C:\Windows\System32\services.exe.21DD65A0C9AD0BD9 moved successfully.
    C:\Windows\System32\services.exe.B80865B3065401F7 moved successfully.
    C:\Windows\System32\services.exe.0CA424C2B9EA9EA3 moved successfully.
    C:\Windows\System32\services.exe.162B1D90FE7AD305 moved successfully.
    C:\Windows\System32\services.exe.BE0214E5B85CCE2B moved successfully.
    C:\Windows\System32\services.exe.8A4248A2BC5894D8 moved successfully.
    C:\Windows\System32\services.exe.F6C4A626025BC10D moved successfully.
    C:\Windows\System32\services.exe.E65A08C92B3BFB5D moved successfully.
    C:\Windows\System32\services.exe.9087F79190C4624B moved successfully.
    C:\Windows\System32\services.exe.21B22934856BECEE moved successfully.
    C:\Windows\System32\services.exe.6B67B40894673CBD moved successfully.
    C:\Windows\System32\services.exe.4C05A1C18B25F178 moved successfully.
    C:\Windows\System32\services.exe.AB63C4610721A54A moved successfully.
    C:\Windows\System32\services.exe.D12CEB217F19C782 moved successfully.
    C:\Windows\System32\services.exe.768EBE20F35649DB moved successfully.
    C:\Windows\System32\services.exe.51F6C5EE687269E2 moved successfully.
    C:\Windows\System32\services.exe.820D6EA40336FCEB moved successfully.
    C:\Windows\System32\services.exe.8B8329801DD06B56 moved successfully.
    C:\Windows\System32\services.exe.CCEE5005AD801554 moved successfully.
    C:\Windows\System32\services.exe.64C151CEE3A40AB1 moved successfully.
    C:\Windows\System32\services.exe.4775EEB6B5C93E2B moved successfully.
    C:\Windows\System32\services.exe.D2F33E64CD5761BE moved successfully.
    C:\Windows\System32\services.exe.1E76EF4E793C6C9D moved successfully.
    C:\Windows\System32\services.exe.2A09916402F57602 moved successfully.
    C:\Windows\System32\services.exe.14329BF4752CFC0F moved successfully.
    C:\Windows\System32\services.exe.CBB6732CD94F7FEC moved successfully.
    C:\Windows\System32\services.exe.4890D67C3C3441D9 moved successfully.
    C:\Windows\System32\services.exe.9C997ED0879F465C moved successfully.
    C:\Windows\System32\services.exe.2954000000018B81 moved successfully.
    C:\Windows\System32\services.exe.EF16BDE8263E7A8D moved successfully.
    C:\Windows\System32\services.exe.354656BE4D18349D moved successfully.
    C:\Windows\System32\services.exe.42785F79AAB58293 moved successfully.
    C:\Windows\System32\services.exe.2D9F4241F5CFFC73 moved successfully.
    C:\Windows\System32\services.exe.1B7F06D4CA870611 moved successfully.
    C:\Users\diehlj\AppData\Roaming\926A63 moved successfully.
    C:\Windows\System32\services.exe.DB921AEE3FC11B8C moved successfully.
    C:\Windows\System32\services.exe.090AD02303831B6C moved successfully.
    C:\Windows\System32\services.exe.224CBADFDED25BC8 moved successfully.
    C:\Windows\System32\services.exe.357356ECC0289E94 moved successfully.
    C:\Windows\System32\services.exe.F9F5619CA0C8F43B moved successfully.
    C:\Windows\System32\services.exe.3722A8D89B5DA503 moved successfully.
    C:\Windows\System32\services.exe.24CCCAFF3F705690 moved successfully.
    C:\Windows\System32\services.exe.0BA6127F167CB43F moved successfully.
    C:\Windows\System32\services.exe.1CD4BDF867C798A4 moved successfully.
    C:\Windows\System32\services.exe.9D4B8203064E1319 moved successfully.
    C:\Windows\System32\services.exe.7999528496614964 moved successfully.
    C:\Windows\System32\services.exe.01A83A1195FE5819 moved successfully.
    C:\Windows\System32\services.exe.FEA9AB1F1D6067FA moved successfully.
    C:\Windows\System32\services.exe.7835CBA1D647540A moved successfully.
    C:\Windows\System32\services.exe.5A0D44792EF167EC moved successfully.
    C:\Windows\System32\services.exe.BF07EF6A8B4045D8 moved successfully.
    C:\Windows\System32\services.exe.215E0438E1062620 moved successfully.
    C:\Windows\System32\services.exe.019ADC46CC42D4D4 moved successfully.
    C:\Windows\System32\services.exe.7B1935C61EB2A66A moved successfully.
    C:\Windows\System32\services.exe.0129EAAB3665E0C4 moved successfully.
    C:\Windows\System32\services.exe.1B2CAEEA9E5B5996 moved successfully.
    C:\Windows\System32\services.exe.E883354F5B2FD7FF moved successfully.
    C:\Windows\System32\services.exe.A1955BA19914F868 moved successfully.
    C:\Windows\System32\services.exe.84C5F16DF400A505 moved successfully.
    C:\Windows\System32\services.exe.9134468CD42F760A moved successfully.
    C:\Windows\System32\services.exe.9716A08E3D5CBC92 moved successfully.
    C:\Windows\System32\services.exe.B31D5A6789158139 moved successfully.
    C:\Windows\System32\services.exe.04462462FC2F91DB moved successfully.
    C:\Windows\System32\services.exe.D79EB1653F1D1CAD moved successfully.
    C:\Windows\System32\services.exe.675A3DD176BC94D5 moved successfully.
    C:\Windows\System32\services.exe.2DCF39852EDF21BA moved successfully.
    C:\Windows\System32\services.exe.AB349FE4854546FD moved successfully.
    C:\Windows\System32\services.exe.8C6682271786045B moved successfully.
    C:\Windows\System32\services.exe.706EEFACB952986D moved successfully.
    C:\Windows\System32\services.exe.738970F558A9A2CC moved successfully.
    C:\Windows\System32\services.exe.9372AF8C48F83C5B moved successfully.
    C:\Windows\System32\services.exe.A057CC222A2FF9B7 moved successfully.
    C:\Windows\System32\services.exe.3295C28D319F0BAD moved successfully.
    C:\Windows\System32\services.exe.FF984E55FDAD8CCB moved successfully.
    C:\Windows\System32\services.exe.7DE1EDC94A7C45EB moved successfully.
    C:\Windows\System32\services.exe.F6EB81EB661B84F3 moved successfully.
    C:\Windows\System32\services.exe.D3DB528C66E5CEA0 moved successfully.
    C:\Windows\System32\services.exe.DF02590C50F5E301 moved successfully.
    C:\Windows\System32\services.exe.5922F95F7E3581EC moved successfully.
    C:\Windows\System32\services.exe.43F52A7B496DBAD4 moved successfully.
    C:\Windows\System32\services.exe.F09AC6EEDAB76EB9 moved successfully.
    C:\Windows\System32\services.exe.412B80B1ED7785F5 moved successfully.
    C:\Windows\System32\services.exe.A308782FA1AB350C moved successfully.
    C:\Windows\System32\services.exe.32F9C54A74985798 moved successfully.
    C:\Windows\System32\services.exe.2C89E96FDCC6D9C4 moved successfully.
    C:\Windows\System32\services.exe.C6683264FBD76A8D moved successfully.
    C:\Windows\System32\services.exe.B62C8FA4D666141F moved successfully.
    C:\Windows\System32\services.exe.DF4212D8F99440C1 moved successfully.
    C:\Windows\System32\services.exe.C06BA1F84F891FD3 moved successfully.
    C:\Windows\System32\services.exe.A1C2D6C7697BECFF moved successfully.
    C:\Windows\System32\services.exe.C66B495DF1B7F901 moved successfully.
    C:\Windows\System32\services.exe.796FD406606A3CE2 moved successfully.
    C:\Windows\System32\services.exe.3415CF5AFFD40B25 moved successfully.
    C:\Windows\System32\services.exe.2C3333F8084AF71F moved successfully.
    C:\Windows\System32\services.exe.2166FA9F1198D9CA moved successfully.
    C:\Windows\System32\services.exe.D11DB06A54D3E37B moved successfully.
    C:\Windows\System32\services.exe.2A080C4203F1AC22 moved successfully.
    C:\Windows\System32\services.exe.917B4F8DC97DC6B7 moved successfully.
    C:\Windows\System32\services.exe.AF99F1FE9CBCC65E moved successfully.
    C:\Windows\System32\services.exe.51C45D9FA4E2035B moved successfully.
    C:\Windows\System32\services.exe.341F7906C0C19A6A moved successfully.
    C:\Windows\System32\services.exe.53E6124CBD32EE59 moved successfully.
    C:\Windows\System32\services.exe.93210D4FC540276F moved successfully.
    C:\Windows\System32\services.exe.27879C0E88BCDCF7 moved successfully.
    C:\Windows\System32\services.exe.9E364D5380263BE0 moved successfully.
    C:\Windows\System32\services.exe.651B0DED75DD9B79 moved successfully.
    C:\Windows\System32\services.exe.7A545F2D806886A3 moved successfully.
    C:\Windows\System32\services.exe.0F37882B2ECB85E6 moved successfully.
    C:\Windows\System32\services.exe.AB944DDB1E320CFA moved successfully.
    C:\Windows\System32\services.exe.F9940C91BA45BCB2 moved successfully.
    C:\Windows\System32\services.exe.59EB6CE104512D3E moved successfully.
    C:\Windows\System32\services.exe.D8FF1F8BD696CA66 moved successfully.
    C:\Windows\System32\services.exe.15E5D6A146FC6512 moved successfully.
    C:\Windows\System32\services.exe.20CC49734DCCEC04 moved successfully.
    C:\Windows\System32\services.exe.5E63D7E6DB924910 moved successfully.
    C:\Windows\System32\services.exe.DD22F2965D863039 moved successfully.
    C:\Windows\System32\services.exe.72A0C6FAE6059C57 moved successfully.
    C:\Windows\System32\services.exe.F6699AD5C93E65FD moved successfully.
    C:\Windows\System32\services.exe.477CCF94941EEF17 moved successfully.
    C:\Windows\System32\services.exe.69763CE38BEB8B36 moved successfully.
