TechSpot

Trojan:win64/sirefef.y

By W0ox22
Jun 29, 2012
  1. How do I remove ? plz help
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================

    What Windows version is it?
     
  3. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    Windows 7
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02
    Ran by SYSTEM at 29-06-2012 23:03:30
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-05-25] (COMODO)
    HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-05-25] (COMODO)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ======

    2 ActService; "C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe" [18432 2011-08-17] (Microsoft)
    2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
    2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [161080 2011-05-25] (COMODO)
    2 FPLService; "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe" [260424 2011-08-25] (HP)
    2 FTSvc; "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe" [11776 2011-12-15] (Brand Affinity Technologies)
    2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2011-04-08] (Hewlett-Packard Development Company, L.P.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" -sACT7 [61913952 2010-05-05] (Microsoft Corporation)
    4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [59744 2010-05-05] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
    2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe /s [135608 2011-11-07] (Symantec Corporation)
    2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 [132984 2011-11-07] (Symantec Corporation)
    2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [251832 2010-12-02] (arvato digital services llc)
    2 Sage ACT! Scheduler; "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe" [81920 2011-08-17] (Sage Software, Inc.)
    4 SQLAgent$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE" -I ACT7 [428384 2010-05-05] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
    4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
    3 ssmirrdr; C:\Windows\System32\Drivers\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-29 17:16 - 2012-06-29 17:16 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-06-29 17:16 - 2012-06-29 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6DD3E8065F14F9FF
    2012-06-29 17:16 - 2012-06-29 17:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\czowewgu.sys
    2012-06-29 17:16 - 2012-06-29 17:16 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Users\All Users\Comodo Downloader
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Users\All Users\Comodo
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Program Files\COMODO
    2012-06-29 17:12 - 2012-06-29 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83A4FCB9C912E5B4
    2012-06-29 17:12 - 2012-06-29 17:09 - 67987984 ____A (COMODO) C:\Users\Louise Harrison\Desktop\cavse_so_30day_installer_1726_5b.exe
    2012-06-29 17:05 - 2012-06-29 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC78BCC9D34F8E75
    2012-06-29 17:05 - 2012-06-29 17:05 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lebaleoz.sys
    2012-06-29 17:02 - 2012-06-29 17:02 - 60673963 ____A (COMODO) C:\Users\Louise Harrison\Downloads\cavse_so_30day_installer_1726_5b.exe.6dyfe8l.partial
    2012-06-29 17:01 - 2012-06-29 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.460B5FD422DD2E93
    2012-06-29 16:58 - 2012-06-29 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E0B69C3CAC845E7
    2012-06-29 16:57 - 2012-06-29 16:58 - 00000022 ____A C:\Users\Louise Harrison\Desktop\New Text Document.txt
    2012-06-29 16:52 - 2012-06-29 16:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAF4EB12B784A6BB
    2012-06-29 16:48 - 2012-06-29 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8DF2961F77A4E67
    2012-06-29 16:44 - 2012-06-29 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6C7F1EACFFE2AF0
    2012-06-29 16:40 - 2012-06-29 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D89B9125F929ACF8
    2012-06-29 16:18 - 2012-06-29 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8837CEFB84D4C286
    2012-06-29 16:12 - 2012-06-29 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F046B250849CFBF
    2012-06-29 15:54 - 2012-06-29 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.842C1A993DA927AA
    2012-06-29 14:51 - 2012-06-29 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCD6F7D6F71D021D
    2012-06-29 14:39 - 2012-06-29 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F36D85DCD0DCF30
    2012-06-28 14:39 - 2012-06-28 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09F056A3BCE95691
    2012-06-28 14:37 - 2012-06-28 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.619952600546C4DE
    2012-06-28 14:34 - 2012-06-28 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A37A7EFCDE598109
    2012-06-28 14:32 - 2012-06-28 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B853A6E58824AD57