    C:\Windows\System32\services.exe.F003012E4C96D3BE moved successfully.
    C:\Windows\System32\services.exe.7AA48050D3A52F01 moved successfully.
    C:\Windows\System32\services.exe.62F7433A90462B94 moved successfully.
    C:\Windows\System32\services.exe.9A97FB002CB4166D moved successfully.
    C:\Windows\System32\services.exe.A8BCA8E978BDA19A moved successfully.
    C:\Windows\System32\services.exe.BA5B979F024BFC5E moved successfully.
    C:\Windows\System32\services.exe.147DECF07E0CC8D3 moved successfully.
    C:\Windows\System32\services.exe.6E8F6CBDDD51E143 moved successfully.
    C:\Windows\System32\services.exe.7281D37D96E686B2 moved successfully.
    C:\Windows\System32\services.exe.E621CB58766E34B3 moved successfully.
    C:\Windows\System32\services.exe.8B93817A900E05EB moved successfully.
    C:\Windows\System32\services.exe.20363FB1120D456F moved successfully.
    C:\Windows\System32\services.exe.D5F1E81C291D290C moved successfully.
    C:\Windows\System32\services.exe.FAA65D5AD776ABCD moved successfully.
    C:\Windows\System32\services.exe.52408FE129B19A39 moved successfully.
    C:\Windows\System32\services.exe.00A14A39D0051F6A moved successfully.
    C:\Windows\System32\services.exe.A6902218D58BAC35 moved successfully.
    C:\Windows\System32\services.exe.3E03AF086EA39B82 moved successfully.
    C:\Windows\System32\services.exe.3382151FFA20B9BC moved successfully.
    C:\Windows\System32\services.exe.7FE84371D650F6CA moved successfully.
    C:\Windows\System32\services.exe.F75120D5A085289C moved successfully.
    C:\Windows\System32\services.exe.D4238C640FF9DB19 moved successfully.
    C:\Windows\System32\services.exe.C4CB76BF8B6CA21E moved successfully.
    C:\Windows\System32\services.exe.7C94F17A4DFAB9CD moved successfully.
    C:\Windows\System32\services.exe.967D8FAA58768A4A moved successfully.
    C:\Windows\System32\services.exe.FD0D57A88112A306 moved successfully.
    C:\Windows\System32\services.exe.AF3683F7549EF42C moved successfully.
    C:\Windows\System32\services.exe.8A5BAE3BE21F1E4B moved successfully.
    C:\Windows\System32\services.exe.34E3693D95EC86AB moved successfully.
    C:\Windows\System32\services.exe.A0BC506040BD372E moved successfully.
    C:\Windows\System32\services.exe.883DB89A9857FCBD moved successfully.
    C:\Windows\System32\services.exe.31740C6C0336F06B moved successfully.
    C:\Windows\System32\services.exe.0348043D60C009A6 moved successfully.
    C:\Windows\System32\services.exe.DAAF1CE68C03DA64 moved successfully.
    C:\Windows\System32\services.exe.1960C865AA639565 moved successfully.
    C:\Windows\System32\services.exe.6B020D065A8D4034 moved successfully.
    C:\Windows\System32\services.exe.28217BBE2F60AAB1 moved successfully.
    C:\Windows\System32\services.exe.926C925DA6C6AF89 moved successfully.
    C:\Windows\System32\services.exe.582021393E0CE0D0 moved successfully.
    C:\Windows\System32\services.exe.001A62493D3E4CC9 moved successfully.
    C:\Windows\System32\services.exe.06C606FEBF6575EB moved successfully.
    C:\Windows\System32\services.exe.19D7E767400627FC moved successfully.
    C:\Windows\System32\services.exe.D0BB045569659D67 moved successfully.
    C:\Windows\System32\services.exe.E33548A8928F00BF moved successfully.
    C:\Windows\System32\services.exe.4D5DAF7534FB6A61 moved successfully.
    C:\Windows\System32\services.exe.EE50D92F0BAFBAE9 moved successfully.
    C:\Windows\System32\services.exe.7B6689DAB8A973C8 moved successfully.
    C:\Windows\System32\services.exe.D6009CC263DA8EB6 moved successfully.
    C:\Windows\System32\services.exe.93F95679E43FE4E7 moved successfully.
    C:\Windows\System32\services.exe.12B6CD4473F87796 moved successfully.
    C:\Windows\System32\services.exe.7B1C9783BC07C55A moved successfully.
    C:\Windows\System32\services.exe.244FA627F615E06B moved successfully.
    C:\Windows\System32\services.exe.CB102292C11AF55B moved successfully.
    C:\Windows\System32\services.exe.4C5DC3D11BD6ACED moved successfully.
    C:\Windows\System32\services.exe.4FF16E8A5BCD838A moved successfully.
    C:\Windows\System32\services.exe.0A22F5F787C7E0D3 moved successfully.
    C:\Windows\System32\services.exe.F73F9F3EF2BB6058 moved successfully.
    C:\Windows\System32\services.exe.7C13ED303DCD0A0A moved successfully.
    C:\Windows\System32\services.exe.4858A7A5E5F1140D moved successfully.
    C:\Windows\System32\services.exe.CE6C79D837BAE0E9 moved successfully.
    C:\Windows\System32\services.exe.E435E06C7AAF08DF moved successfully.
    C:\Windows\System32\services.exe.9D5C5781D44F04FC moved successfully.
    C:\Windows\System32\services.exe.013C64B6ACEBD3D8 moved successfully.
    C:\Windows\System32\services.exe.2F76FD0E32BBE53E moved successfully.
    C:\Windows\System32\services.exe.EBD62F9E516EF7DD moved successfully.
    C:\Windows\System32\services.exe.C766D78DFADCC299 moved successfully.
    C:\Windows\System32\services.exe.061B63583EFC3D15 moved successfully.
    C:\Windows\System32\services.exe.AAEA6D73D25346C1 moved successfully.
    C:\Windows\System32\services.exe.C54217461DC4B332 moved successfully.
    C:\Windows\System32\services.exe.76ADC0F749F32C04 moved successfully.
    C:\Windows\System32\services.exe.26F3DFD6CFABC36F moved successfully.
    C:\Windows\System32\services.exe.3F1B16ACE022F19B moved successfully.
    C:\Windows\System32\services.exe.33E49513CD86298A moved successfully.
    C:\Windows\System32\services.exe.59F1349C4D4DBEE3 moved successfully.
    C:\Windows\System32\services.exe.F8AFE994FC16EEE2 moved successfully.
    C:\Windows\System32\services.exe.C9E98A92281E03DA moved successfully.
    C:\Windows\System32\services.exe.A5B74F26906EED03 moved successfully.
    C:\Windows\System32\services.exe.49E72D84B667B96A moved successfully.
    C:\Windows\System32\services.exe.A21946A49706A84E moved successfully.
    C:\Windows\System32\services.exe.6A862C16F49CA3BD moved successfully.
    C:\Windows\System32\services.exe.C3A9F7B90284FE1F moved successfully.
    C:\Windows\System32\services.exe.B0FA8699B07BFB79 moved successfully.
    C:\Windows\System32\services.exe.ED34B2139D6B8FAA moved successfully.
    C:\Windows\System32\services.exe.C312191CA3233186 moved successfully.
    C:\Windows\System32\services.exe.8DFCCE21F073F7DD moved successfully.
    C:\Windows\System32\services.exe.ED30D3467EAD6236 moved successfully.
    C:\Windows\System32\services.exe.872297B9C36BDC63 moved successfully.
    C:\Windows\System32\services.exe.55C0669102F69A5A moved successfully.
    C:\Windows\System32\services.exe.04164AF44AB5BBA9 moved successfully.
    C:\Windows\System32\services.exe.9C03CE4335D70312 moved successfully.
    C:\Windows\System32\services.exe.536C9A5EAEBB349A moved successfully.
    C:\Windows\System32\services.exe.7114EA135DE5C9F4 moved successfully.
    C:\Windows\System32\services.exe.E57E67AFF36DDE1D moved successfully.
    C:\Windows\System32\services.exe.BCCD69C0AFA450E7 moved successfully.
    C:\Windows\System32\services.exe.1B3433327E237B34 moved successfully.
    C:\Windows\System32\services.exe.D06EC83FC5215054 moved successfully.
    C:\Windows\System32\services.exe.8027E250749D0706 moved successfully.
    C:\Windows\System32\services.exe.19C0A0193B904D13 moved successfully.
    C:\Windows\System32\services.exe.182C9B982285583E moved successfully.
    C:\Windows\System32\services.exe.BE9C88F38C2EA78C moved successfully.
    C:\Windows\System32\services.exe.F7CB87ADFA01B4A6 moved successfully.
    C:\Windows\System32\services.exe.5A58B52BDC01A465 moved successfully.
    C:\Windows\System32\services.exe.F060F8E767B73E09 moved successfully.
    C:\Windows\System32\services.exe.8120657FA21DDF0E moved successfully.
    C:\Windows\System32\services.exe.D9E9F83ED17A3FCF moved successfully.
    C:\Windows\System32\services.exe.C1A93FF2953850B5 moved successfully.
    C:\Windows\System32\services.exe.20D80ECA98F48EC1 moved successfully.
    C:\Windows\System32\services.exe.CC81BF20D545F26C moved successfully.
    C:\Windows\System32\services.exe.A76B110D632195EE moved successfully.
    C:\Windows\System32\services.exe.B7380A62727798D0 moved successfully.
    C:\Windows\System32\services.exe.226BBF36AB9139D0 moved successfully.
    C:\Windows\System32\services.exe.FD83BA99B1BFD7B5 moved successfully.
    C:\Windows\System32\services.exe.C6FC978D366EAB4A moved successfully.
    C:\Windows\System32\services.exe.B801ADEB0849BBFB moved successfully.
    C:\Windows\System32\services.exe.4C6DFED4E2C43CE8 moved successfully.
    C:\Windows\System32\services.exe.C252A12DB9CA4294 moved successfully.
    C:\Windows\System32\services.exe.DF5F3F7B22985D34 moved successfully.
    C:\Windows\System32\services.exe.DE3C00E5A3DE77EB moved successfully.
    C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b} moved successfully.
    C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b} moved successfully.

    The operation completed successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ComboFix.txt

    ComboFix 12-08-22.03 - diehlj 08/22/2012 15:01:16.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9107 [GMT -5:00]
    Running from: c:\users\diehlj\Desktop\virus tools\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300801.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300802.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300803.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300805.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301010.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301101.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301102.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306106.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306201.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306202.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401001.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401002.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401003.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401004.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401005.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401006.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6069.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6090.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6215.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6336.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6337.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6344.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\8.txt
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\D24878B1.dwg
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\Kl3760.dwg
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\newBlock.dwg
    c:\users\diehlj\g2mdlhlpx.exe
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\SysWow64\FlashPlayerInstaller.exe
    c:\windows\SysWow64\ijl11.dll
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-22 20:12 . 2012-08-22 20:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{846030D7-A37B-4995-BF11-C1BC88B45E48}\offreg.dll
    2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Gencor\AppData\Local\temp
    2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-08-22 15:06 . 2012-08-22 15:06 -------- d-----w- C:\FRST
    2012-08-22 12:15 . 2012-08-22 12:15 328704 ----a-w- c:\windows\system32\services.exe.9656B81F6D0B43DB
    2012-08-20 12:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-09 14:03 . 2012-08-09 14:03 -------- d-----w- c:\users\diehlj\AppData\Local\LogMeIn
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2012-08-06 11:29 . 2012-08-06 11:29 -------- d-----w- c:\program files (x86)\QuickTime
    2012-08-03 14:14 . 2012-08-03 14:14 -------- d-----w- c:\program files (x86)\Common Files\Real
    2012-07-25 19:21 . 2012-07-25 19:21 -------- d-----w- c:\windows\en
    2012-07-25 19:18 . 2012-07-25 19:18 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-07-25 19:16 . 2012-07-25 19:16 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa8977581cd6a9902\MeshBetaRemover.exe
    2012-07-25 19:16 . 2012-07-25 19:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DSETUP.dll
    2012-07-25 19:16 . 2012-07-25 19:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DXSETUP.exe
    2012-07-25 19:16 . 2012-07-25 19:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\dsetup32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 13:16 . 2012-04-06 15:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 13:16 . 2011-05-14 13:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 18:46 . 2011-05-25 14:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-22 11:43 . 2011-04-14 15:14 58957832 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-22 11:36 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 11:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 11:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 11:36 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 11:36 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 11:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 11:36 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 11:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 11:36 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 17:25 . 2011-04-13 15:26 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
    2012-01-03 14:44 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 03:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    "Akamai NetSession Interface"="c:\users\diehlj\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
    "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
    .
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-5-25 2447360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-06 1431888]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-20 114144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
    R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-09-29 109624]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SQLAgent$MTCSOFTWARE;SQL Server Agent (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
    R4 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
    S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 MSSQL$MTCSOFTWARE;SQL Server (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
    S2 MTCSqlJobService;MTC Sql Job Service;c:\program files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe [2011-08-16 33280]
    S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2012-01-03 265928]
    S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-12-06 12904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:16]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265Core.job
    - c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265UA.job
    - c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 03:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-04-01 98304]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF24909.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 192.168.16.2 66.43.215.1
    Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    FF - ProfilePath - c:\users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{389943B0-C3A2-4E69-82CB-8596A84CB3DC} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
    "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
    "0"="Microsoft Actions Pane 3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\windows\system32\hasplms.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Bandoo\Bandoo.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-22 16:36:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-22 21:36
    .
    Pre-Run: 81,142,898,688 bytes free
    Post-Run: 81,005,199,360 bytes free
    .
    - - End Of File - - 967747EEF097E806E8C0124AED5422B3






    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    
    File::
    c:\windows\system32\services.exe.9656B81F6D0B43DB
    
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    
    Driver::
    
    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "adaware"=-
    "adaware_XP"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    well did as instructed above and when it came to Preparing Log Report I waited an hour for it to finish that and I couldn't wait any longer for it to finish because I had to use my computer for work..........but I did let it finish and it did spit out a log......hope me using the computer didn't screw it up:confused:

    I could run it again if needed at the end of my work day and let it run uninterrupted