    2012-06-28 14:29 - 2012-06-28 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F8A70FC44B1A6BA
    2012-06-28 14:26 - 2012-06-28 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95CF0711319428E5
    2012-06-28 14:24 - 2012-06-28 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA6EBEDA0921E87C
    2012-06-28 14:21 - 2012-06-28 14:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1A51A29E8EFB3BA
    2012-06-28 14:18 - 2012-06-28 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D464F7BD1182DF3A
    2012-06-28 14:15 - 2012-06-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAE778678F7AEFDF
    2012-06-28 14:13 - 2012-06-28 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E28C1582C033E164
    2012-06-28 14:10 - 2012-06-28 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFEF014D95C48CB9
    2012-06-28 14:08 - 2012-06-28 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BAF9FD29F7D59E0
    2012-06-28 14:05 - 2012-06-28 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCA226EB6FEE45F4
    2012-06-28 14:02 - 2012-06-28 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2ECFD87890B6ED7
    2012-06-28 13:57 - 2012-06-28 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA5CBC7A871FAA57
    2012-06-28 13:54 - 2012-06-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8754C745CBDB7B2
    2012-06-28 13:51 - 2012-06-28 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E9CC6B42AF128F6
    2012-06-28 13:20 - 2012-06-28 13:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA5C60C749A1F805
    2012-06-28 13:20 - 2012-06-28 13:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhilslua.sys
    2012-06-28 13:17 - 2012-06-28 13:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F01383A4F66B8C8
    2012-06-28 13:14 - 2012-06-28 13:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E4C8FC83AD7D01
    2012-06-28 13:11 - 2012-06-28 13:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54081515FB235EA7
    2012-06-28 13:07 - 2012-06-28 13:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5EDC074E00FF00B2
    2012-06-28 13:07 - 2012-06-28 13:07 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zofgdcfq.sys
    2012-06-28 13:04 - 2012-06-28 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D94E6DBAEB46548
    2012-06-28 13:01 - 2012-06-28 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.935F83D7CF4DAEBE
    2012-06-28 12:58 - 2012-06-28 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73244C40F52A2877
    2012-06-28 12:54 - 2012-06-28 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.67BC1BDA024AA377
    2012-06-27 06:51 - 2012-06-27 06:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A392777D50462EB6
    2012-06-27 06:48 - 2012-06-27 06:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A938D9F696E73D4
    2012-06-27 06:45 - 2012-06-27 06:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB4A30AC7BB57DD9
    2012-06-27 06:42 - 2012-06-27 06:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3569941D3B742DF3
    2012-06-27 06:38 - 2012-06-27 06:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.802D87CB0E711FFD
    2012-06-27 06:35 - 2012-06-27 06:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FE4BD42BBCC4467
    2012-06-27 06:32 - 2012-06-27 06:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A58968BA3532287
    2012-06-27 06:29 - 2012-06-27 06:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16D834F73219BD8F
    2012-06-27 06:26 - 2012-06-27 06:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1689453FB55D5919
    2012-06-26 12:59 - 2012-06-26 12:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.153BCB913253AE6F
    2012-06-26 12:56 - 2012-06-26 12:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FACDF0B663AAB24B
    2012-06-26 12:53 - 2012-06-26 12:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A75AEA4E64BB9DF7
    2012-06-26 12:50 - 2012-06-26 12:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661EA14D1813EF1F
    2012-06-26 12:47 - 2012-06-26 12:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A761EE4A1BC252D3
    2012-06-26 12:44 - 2012-06-26 12:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.254EB7B605EC6835
    2012-06-26 12:41 - 2012-06-26 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27CB2135CB3ECE5B
    2012-06-26 12:38 - 2012-06-26 12:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1837A0921F2EA41
    2012-06-26 12:35 - 2012-06-26 12:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40F70CF09E36F315
    2012-06-26 12:32 - 2012-06-26 12:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6508750B9D372474
    2012-06-26 12:29 - 2012-06-26 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD20340217DC29E5
    2012-06-26 12:26 - 2012-06-26 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.285A6DA76D74F81F
    2012-06-26 12:23 - 2012-06-26 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A93777E127BF682
    2012-06-26 12:20 - 2012-06-26 12:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A127EBB20331B78F
    2012-06-26 12:17 - 2012-06-26 12:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2637723A2465A9E5
    2012-06-26 12:14 - 2012-06-26 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2887A3A116217F2
    2012-06-26 12:10 - 2012-06-26 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00BC16EA868AABB6
    2012-06-26 12:07 - 2012-06-26 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFD6C7D8AF28170F
    2012-06-26 12:04 - 2012-06-26 12:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6CC65833038B093
    2012-06-26 12:00 - 2012-06-26 12:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5813E6266FC5AD22
    2012-06-26 11:53 - 2012-06-26 11:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D25C98D692EB75A1
    2012-06-26 11:50 - 2012-06-26 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0BDD9A6E47EE52D
    2012-06-26 11:46 - 2012-06-26 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D8BCBC635C6EF36
    2012-06-26 11:42 - 2012-06-26 11:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CCB2FE47EBE3D91
    2012-06-26 11:39 - 2012-06-26 11:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FE6E8A18B92E88A
    2012-06-26 11:36 - 2012-06-26 11:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27BE717A67F4AF33
    2012-06-26 11:32 - 2012-06-26 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E41BCFDA912C631
    2012-06-26 11:29 - 2012-06-26 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E343A57BC88A7798
    2012-06-26 11:21 - 2012-06-26 11:21 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-26 11:20 - 2012-06-26 11:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-26 11:20 - 2012-06-26 11:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-26 10:12 - 2012-06-26 10:12 - 00000000 ____D C:\Users\All Users\AMMYY
    2012-06-21 08:18 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 08:18 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 08:18 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 08:18 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 08:17 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 08:17 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 08:17 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 08:15 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 08:15 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 08:08 - 2012-06-21 08:08 - 00060304 ____A C:\Users\Louise Harrison\g2mdlhlpx.exe
    2012-06-21 08:08 - 2012-06-21 08:08 - 00000000 ____D C:\Program Files (x86)\Citrix
    2012-06-19 09:55 - 2012-06-19 09:55 - 00000000 ____D C:\Windows\pss
    2012-06-19 09:08 - 2012-06-26 10:41 - 00000000 ____D C:\sh4ldr
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-19 09:07 - 2012-06-26 11:04 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-19 08:48 - 2012-06-19 08:48 - 00000061 ____A C:\Users\Louise Harrison\AppData\Roaming\mbam.context.scan
    2012-06-19 08:47 - 2012-06-19 08:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-19 08:39 - 2012-06-26 11:04 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Uwalu
    2012-06-19 08:39 - 2012-06-19 08:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Zeqeu
    2012-06-19 08:39 - 2012-06-19 08:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Ryxyqa
    2012-06-19 08:37 - 2012-06-26 11:06 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\ActiveMovie
    2012-06-19 08:37 - 2012-06-19 09:59 - 00000000 ____D C:\Users\All Users\B7E858A7523BB7F5210D5D11B4EB2367
    2012-06-17 09:18 - 2012-06-17 09:19 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{F7845D9E-8B9C-4E15-9D95-421AEF841980}
    2012-06-15 00:03 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-15 00:03 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-15 00:03 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-15 00:02 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-15 00:02 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-15 00:02 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-15 00:02 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-15 00:02 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-15 00:02 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-15 00:02 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-15 00:02 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-15 00:02 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-15 00:02 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-15 00:02 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-15 00:02 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-15 00:02 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-15 00:02 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-15 00:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-15 00:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-15 00:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-15 00:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-15 00:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-15 00:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-15 00:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-15 00:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-15 00:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-15 00:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-15 00:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 14:38 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 14:38 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 14:38 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 14:38 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 14:38 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 14:38 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 14:38 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 14:38 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 14:38 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 14:38 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 14:38 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 14:37 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 14:37 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 14:37 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 14:37 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 14:37 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 14:37 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-11 09:55 - 2012-06-11 09:56 - 00000000 ____D C:\Users\Louise Harrison\Documents\office
    2012-06-11 08:40 - 2012-06-11 09:54 - 00000000 ____D C:\Users\Louise Harrison\Documents\Thompson
    2012-06-11 07:51 - 2012-06-11 07:51 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{B255A4BF-DB84-4F6D-96AC-77118A3CB4C7}
    2012-06-11 07:50 - 2012-06-11 07:51 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{B63F73CA-6A97-449F-AA87-7917E7F60356}
    2012-06-08 17:12 - 2012-06-08 17:12 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{93CFFC8A-3C10-4B22-815C-6AA0E75C0EF3}
    2012-06-08 17:12 - 2012-06-08 17:12 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{29397CAC-D459-418C-BDE7-B65FC27A6179}
    2012-06-07 18:19 - 2012-06-07 18:19 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{9B12C4FA-1BB4-40D4-A491-AF775E488A39}
    2012-06-07 18:19 - 2012-06-07 18:19 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{25CE8326-3345-4941-88E2-4C956FF24F55}
    2012-06-03 10:39 - 2012-06-03 10:40 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{6F13E81F-DC54-4E9D-99E1-4B3D46281E92}
    2012-06-03 10:39 - 2012-06-03 10:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{97528349-47EA-48AA-9797-C26C1404D2FE}
    2012-05-31 14:02 - 2012-05-31 14:02 - 00014703 ____A C:\Users\Louise Harrison\Ambit Training Broch_Wristband.txt
    2012-05-31 13:59 - 2012-05-31 13:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
     
  6. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    ============ 3 Months Modified Files and Folders =============

    2012-06-29 23:03 - 2012-06-29 23:03 - 00000000 ____D C:\FRST
    2012-06-29 17:16 - 2012-06-29 17:16 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-06-29 17:16 - 2012-06-29 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6DD3E8065F14F9FF
    2012-06-29 17:16 - 2012-06-29 17:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\czowewgu.sys
    2012-06-29 17:16 - 2012-06-29 17:16 - 00001045 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Users\All Users\Comodo Downloader
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Users\All Users\Comodo
    2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Program Files\COMODO
    2012-06-29 17:12 - 2012-06-29 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83A4FCB9C912E5B4
    2012-06-29 17:12 - 2009-07-13 21:13 - 00823814 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 17:10 - 2010-11-20 19:47 - 00381128 ____A C:\Windows\PFRO.log
    2012-06-29 17:09 - 2012-06-29 17:12 - 67987984 ____A (COMODO) C:\Users\Louise Harrison\Desktop\cavse_so_30day_installer_1726_5b.exe
    2012-06-29 17:05 - 2012-06-29 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC78BCC9D34F8E75
    2012-06-29 17:05 - 2012-06-29 17:05 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lebaleoz.sys
    2012-06-29 17:02 - 2012-06-29 17:02 - 60673963 ____A (COMODO) C:\Users\Louise Harrison\Downloads\cavse_so_30day_installer_1726_5b.exe.6dyfe8l.partial
    2012-06-29 17:01 - 2012-06-29 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.460B5FD422DD2E93
    2012-06-29 16:58 - 2012-06-29 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E0B69C3CAC845E7
    2012-06-29 16:58 - 2012-06-29 16:57 - 00000022 ____A C:\Users\Louise Harrison\Desktop\New Text Document.txt
    2012-06-29 16:54 - 2009-07-13 20:51 - 00065708 ____A C:\Windows\setupact.log