    Here is the log

    ComboFix 12-08-22.03 - diehlj 08/23/2012 11:26:00.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9972 [GMT -5:00]
    Running from: c:\users\diehlj\Desktop\virus tools\ComboFix.exe
    Command switches used :: c:\users\diehlj\Desktop\virus tools\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\services.exe.9656B81F6D0B43DB"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\diehlj\AppData\Roaming\926A63
    c:\windows\system32\services.exe.9656B81F6D0B43DB
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\users\Gencor\AppData\Local\temp
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-08-23 16:31 . 2012-08-23 16:31 -------- d-----w- c:\users\Admingen\AppData\Local\temp
    2012-08-23 11:24 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5211CE3C-3EDC-4A14-BD1E-9A30F3B2DF86}\mpengine.dll
    2012-08-22 18:53 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-22 18:53 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-22 15:06 . 2012-08-22 15:06 -------- d-----w- C:\FRST
    2012-08-20 12:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-09 14:03 . 2012-08-09 14:03 -------- d-----w- c:\users\diehlj\AppData\Local\LogMeIn
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2012-08-06 11:29 . 2012-08-06 11:29 -------- d-----w- c:\program files (x86)\QuickTime
    2012-08-03 14:14 . 2012-08-03 14:14 -------- d-----w- c:\program files (x86)\Common Files\Real
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2012-07-25 19:21 . 2012-07-25 19:21 -------- d-----w- c:\windows\en
    2012-07-25 19:18 . 2012-07-25 19:18 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-07-25 19:16 . 2012-07-25 19:16 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa8977581cd6a9902\MeshBetaRemover.exe
    2012-07-25 19:16 . 2012-07-25 19:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DSETUP.dll
    2012-07-25 19:16 . 2012-07-25 19:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DXSETUP.exe
    2012-07-25 19:16 . 2012-07-25 19:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\dsetup32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 13:16 . 2012-04-06 15:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 13:16 . 2011-05-14 13:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-03 09:27 . 2011-04-14 15:14 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 18:46 . 2011-05-25 14:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-06 13:49 . 2012-06-06 13:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-02 22:19 . 2012-06-22 11:36 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 11:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 11:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 11:36 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 11:36 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 11:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 11:36 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 11:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 11:36 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 17:25 . 2011-04-13 15:26 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-22_20.12.57 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-01-19 14:12 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
    + 2012-08-22 18:52 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
    - 2012-01-19 14:12 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
    + 2012-08-22 18:52 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
    + 2012-08-22 18:52 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
    + 2012-08-23 08:03 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-06-22 11:38 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-06-22 11:38 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-08-23 08:03 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2012-06-22 11:38 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-08-23 08:03 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-08-22 18:52 . 2012-07-04 21:14 41984 c:\windows\SysWOW64\browcli.dll
    - 2011-07-01 17:02 . 2010-11-20 12:18 41984 c:\windows\SysWOW64\browcli.dll
    + 2012-08-22 18:52 . 2012-07-04 22:16 73216 c:\windows\system32\netapi32.dll
    - 2012-06-22 11:38 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
    + 2012-08-23 08:03 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
    + 2012-08-23 08:03 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
    - 2012-06-22 11:38 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
    - 2012-06-22 11:38 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
    + 2012-08-23 08:03 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
    + 2009-07-14 05:30 . 2012-08-23 08:21 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-01-19 14:16 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-07-13 11:42 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
    + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
    + 2012-08-22 18:52 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
    - 2012-01-19 14:12 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
    + 2012-08-22 18:52 . 2012-07-04 22:13 59392 c:\windows\system32\browcli.dll
    - 2011-07-01 17:03 . 2010-11-20 13:25 67072 c:\windows\splwow64.exe
    + 2012-08-22 18:52 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 34144 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\oisicon.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 34144 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\oisicon.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 43608 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\msouc.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 19296 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\cagicon.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 19296 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-02-04 18:40 . 2011-02-04 18:40 49488 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\VBAJET32.DLL
    + 2010-12-21 05:48 . 2010-12-21 05:48 44992 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACERCLR.DLL
    + 2012-08-22 18:52 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
    - 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
    - 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
    + 2012-08-22 18:52 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
    + 2012-08-23 08:22 . 2012-08-23 08:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-22 20:11 . 2012-08-22 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-23 08:22 . 2012-08-23 08:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-22 20:11 . 2012-08-22 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-07-01 17:03 . 2010-11-20 12:21 492032 c:\windows\SysWOW64\win32spl.dll
    + 2012-08-22 18:52 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll
    - 2012-06-22 11:38 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
    + 2012-08-23 08:03 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
    + 2012-08-22 18:52 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
    - 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
    + 2012-08-22 18:52 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
    + 2012-08-23 08:03 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
    + 2012-08-23 08:03 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2012-06-22 11:38 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-08-23 08:03 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
    - 2012-06-22 11:38 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-08-22 18:52 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
    - 2011-07-01 17:02 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
    - 2011-07-01 17:03 . 2010-11-20 13:27 751104 c:\windows\system32\win32spl.dll
    + 2012-08-22 18:52 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll
    - 2012-06-22 11:38 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
    + 2012-08-23 08:03 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
    - 2011-07-01 17:03 . 2010-11-20 13:25 559104 c:\windows\system32\spoolsv.exe
    + 2012-08-22 18:52 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe
    + 2012-08-22 18:52 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
    - 2012-01-19 14:12 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
    + 2009-07-14 02:36 . 2012-08-23 12:25 704134 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-22 18:48 704134 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-23 12:25 137778 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-08-22 18:48 137778 c:\windows\system32\perfc009.dat
    + 2012-08-22 18:52 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
    - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
    + 2012-08-22 18:52 . 2012-05-14 05:26 956928 c:\windows\system32\localspl.dll
    + 2012-08-23 08:03 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
    + 2012-08-23 08:03 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
    - 2012-06-22 11:38 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
    + 2012-08-23 08:03 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
    - 2012-06-22 11:38 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
    + 2009-07-14 04:45 . 2012-08-23 08:22 456184 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 04:45 . 2012-06-22 11:50 456184 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 05:30 . 2012-01-19 14:16 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-23 08:21 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-01-19 14:16 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2012-08-23 08:21 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-07-01 17:02 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
    + 2012-08-23 08:05 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
    - 2009-07-14 05:31 . 2011-07-14 11:15 399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2009-07-14 05:31 . 2012-08-23 08:21 399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2012-08-22 18:52 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
    + 2012-08-22 18:52 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
    + 2012-08-22 18:52 . 2012-07-04 22:13 136704 c:\windows\system32\browser.dll
    + 2009-07-14 04:46 . 2012-08-23 08:26 108288 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 05:01 . 2012-08-23 08:21 413780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-04 12:59 . 2012-07-04 12:59 261120 c:\windows\Installer\28b49db.msp
    + 2012-05-23 15:38 . 2012-08-23 08:04 415584 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pubs.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 415584 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pubs.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 303456 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 303456 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 571232 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 571232 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 326496 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\joticon.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 326496 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\joticon.exe
    + 2012-08-23 08:04 . 2012-08-23 08:04 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    - 2012-05-10 11:32 . 2012-05-10 11:32 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
    + 2011-02-05 04:52 . 2011-02-05 04:52 403320 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\OFFXML.DLL
    + 2011-01-07 15:38 . 2011-01-07 15:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\MSCONV97.DLL
    + 2011-02-04 18:40 . 2011-02-04 18:40 452936 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\EXPSRV.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 362904 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEXBE.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 220560 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACETXT.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 527776 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEREP.DLL
    + 2010-12-21 05:48 . 2010-12-21 05:48 329624 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACER3X.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 383904 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEOLEDB.DLL
    + 2010-12-21 05:48 . 2010-12-21 05:48 278448 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEODBC.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 644504 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEEXCL.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 334752 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEEXCH.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 686504 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEES.DLL
    + 2010-12-28 05:49 . 2010-12-28 05:49 548792 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEDAO.DLL
    + 2012-08-23 08:03 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
    - 2012-06-22 11:38 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
    + 2012-08-23 08:03 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
    - 2012-06-22 11:38 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
    + 2012-08-22 18:52 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
    - 2011-07-01 17:03 . 2010-11-20 12:19 1390080 c:\windows\SysWOW64\msxml6.dll
    + 2012-08-22 18:52 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll
    - 2011-07-01 17:03 . 2010-11-20 12:19 1236992 c:\windows\SysWOW64\msxml3.dll
    + 2012-08-23 08:03 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
    - 2012-06-22 11:38 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
    + 2012-08-23 08:03 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
    - 2012-06-22 11:38 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
    + 2012-08-23 08:03 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
    + 2012-08-23 08:03 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
    - 2012-06-22 11:38 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
    + 2012-08-22 18:52 . 2012-07-18 18:15 3148800 c:\windows\system32\win32k.sys
    - 2012-06-22 11:38 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
    + 2012-08-23 08:03 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
    + 2012-08-22 18:52 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
    - 2011-07-01 17:03 . 2010-11-20 13:27 2004480 c:\windows\system32\msxml6.dll
    + 2012-08-22 18:52 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll
    + 2012-08-23 08:03 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
    - 2012-06-22 11:38 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
    + 2012-08-23 08:03 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
    + 2012-08-22 18:52 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
    - 2011-07-01 17:02 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll
    + 2009-07-14 04:45 . 2012-08-23 08:25 7413448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-06-22 11:53 7413448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-07-19 07:45 . 2012-07-19 07:45 3464704 c:\windows\Installer\28b4a85.msp
    + 2012-06-20 06:29 . 2012-06-20 06:29 5262848 c:\windows\Installer\28b4a71.msp
    + 2012-07-04 13:04 . 2012-07-04 13:04 1292288 c:\windows\Installer\28b4a52.msp
    + 2012-07-04 13:09 . 2012-07-04 13:09 1284096 c:\windows\Installer\28b4a48.msp
    + 2012-04-05 06:56 . 2012-04-05 06:56 2820096 c:\windows\Installer\28b4a34.msp
    + 2012-07-04 13:01 . 2012-07-04 13:01 9082368 c:\windows\Installer\28b4a20.msp
    + 2012-07-04 12:58 . 2012-07-04 12:58 6163456 c:\windows\Installer\28b4a04.msp
    + 2012-06-20 07:06 . 2012-06-20 07:06 1839104 c:\windows\Installer\28b49ef.msp
    - 2012-05-23 15:38 . 2012-06-22 11:48 1479520 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\xlicons.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 1479520 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\xlicons.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 1858400 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\wordicon.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 1858400 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\wordicon.exe
    + 2012-05-23 15:38 . 2012-08-23 08:04 3792736 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pptico.exe
    - 2012-05-23 15:38 . 2012-06-22 11:48 3792736 c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
    + 2010-10-22 22:12 . 2010-10-22 22:12 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\IPEDITOR.DLL
    + 2010-10-22 23:55 . 2010-10-22 23:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACEWDAT.DLL
    + 2011-03-11 22:46 . 2011-03-11 22:46 2194312 c:\windows\Installer\$PatchCache$\Managed\00004109210000000000000000F01FEC\14.0.6029\ACECORE.DLL
    + 2012-08-22 18:52 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
    + 2012-08-23 08:03 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
    + 2009-07-14 02:34 . 2012-08-23 08:21 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-08-22 18:52 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll
    - 2012-02-15 14:30 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
    + 2012-08-23 08:03 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
    + 2012-08-23 08:03 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
    + 2011-05-14 16:02 . 2012-08-23 08:21 24534140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1390067357-2052111302-839522115-1265-12288.dat
    + 2012-07-25 21:59 . 2012-07-25 21:59 11032064 c:\windows\Installer\28b4a5a.msp
    + 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\1b0bd40.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
    2012-01-03 14:44 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 03:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\diehlj\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    .
    c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-5-25 2447360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2012-01-03 265928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-06 1431888]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-23 114144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
    R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-09-29 109624]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SQLAgent$MTCSOFTWARE;SQL Server Agent (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
    R4 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
    S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
    S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 MSSQL$MTCSOFTWARE;SQL Server (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
    S2 MTCSqlJobService;MTC Sql Job Service;c:\program files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe [2011-08-16 33280]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-12-06 12904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:16]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265Core.job
    - c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265UA.job
    - c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 03:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-04-01 98304]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    TCP: DhcpNameServer = 192.168.16.2 66.43.215.1
    Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
    FF - ProfilePath - c:\users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{389943B0-C3A2-4E69-82CB-8596A84CB3DC} - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
    "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
    "0"="Microsoft Actions Pane 3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-23 12:54:07
    ComboFix-quarantined-files.txt 2012-08-23 17:54
    .
    Pre-Run: 80,293,347,328 bytes free
    Post-Run: 80,035,840,000 bytes free
    .
    - - End Of File - - E69A384B3ECA3F7CE137D4D6DC765813
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Looks good :)