    2012-06-29 16:52 - 2012-06-29 16:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAF4EB12B784A6BB
    2012-06-29 16:48 - 2012-06-29 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8DF2961F77A4E67
    2012-06-29 16:44 - 2012-06-29 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6C7F1EACFFE2AF0
    2012-06-29 16:42 - 2011-12-30 07:07 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-29 16:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-29 16:40 - 2012-06-29 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D89B9125F929ACF8
    2012-06-29 16:40 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-29 16:18 - 2012-06-29 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8837CEFB84D4C286
    2012-06-29 16:12 - 2012-06-29 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F046B250849CFBF
    2012-06-29 15:54 - 2012-06-29 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.842C1A993DA927AA
    2012-06-29 14:54 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-29 14:51 - 2012-06-29 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCD6F7D6F71D021D
    2012-06-29 14:42 - 2011-04-02 12:16 - 00049152 __ASH C:\Users\Louise Harrison\Documents\Thumbs.db
    2012-06-29 14:39 - 2012-06-29 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F36D85DCD0DCF30
    2012-06-29 14:37 - 2011-12-30 07:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-28 14:39 - 2012-06-28 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09F056A3BCE95691
    2012-06-28 14:37 - 2012-06-28 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.619952600546C4DE
    2012-06-28 14:34 - 2012-06-28 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A37A7EFCDE598109
    2012-06-28 14:32 - 2012-06-28 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B853A6E58824AD57
    2012-06-28 14:29 - 2012-06-28 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F8A70FC44B1A6BA
    2012-06-28 14:26 - 2012-06-28 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95CF0711319428E5
    2012-06-28 14:24 - 2012-06-28 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA6EBEDA0921E87C
    2012-06-28 14:21 - 2012-06-28 14:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1A51A29E8EFB3BA
    2012-06-28 14:18 - 2012-06-28 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D464F7BD1182DF3A
    2012-06-28 14:15 - 2012-06-28 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAE778678F7AEFDF
    2012-06-28 14:13 - 2012-06-28 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E28C1582C033E164
    2012-06-28 14:10 - 2012-06-28 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFEF014D95C48CB9
    2012-06-28 14:08 - 2012-06-28 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BAF9FD29F7D59E0
    2012-06-28 14:05 - 2012-06-28 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCA226EB6FEE45F4
    2012-06-28 14:02 - 2012-06-28 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2ECFD87890B6ED7
    2012-06-28 13:57 - 2012-06-28 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA5CBC7A871FAA57
    2012-06-28 13:54 - 2012-06-28 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8754C745CBDB7B2
    2012-06-28 13:51 - 2012-06-28 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E9CC6B42AF128F6
    2012-06-28 13:20 - 2012-06-28 13:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA5C60C749A1F805
    2012-06-28 13:20 - 2012-06-28 13:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhilslua.sys
    2012-06-28 13:17 - 2012-06-28 13:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F01383A4F66B8C8
    2012-06-28 13:14 - 2012-06-28 13:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E4C8FC83AD7D01
    2012-06-28 13:11 - 2012-06-28 13:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54081515FB235EA7
    2012-06-28 13:07 - 2012-06-28 13:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5EDC074E00FF00B2
    2012-06-28 13:07 - 2012-06-28 13:07 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zofgdcfq.sys
    2012-06-28 13:04 - 2012-06-28 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D94E6DBAEB46548
    2012-06-28 13:01 - 2012-06-28 13:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.935F83D7CF4DAEBE
    2012-06-28 12:58 - 2012-06-28 12:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73244C40F52A2877
    2012-06-28 12:55 - 2011-10-10 00:42 - 01440549 ____A C:\Windows\WindowsUpdate.log
    2012-06-28 12:54 - 2012-06-28 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.67BC1BDA024AA377
    2012-06-27 06:51 - 2012-06-27 06:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A392777D50462EB6
    2012-06-27 06:48 - 2012-06-27 06:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A938D9F696E73D4
    2012-06-27 06:45 - 2012-06-27 06:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB4A30AC7BB57DD9
    2012-06-27 06:42 - 2012-06-27 06:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3569941D3B742DF3
    2012-06-27 06:38 - 2012-06-27 06:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.802D87CB0E711FFD