    Any current issues?

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    It seems to be a GLR (good little runner) so far ;)

    I was thinking of replacing MSE with Avast when we are all done.....what are your thoughts

    Here are the logs you requested.


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.20.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    diehlj :: ELECTQA-01 [administrator]

    8/24/2012 6:20:34 AM
    mbam-log-2012-08-24 (06-20-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 280084
    Time elapsed: 2 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    OTL.TXT

    OTL logfile created on: 8/24/2012 6:30:55 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\diehlj\Desktop\virus tools
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 10.05 Gb Available Physical Memory | 83.73% Memory free
    51.06 Gb Paging File | 48.91 Gb Available in Paging File | 95.80% Paging File free
    Paging file location(s): c:\pagefile.sys 40000 50000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195.32 Gb Total Space | 74.79 Gb Free Space | 38.29% Space Free | Partition Type: NTFS
    Drive D: | 269.67 Gb Total Space | 56.65 Gb Free Space | 21.01% Space Free | Partition Type: NTFS

    Computer Name: ELECTQA-01 | User Name: diehlj | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/08/24 06:20:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\diehlj\Desktop\virus tools\OTL.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2012/01/03 09:44:38 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    PRC - [2011/12/14 08:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
    PRC - [2011/08/16 16:31:54 | 000,033,280 | ---- | M] (Hypertherm, Inc.) -- C:\Program Files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe
    PRC - [2009/08/07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/01/20 04:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2011/12/06 09:27:14 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2011/12/02 11:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
    SRV:64bit: - [2011/09/28 20:14:22 | 000,109,624 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
    SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/05/18 23:40:08 | 002,169,592 | ---- | M] (UltraVNC) [Disabled | Stopped] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
    SRV:64bit: - [2010/11/03 16:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2010/10/16 16:17:30 | 003,427,176 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/24 17:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/05/23 12:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
    SRV - [2012/08/23 09:08:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/15 08:16:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/10 12:44:27 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/03 09:44:38 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
    SRV - [2011/12/14 08:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
    SRV - [2011/12/06 09:26:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2011/12/06 09:26:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/08/16 16:31:54 | 000,033,280 | ---- | M] (Hypertherm, Inc.) [Auto | Running] -- C:\Program Files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe -- (MTCSqlJobService)
    SRV - [2011/05/03 11:08:00 | 004,756,216 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2005/03/11 14:40:26 | 000,455,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/06 14:01:38 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
    DRV:64bit: - [2011/11/24 10:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
    DRV:64bit: - [2011/11/24 10:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2011/10/07 10:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
    DRV:64bit: - [2011/09/16 16:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/09/08 09:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
    DRV:64bit: - [2011/08/09 08:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/24 09:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/03/24 09:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
    DRV:64bit: - [2010/06/22 06:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
    DRV:64bit: - [2010/02/10 12:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
    DRV:64bit: - [2010/02/09 08:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/23 14:41:06 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/03/17 12:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
    DRV - [2011/03/24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/03/24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\diehlj\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\diehlj\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\diehlj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012/01/03 09:44:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/23 09:08:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 09:08:09 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/11/18 09:00:39 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\extensions\ffox@bandoo.com [2012/01/24 07:23:17 | 000,000,000 | ---D | M]

    [2011/05/14 08:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diehlj\AppData\Roaming\mozilla\Extensions
    [2012/08/14 07:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions
    [2012/05/18 12:25:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/01/24 07:23:17 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions\ffox@bandoo.com
    [2012/06/13 09:49:57 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions\foxmarks@kei.com
    [2012/08/09 11:08:33 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions\LogMeInClient@logmein.com
    [2012/07/27 08:49:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\diehlj\AppData\Roaming\mozilla\Firefox\Profiles\0izjnju6.default\extensions\support@lastpass.com
    [2012/08/23 09:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/23 09:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/01/03 09:44:21 | 000,000,000 | ---D | M] (SPEEDbit Video Downloader) -- C:\PROGRAM FILES (X86)\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
    [2011/09/29 07:18:51 | 000,043,131 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
    [2012/07/10 09:11:53 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
    [2011/11/09 15:41:48 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
    [2012/06/19 07:06:01 | 000,344,664 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
    [2012/03/23 09:00:49 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2011/12/13 08:55:33 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\DIEHLJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0IZJNJU6.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
    [2012/08/23 09:08:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/15 06:15:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
    [2011/11/11 09:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    [2012/07/24 08:55:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/24 08:55:21 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\diehlj\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Chrome NaCl (Enabled) = C:\Users\diehlj\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\diehlj\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\diehlj\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\diehlj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
    CHR - Extension: Bounceball = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnonnffemhpfblohaicmfmofbfaaoobf\1.1_0\
    CHR - Extension: SpeedBit Video Downloader = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
    CHR - Extension: Bandoo = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
    CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.9_0\
    CHR - Extension: Atari - Asteroids = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkamaohjodmnhiehbogggcllkndklok\1.3_0\
    CHR - Extension: WGT Golf Game = C:\Users\diehlj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\29.1.0_0\
     
  18. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    O1 HOSTS File: ([2012/08/23 11:31:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - No CLSID value found.
    O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SpeedBit)
    O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1390067357-2052111302-839522115-1265..\Run: [Akamai NetSession Interface] C:\Users\diehlj\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - Startup: C:\Users\diehlj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/08/06 10:21:34 | 000,000,000 | -H-D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
    O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
    O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
    O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
    O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
    O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1305579442341 (MUCatalogWebControl Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse.com/games/beje2/popcaploader.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.2 66.43.215.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gencor.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CDD4592-4A82-490A-B27F-C237CB14A24F}: DhcpNameServer = 192.168.16.2 66.43.215.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/20 20:44:37 | 000,000,000 | ---D | M] - C:\AUTOSAVE -- [ NTFS ]
    O32 - AutoRun File - [2012/08/23 10:11:40 | 000,000,000 | ---D | M] - D:\AUTOSAVE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/23 12:27:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/23 11:24:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/08/23 11:14:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/08/23 09:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/08/23 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{6A2963D5-190B-486F-988D-35505F4948F3}
    [2012/08/22 13:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/22 13:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/22 13:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/22 13:47:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/22 10:06:40 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/21 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\diehlj\Desktop\virus tools
    [2012/08/21 06:22:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/08/21 06:21:23 | 000,000,000 | ---D | C] -- D:\temp
    [2012/08/13 10:46:40 | 000,000,000 | ---D | C] -- C:\Users\diehlj\Desktop\400T PORT DRUM PICS
    [2012/08/10 09:50:54 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{670EDA38-A963-47FB-917E-F31A99F1E8EF}
    [2012/08/09 09:03:41 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\LogMeIn
    [2012/08/06 10:21:34 | 000,000,000 | -H-D | C] -- C:\Users\diehlj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    [2012/08/06 06:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/08/06 06:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/08/03 09:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2012/08/02 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{08AD4B9C-F8EA-4E35-A361-ECEBAAA2E3CD}
    [2012/08/02 08:32:28 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{113C53BA-B2FC-4498-95F8-1A225921BF96}
    [2012/07/25 14:21:19 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/07/25 14:06:39 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{EC586BF2-888F-4CDD-959D-EDB5F69AC112}
    [2012/07/25 14:06:29 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{12D8FB23-6D7C-48BB-B08B-83114219671A}
    [2012/07/25 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{092ED90A-E16F-418A-9CE8-7DE892763208}
    [2012/07/25 14:06:11 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{B6A7A86D-FC12-4351-BAC0-9D710281FA91}
    [2012/07/25 14:06:01 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{1F586F0F-6260-4704-A204-E8D5304F2CC0}
    [2012/07/25 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{E18E82AA-9A0C-4C6B-95E7-061B824F2774}
    [2012/07/25 14:05:41 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{EDC427DC-B291-4B6A-AD99-382336AE888E}
    [2012/07/25 14:05:32 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{BB932961-495A-4D84-BA19-A1C41A09084A}
    [2012/07/25 14:05:21 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{A416B975-C3C2-4973-889E-6918077DA3EF}
    [2012/07/25 14:05:12 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{05483F89-E5F1-462B-9469-5392E5178B2E}
    [2012/07/25 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{57D4F123-D4B2-4D83-AF22-D4A5756891D7}
    [2012/07/25 14:04:53 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{68D0A384-2BDD-4B22-B585-0930A6768AD6}
    [2012/07/25 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{68F3F894-0C38-4658-80B5-F638E2F57F9A}
    [2012/07/25 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{A0604A03-614A-4D6A-AC91-A98858334553}
    [2012/07/25 09:44:29 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{1E02ED42-3295-4504-B269-B0A43F7BA749}
    [2012/07/25 09:44:11 | 000,000,000 | ---D | C] -- C:\Users\diehlj\AppData\Local\{F591A578-21FD-4631-AAB3-20C2079FE9CD}
    [1 D:\*.tmp files -> D:\*.tmp -> ]
    [1 C:\Users\diehlj\AppData\Local\*.tmp files -> C:\Users\diehlj\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/24 06:23:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265UA.job
    [2012/08/24 06:23:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/24 06:19:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/24 06:19:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/24 06:18:07 | 000,840,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/24 06:18:07 | 000,704,134 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/24 06:18:07 | 000,137,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/24 06:15:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/24 06:11:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/24 06:11:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/24 06:11:26 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/23 12:27:20 | 000,003,090 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch_Files - Shortcut.lnk
    [2012/08/23 11:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/23 11:15:23 | 000,001,132 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/08/23 10:00:52 | 000,002,206 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\drawing storage - Shortcut (2).lnk
    [2012/08/23 07:31:42 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265Core.job
    [2012/08/23 07:25:00 | 000,870,128 | ---- | M] () -- C:\Users\diehlj\AppData\Roaming\mcs.rma
    [2012/08/23 03:22:56 | 000,456,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/13 11:33:02 | 000,001,568 | ---- | M] () -- C:\Users\diehlj\Desktop\KEVIN'S RAILING.dwg - Shortcut.lnk
    [2012/08/13 07:07:00 | 000,001,414 | ---- | M] () -- C:\Users\diehlj\Desktop\Standard dwgs for job compiled from what I had here on HDD - Shortcut.lnk
    [2012/08/13 06:34:35 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/08 07:08:56 | 000,001,065 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp64.exe - Shortcut.lnk
    [2012/08/07 07:13:17 | 000,001,284 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\Orlando BURNTABLE Folder.lnk
    [2012/08/06 13:55:50 | 008,290,717 | ---- | M] () -- C:\Users\diehlj\Desktop\DocLib_7232_Thermal Dynamics CutMaster 102 Service Manual_(0-4998_AJ web)_April2012.pdf
    [2012/08/06 06:48:39 | 000,000,179 | ---- | M] () -- C:\Users\diehlj\.MIDI_PRT.CFG
    [2012/08/03 13:20:51 | 000,001,261 | ---- | M] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\Orlando Drawings Server.lnk
    [2012/07/26 06:22:46 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/26 06:22:45 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [1 D:\*.tmp files -> D:\*.tmp -> ]
    [1 C:\Users\diehlj\AppData\Local\*.tmp files -> C:\Users\diehlj\AppData\Local\*.tmp -> ]


    ========== Files Created - No Company Name ==========

    [2012/08/22 13:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/22 13:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/22 13:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/22 13:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/22 13:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/13 11:33:02 | 000,001,568 | ---- | C] () -- C:\Users\diehlj\Desktop\KEVIN'S RAILING.dwg - Shortcut.lnk
    [2012/08/08 07:08:56 | 000,001,065 | ---- | C] () -- C:\Users\diehlj\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp64.exe - Shortcut.lnk
    [2012/08/06 13:55:50 | 008,290,717 | ---- | C] () -- C:\Users\diehlj\Desktop\DocLib_7232_Thermal Dynamics CutMaster 102 Service Manual_(0-4998_AJ web)_April2012.pdf
    [2012/08/03 09:14:39 | 000,870,128 | ---- | C] () -- C:\Users\diehlj\AppData\Roaming\mcs.rma
    [2012/08/03 07:31:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/02 06:27:28 | 000,001,414 | ---- | C] () -- C:\Users\diehlj\Desktop\Standard dwgs for job compiled from what I had here on HDD - Shortcut.lnk
    [2012/03/30 11:23:31 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/03/08 17:32:54 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2012/02/02 16:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2012/01/25 10:49:17 | 000,000,094 | -H-- | C] () -- C:\Windows\SysWow64\zbq_Q1swg.ini
    [2012/01/13 06:56:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/13 06:56:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/01/04 15:18:45 | 000,000,179 | ---- | C] () -- C:\Users\diehlj\.MIDI_PRT.CFG
    [2011/12/14 10:37:44 | 000,006,144 | ---- | C] () -- C:\Users\diehlj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/14 07:01:32 | 000,001,294 | ---- | C] () -- C:\Users\diehlj\PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide.lnk
    [2011/11/18 09:00:33 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
    [2011/11/18 09:00:33 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
    [2011/09/28 14:29:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011/07/01 21:59:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
    [2011/07/01 07:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
    [2011/05/20 07:10:57 | 000,000,261 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2011/05/16 15:30:36 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS58.DLL
    [2011/05/16 12:41:23 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
    [2011/05/16 12:40:21 | 000,000,061 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2011/05/16 12:40:18 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2011/05/16 12:40:18 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2011/05/16 12:40:18 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2011/05/16 12:40:17 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/05/14 08:00:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/14 05:43:31 | 000,007,621 | ---- | C] () -- C:\Users\diehlj\AppData\Local\resmon.resmoncfg
    [2011/05/13 12:49:17 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2011/05/13 12:49:17 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2011/05/13 12:49:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2011/05/13 12:49:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2011/05/13 12:49:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2011/04/14 12:35:20 | 000,005,648 | RHS- | C] () -- C:\Users\diehlj\ntuser.pol
    [2011/04/14 10:59:57 | 000,004,284 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/04/13 14:12:01 | 000,854,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/02 08:14:26 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