    2012-06-27 06:35 - 2012-06-27 06:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FE4BD42BBCC4467
    2012-06-27 06:32 - 2012-06-27 06:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A58968BA3532287
    2012-06-27 06:29 - 2012-06-27 06:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16D834F73219BD8F
    2012-06-27 06:26 - 2012-06-27 06:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1689453FB55D5919
    2012-06-26 12:59 - 2012-06-26 12:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.153BCB913253AE6F
    2012-06-26 12:56 - 2012-06-26 12:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FACDF0B663AAB24B
    2012-06-26 12:53 - 2012-06-26 12:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A75AEA4E64BB9DF7
    2012-06-26 12:50 - 2012-06-26 12:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661EA14D1813EF1F
    2012-06-26 12:47 - 2012-06-26 12:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A761EE4A1BC252D3
    2012-06-26 12:44 - 2012-06-26 12:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.254EB7B605EC6835
    2012-06-26 12:41 - 2012-06-26 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27CB2135CB3ECE5B
    2012-06-26 12:38 - 2012-06-26 12:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1837A0921F2EA41
    2012-06-26 12:35 - 2012-06-26 12:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40F70CF09E36F315
    2012-06-26 12:32 - 2012-06-26 12:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6508750B9D372474
    2012-06-26 12:29 - 2012-06-26 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD20340217DC29E5
    2012-06-26 12:26 - 2012-06-26 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.285A6DA76D74F81F
    2012-06-26 12:23 - 2012-06-26 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A93777E127BF682
    2012-06-26 12:20 - 2012-06-26 12:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A127EBB20331B78F
    2012-06-26 12:17 - 2012-06-26 12:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2637723A2465A9E5
    2012-06-26 12:14 - 2012-06-26 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2887A3A116217F2
    2012-06-26 12:10 - 2012-06-26 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00BC16EA868AABB6
    2012-06-26 12:07 - 2012-06-26 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFD6C7D8AF28170F
    2012-06-26 12:04 - 2012-06-26 12:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6CC65833038B093
    2012-06-26 12:00 - 2012-06-26 12:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5813E6266FC5AD22
    2012-06-26 11:53 - 2012-06-26 11:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D25C98D692EB75A1
    2012-06-26 11:50 - 2012-06-26 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0BDD9A6E47EE52D
    2012-06-26 11:46 - 2012-06-26 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D8BCBC635C6EF36
    2012-06-26 11:45 - 2012-01-11 17:04 - 00000000 __SHD C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c}
    2012-06-26 11:42 - 2012-06-26 11:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CCB2FE47EBE3D91
    2012-06-26 11:39 - 2012-06-26 11:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FE6E8A18B92E88A
    2012-06-26 11:36 - 2012-06-26 11:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27BE717A67F4AF33
    2012-06-26 11:32 - 2012-06-26 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E41BCFDA912C631
    2012-06-26 11:29 - 2012-06-26 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E343A57BC88A7798
    2012-06-26 11:24 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 11:24 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 11:21 - 2012-06-26 11:21 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-26 11:20 - 2012-06-26 11:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-26 11:20 - 2012-06-26 11:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-26 11:20 - 2012-02-09 10:26 - 00837964 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-26 11:15 - 2011-10-10 00:53 - 00000000 ____D C:\Users\All Users\Norton
    2012-06-26 11:06 - 2012-06-19 08:37 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\ActiveMovie
    2012-06-26 11:06 - 2011-12-28 16:21 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\HP
    2012-06-26 11:06 - 2011-12-28 14:35 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\Hewlett-Packard
    2012-06-26 11:06 - 2011-12-28 14:34 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\Hewlett-Packard_Company
    2012-06-26 11:05 - 2011-12-28 14:35 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\RemEngine
    2012-06-26 11:04 - 2012-06-19 09:07 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-26 11:04 - 2012-06-19 08:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Uwalu
    2012-06-26 11:04 - 2012-05-21 07:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Spotify
    2012-06-26 11:04 - 2012-03-28 18:16 - 00000000 ____D C:\Users\Louise Harrison\Documents\Mark3.2012_files