    ========== LOP Check ==========

    [2012/01/27 17:16:38 | 000,000,000 | ---D | M] -- C:\Users\Admingen\AppData\Roaming\3Dconnexion
    [2012/01/28 07:34:21 | 000,000,000 | ---D | M] -- C:\Users\Admingen\AppData\Roaming\Bandoo
    [2011/04/14 11:19:58 | 000,000,000 | ---D | M] -- C:\Users\Admingen\AppData\Roaming\DassaultSystemes
    [2011/12/07 07:57:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\3Dconnexion
    [2011/05/13 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\2Deditor
    [2011/05/14 09:40:24 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\3Dconnexion
    [2011/11/16 16:26:59 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\Avery
    [2012/01/24 07:12:55 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\Bandoo
    [2011/12/14 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\canon
    [2012/02/02 14:10:34 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\DassaultSystemes
    [2012/03/30 14:53:33 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\DeepVoyage
    [2012/01/06 11:06:29 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\DraftSight
    [2011/11/14 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\EDrawings
    [2011/07/14 10:21:48 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\GetRightToGo
    [2012/03/30 14:45:13 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\iWin
    [2012/03/22 10:08:32 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\JaiboGames
    [2011/05/25 09:15:15 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\JAM Software
    [2012/03/12 13:47:08 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\KewlBoxPrefs
    [2012/03/23 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\md studio
    [2011/05/16 12:40:56 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\MTC Software
    [2011/09/12 09:43:58 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\PC Suite
    [2012/04/06 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\Rovio
    [2011/09/12 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\Samsung
    [2012/03/02 16:08:43 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\SystemRequirementsLab
    [2011/05/24 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\diehlj\AppData\Roaming\Unity
    [2012/08/06 18:18:03 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CF54F1CA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1E7308B6
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7CA8656F
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:862BDB1A
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA

    < End of report >

    Extras.txt

    OTL Extras logfile created on: 8/24/2012 6:30:55 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\diehlj\Desktop\virus tools
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 10.05 Gb Available Physical Memory | 83.73% Memory free
    51.06 Gb Paging File | 48.91 Gb Available in Paging File | 95.80% Paging File free
    Paging file location(s): c:\pagefile.sys 40000 50000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195.32 Gb Total Space | 74.79 Gb Free Space | 38.29% Space Free | Partition Type: NTFS
    Drive D: | 269.67 Gb Total Space | 56.65 Gb Free Space | 21.01% Space Free | Partition Type: NTFS

    Computer Name: ELECTQA-01 | User Name: diehlj | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1390067357-2052111302-839522115-1265\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
    Directory [SuperFinder] -- "C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe" "%1" (FSL)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
    Directory [SuperFinder] -- "C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe" "%1" (FSL)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{131F6239-6284-4321-B0EF-54F7402AC458}" = lport=57981 | protocol=6 | dir=in | name=akamai netsession interface |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3CA06DB2-4BCC-4C11-9C33-231BD55D222E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{4FB52563-EE7F-4D38-BD78-43A538BAE25A}C:\users\diehlj\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\diehlj\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{D686A631-B88F-48C5-968D-DA3DC9AA41FC}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "UDP Query User{3C6E192B-5B4F-4A74-987E-164C6EB62EF6}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "UDP Query User{FEBFDBDE-88DE-4561-9571-9E773B28B688}C:\users\diehlj\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\diehlj\appdata\local\akamai\netsession_win.exe |
     
  19. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0DB0EA38-E806-44ED-A892-489F2E305080}" = Dell System Manager
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{2001197F-7545-41F7-9078-E8D23B3BBEAF}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
    "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{41A957AE-A709-440E-97E1-1D5266AF6F95}" = 3Dconnexion 3DxWare (x64)
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4B714EBA-F7DF-4467-B38F-5D3DFBD29674}" = 3Dconnexion Add-In for Solid Edge V18 - ST3
    "{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP02
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{56119275-AA50-426D-975B-8FA0049DC648}" = 3Dconnexion Add-In for SolidWorks 2005 - 2011 (x64)
    "{5A2565D0-A773-4C69-A66D-7AAF2039E985}" = Classic Shell
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{65DDB7D8-5E04-45DF-B60E-89557ED37ED2}" = SolidWorks Explorer 2012 SP01 x64 Edition
    "{65E1D8B2-9DB9-402A-99E5-FCCC960B7989}" = 3Dconnexion Add-In for Inventor 11 - 2012
    "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{8FE53C9A-9952-4B99-AB10-2EEBDBF5102F}" = 3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B1BD6E2C-9CF1-4710-A0A9-16C8BFE19058}" = 3Dconnexion LCD Applets for SpacePilot PRO (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CC00C393-AEC9-4D4F-822F-373617A0F234}" = 3Dconnexion Plug-In for NX v3.0 - v8.0
    "{CDB93CCB-95AE-4464-B4CF-D07CE8997EA9}" = 3Dconnexion Plug-In for 3ds Max v9 - 2012
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E4751034-CCD4-4881-8174-B692B095629C}" = 3Dconnexion Plug-In for Maya v8.5 - 2012
    "{E551BB39-D6F9-4BF8-9F68-E3ADE936D3C0}" = 3Dconnexion Add-On for XSI v5.0 - 2011
    "{EB9400D5-6289-4F9F-9B79-B3528101C0C7}" = SolidWorks Flow Simulation 2012 SP01 x64 Edition
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F469B548-030B-41CD-BD46-D37A7EC9A530}" = Logitech LCD Manager
    "{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
    "{FB5688A1-05A2-4E9F-A5E7-872D71A6AAD6}" = DAP Plug-in for 64 Bit IE
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "CCleaner" = CCleaner
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "KONICA MINOLTA C360Series Installer" = KONICA MINOLTA C360Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Ultravnc2_is1" = UltraVnc
    "WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1910EF67-D4B8-4561-9252-4F2EFF2E17AE}" = 3Dconnexion Plug-in for Acrobat 3D
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FBEB88-9A9E-4F1D-BA8C-A107B2F7E9FD}" = ProNest 8 Nesting System
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2385065A-5B8B-430C-87B7-D8DC49C0FAC9}" = MTCSqlJobService
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E368382-C6DF-4D2C-BB63-58987F6F808F}" = DraftSight
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
    "{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{852252AE-F555-4BA1-B451-4E4C230D18F2}" = 3Dconnexion Extension for SketchUp
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8C8292F3-7D93-4D40-9738-B24165D7E7CD}_is1" = AI Viewer
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
    "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B6C496F6-491A-47AA-AD92-A6ED719BEA60}" = ProNest 2010 Nesting Software
    "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (SpacePilot PRO x64 Edition)
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{DB5644E4-392E-4995-9129-0DDCFAD028C3}_is1" = Pazera Free Video to 3GP Converter 1.2
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Active@ Password Changer Professional" = Active@ Password Changer Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Bandoo" = Bandoo
    "CameraUserGuide-PSELPH100HS_IXUS115HS" = Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "Duplicate Cleaner" = Duplicate Cleaner 2.1b
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MDI2PDF Converter_is1" = MDI2PDF 2.61
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera" = Canon Utilities MyCamera
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "Office14.STANDARD" = Microsoft Office Standard 2010
    "OpenAL" = OpenAL
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RealVNC_is1" = VNC Free Edition 4.1.1
    "Rhapsody" = Rhapsody
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "SolidWorks Installation Manager 20120-40100-1100-100" = SolidWorks 2012 x64 Edition SP01
    "SolidWorks Installation Manager 20120-40200-1100-100" = SolidWorks 2012 x64 Edition SP02
    "SpeedBit Video Accelerator" = SpeedBit Video Accelerator
    "SPEEDbit Video Downloader" = SpeedBit Video Downloader
    "Super Finder XT_is1" = Super Finder XT 1.6.3.2
    "SystemRequirementsLab" = System Requirements Lab
    "TreeSize Free_is1" = TreeSize Free V2.5
    "Tunatic" = Tunatic
    "Vextractor Demo_is1" = Vextractor 3.97 Demo
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1390067357-2052111302-839522115-1265\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "JoinMe" = join.me
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/22/2012 2:42:55 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 9000
    Description =

    Error - 8/22/2012 2:42:55 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 7040
    Description =

    Error - 8/22/2012 2:42:55 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 7042
    Description =

    Error - 8/22/2012 2:42:55 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 9002
    Description =

    Error - 8/22/2012 2:42:55 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 3029
    Description =

    Error - 8/22/2012 2:42:58 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 3029
    Description =

    Error - 8/22/2012 2:42:58 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 3028
    Description =

    Error - 8/22/2012 2:42:58 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 3058
    Description =

    Error - 8/22/2012 2:42:58 PM | Computer Name = ELECTQA-01.gencor.com | Source = Windows Search Service | ID = 7010
    Description =

    Error - 8/24/2012 7:30:21 AM | Computer Name = ELECTQA-01.gencor.com | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.56.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 126c Start Time:
    01cd81eaf9e45fb9 Termination Time: 0 Application Path: C:\Users\diehlj\Desktop\virus
    tools\OTL.exe Report Id: 130eff5c-eddf-11e1-87ad-bc305bd85f42

    [ SolidWorks-DTS Events ]
    Error - 4/5/2012 9:44:49 AM | Computer Name = ELECTQA-01.gencor.com | Source = swScheduler | ID = 0
    Description = ErrorCode=80004005 ErrorMessage="Unspecified error" ErrorSource="Microsoft
    JET Database Engine" ErrorDescription="Could not lock file."

    [ System Events ]
    Error - 8/23/2012 7:28:17 AM | Computer Name = ELECTQA-01.gencor.com | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 8/23/2012 8:24:54 AM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 8/23/2012 12:24:30 PM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7034
    Description = The VideoAcceleratorService service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 8/23/2012 12:24:30 PM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 8/23/2012 12:29:36 PM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/23/2012 12:31:13 PM | Computer Name = ELECTQA-01.gencor.com | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/23/2012 12:31:13 PM | Computer Name = ELECTQA-01.gencor.com | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/23/2012 12:31:44 PM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/24/2012 7:11:41 AM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 8/24/2012 7:11:47 AM | Computer Name = ELECTQA-01.gencor.com | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    I use Avast myself but MSE is a decent program.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1390067357-2052111302-839522115-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2 - BHO: (no name) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/22 10:06:40 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/01/25 10:49:17 | 000,000,094 | -H-- | C] () -- C:\Windows\SysWow64\zbq_Q1swg.ini
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CF54F1CA
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1E7308B6
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7CA8656F
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:862BDB1A
      @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Holy Smokes this thing must of been messed up for awhile now

    I noticed from the ESET Online scanner that my Backup Sets must be full of viruses....since I really have no reason to keep them should I will just delete them to free up some space?

    Here are all the logs..........thanks again for your help.....

    P.S. I do plan on donating when we get the messed clean up....thanks

    OTL log

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1390067357-2052111302-839522115-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U folder moved successfully.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\L folder moved successfully.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\{4e08287e-0f75-e9e4-8a10-e0f19224833b} folder moved successfully.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U folder moved successfully.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\L folder moved successfully.
    C:\FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\SysWOW64\zbq_Q1swg.ini moved successfully.
    ADS C:\ProgramData\Temp:CF54F1CA deleted successfully.
    ADS C:\ProgramData\Temp:1E7308B6 deleted successfully.
    ADS C:\ProgramData\Temp:7CA8656F deleted successfully.
    ADS C:\ProgramData\Temp:862BDB1A deleted successfully.
    ADS C:\ProgramData\Temp:553CA6CA deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admingen
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: diehlj
    ->Temp folder emptied: 2262645 bytes
    ->Temporary Internet Files folder emptied: 718725 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53334386 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2524 bytes

    User: Gencor
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8493421 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 62.00 mb


    [EMPTYJAVA]

    User: Admingen
    ->Java cache emptied: 0 bytes

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER

    User: Default

    User: Default User

    User: diehlj
    ->Java cache emptied: 0 bytes

    User: Gencor
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Admingen
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: diehlj
    ->Flash cache emptied: 0 bytes

    User: Gencor
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08272012_065543

    Files\Folders moved on Reboot...
    C:\Users\diehlj\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\diehlj\AppData\Local\Temp\~DFC1C3CB252F8F039B.TMP moved successfully.
    File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\diehlj\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\diehlj\AppData\Local\Temp\~DFC1C3CB252F8F039B.TMP not found!
    [2012/08/27 06:57:37 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5

    Registry entries deleted on Reboot...

    checkup.txt

    Results of screen317's Security Check version 0.99.46
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Duplicate Cleaner 2.1b
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0)
    Google Chrome 21.0.1180.79
    Google Chrome 21.0.1180.83
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    diehlj Desktop virus tools SecurityCheck.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS.txt

    Farbar Service Scanner Version: 06-08-2012
    Ran by diehlj (administrator) on 27-08-2012 at 07:05:34
    Running from "C:\Users\diehlj\Desktop\virus tools"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    ESETScan.txt

    C:\Program Files (x86)\Bandoo\Bandoo.exe a variant of Win32/Adware.Bandoo.AC application cleaned by deleting (after the next restart) - quarantined
    C:\Program Files (x86)\Bandoo\BandooUI.exe a variant of Win32/Adware.Bandoo.AB application cleaned by deleting - quarantined
    C:\Users\diehlj\AppData\Local\Temp\NOD4ACA.tmp a variant of Win32/Adware.Bandoo.AC application cleaned by deleting - quarantined
    C:\Users\diehlj\Downloads\7zipap_1320.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
    C:\Users\diehlj\Downloads\jZipV1c.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\67081c7cc168f335.sys Win64/Necurs.A trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08272012_065543\C_FRST\Quarantine\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\{4e08287e-0f75-e9e4-8a10-e0f19224833b}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
    D:\ELECTQA-01\Backup Set 2011-07-01 055218\Backup Files 2011-08-01 065156\Backup files 1.zip multiple threats deleted - quarantined
    D:\ELECTQA-01\Backup Set 2011-09-23 132401\Backup Files 2011-09-23 132401\Backup files 3.zip multiple threats deleted - quarantined
    D:\ELECTQA-01\Backup Set 2011-11-30 190003\Backup Files 2012-01-31 190002\Backup files 1.zip a variant of Win32/InstallIQ application deleted - quarantined
    D:\ELECTQA-01\Backup Set 2011-11-30 190003\Backup Files 2012-01-31 190002\Backup files 2.zip a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
    D:\ELECTQA-01\Backup Set 2011-11-30 190003\Backup Files 2012-01-31 190002\Backup files 4.zip multiple threats deleted - quarantined
    D:\ELECTQA-01\Backup Set 2012-04-02 062627\Backup Files 2012-04-02 062627\Backup files 3.zip multiple threats deleted - quarantined
    D:\ELECTQA-01\Backup Set 2012-04-02 062627\Backup Files 2012-04-02 062627\Backup files 4.zip a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
    D:\ELECTQA-01\Backup Set 2012-04-02 062627\Backup Files 2012-07-02 063655\Backup files 1.zip Win64/Sirefef.W trojan deleted - quarantined
    D:\ELECTQA-01\Backup Set 2012-04-02 062627\Backup Files 2012-07-02 063655\Backup files 2.zip multiple threats deleted - quarantined
    D:\MISC\nuancepdf.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
    D:\STICKBAK 10-13-11\UTILS 2011\jZipV1c.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You may as well.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Everything seems to be running Great!!!!......so far:confused:

    Thanks very much for all your help......this is my work pc and I would of been screwed, blued and tatoo'd if it gotten any worse than it was..........wonder where the heck I picked up the bug........hehe.....lord only knows

    here is the OTL.log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admingen
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: diehlj
    ->Temp folder emptied: 1256396 bytes
    ->Temporary Internet Files folder emptied: 5120859 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 247622479 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2603 bytes

    User: Gencor
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8473367 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 250.00 mb


    [EMPTYFLASH]

    User: Admingen
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: diehlj
    ->Flash cache emptied: 0 bytes

    User: Gencor
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Admingen
    ->Java cache emptied: 0 bytes

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: CURRENT_USER

    User: Default

    User: Default User

    User: diehlj
    ->Java cache emptied: 0 bytes

    User: Gencor
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.56.0 log created on 08282012_061312

    Files\Folders moved on Reboot...
    C:\Users\diehlj\AppData\Local\Temp\ExchangePerflog_8484fa31d225e810cfcccd43.dat moved successfully.
    C:\Users\diehlj\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\diehlj\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
    C:\Users\diehlj\AppData\Local\Temp\~DF65FC953D1B13F2E0.TMP moved successfully.
    File\Folder C:\Users\diehlj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D4CE043-31D5-4996-AAE4-CCD448BA5272}.tmp not found!
    File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\diehlj\AppData\Local\Temp\ExchangePerflog_8484fa31d225e810cfcccd43.dat not found!
    File C:\Users\diehlj\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\diehlj\AppData\Local\Temp\FXSTIFFDebugLogFile.txt not found!
    File C:\Users\diehlj\AppData\Local\Temp\~DF65FC953D1B13F2E0.TMP not found!
    File C:\Users\diehlj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D4CE043-31D5-4996-AAE4-CCD448BA5272}.tmp not found!
    [2012/08/28 06:16:08 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
  25. Jonny

    Jonny TS Rookie Topic Starter Posts: 17

    Thanks Broni...........You The Man!!!!:cool:

    Been along time since my system ran this great...........(y)(y)

    Time for me to donate..........Thanks Again;)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...