    2012-06-26 11:04 - 2011-12-28 14:37 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Skype
    2012-06-26 11:04 - 2011-12-28 14:34 - 00000000 ____D C:\users\Louise Harrison
    2012-06-26 11:04 - 2011-10-10 01:35 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-06-26 11:04 - 2011-10-10 00:53 - 00000000 ____D C:\Users\Public\Documents\YouCam
    2012-06-26 11:04 - 2011-09-10 19:07 - 00000000 ____D C:\Users\Louise Harrison\Documents\Audible
    2012-06-26 11:04 - 2011-03-16 05:50 - 00000000 ____D C:\Users\Louise Harrison\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
    2012-06-26 11:04 - 2010-09-27 18:29 - 00000000 ___RD C:\Users\Louise Harrison\Documents\Notes
    2012-06-26 11:04 - 2009-12-09 10:21 - 00000000 ____D C:\Users\Louise Harrison\Documents\divorce_questionnaire[1]
    2012-06-26 11:04 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-06-26 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-26 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-26 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-06-26 10:41 - 2012-06-19 09:08 - 00000000 ____D C:\sh4ldr
    2012-06-26 10:12 - 2012-06-26 10:12 - 00000000 ____D C:\Users\All Users\AMMYY
    2012-06-21 11:25 - 2012-01-11 13:12 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\CrashDumps
    2012-06-21 08:08 - 2012-06-21 08:08 - 00060304 ____A C:\Users\Louise Harrison\g2mdlhlpx.exe
    2012-06-21 08:08 - 2012-06-21 08:08 - 00000000 ____D C:\Program Files (x86)\Citrix
    2012-06-21 08:08 - 2011-12-29 08:29 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-06-19 10:17 - 2012-01-11 12:33 - 00001220 ____A C:\prefs.js
    2012-06-19 09:59 - 2012-06-19 08:37 - 00000000 ____D C:\Users\All Users\B7E858A7523BB7F5210D5D11B4EB2367
    2012-06-19 09:55 - 2012-06-19 09:55 - 00000000 ____D C:\Windows\pss
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-19 08:48 - 2012-06-19 08:48 - 00000061 ____A C:\Users\Louise Harrison\AppData\Roaming\mbam.context.scan
    2012-06-19 08:47 - 2012-06-19 08:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-19 08:39 - 2012-06-19 08:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Zeqeu
    2012-06-19 08:39 - 2012-06-19 08:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\Ryxyqa
    2012-06-19 08:03 - 2012-05-21 07:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\Spotify
    2012-06-17 09:19 - 2012-06-17 09:18 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{F7845D9E-8B9C-4E15-9D95-421AEF841980}
    2012-06-16 06:12 - 2012-01-12 08:28 - 00000372 ____A C:\Windows\Tasks\HPCeeScheduleForLouise Harrison.job
    2012-06-16 06:12 - 2009-07-13 20:45 - 00300136 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-15 00:08 - 2012-02-29 08:16 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-14 18:19 - 2012-01-05 08:04 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-06-11 09:56 - 2012-06-11 09:55 - 00000000 ____D C:\Users\Louise Harrison\Documents\office
    2012-06-11 09:54 - 2012-06-11 08:40 - 00000000 ____D C:\Users\Louise Harrison\Documents\Thompson
    2012-06-11 07:51 - 2012-06-11 07:51 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{B255A4BF-DB84-4F6D-96AC-77118A3CB4C7}
    2012-06-11 07:51 - 2012-06-11 07:50 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{B63F73CA-6A97-449F-AA87-7917E7F60356}
    2012-06-08 17:12 - 2012-06-08 17:12 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{93CFFC8A-3C10-4B22-815C-6AA0E75C0EF3}
    2012-06-08 17:12 - 2012-06-08 17:12 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{29397CAC-D459-418C-BDE7-B65FC27A6179}
    2012-06-07 18:36 - 2012-02-09 10:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Roaming\SoftGrid Client
    2012-06-07 18:19 - 2012-06-07 18:19 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{9B12C4FA-1BB4-40D4-A491-AF775E488A39}
    2012-06-07 18:19 - 2012-06-07 18:19 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{25CE8326-3345-4941-88E2-4C956FF24F55}
    2012-06-03 10:40 - 2012-06-03 10:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{6F13E81F-DC54-4E9D-99E1-4B3D46281E92}
    2012-06-03 10:39 - 2012-06-03 10:39 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{97528349-47EA-48AA-9797-C26C1404D2FE}
    2012-06-02 14:19 - 2012-06-21 08:18 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 08:18 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 08:18 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 08:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 08:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 08:18 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 08:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 08:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 08:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 20:38 - 2012-02-27 15:01 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-01 20:38 - 2012-02-27 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-31 14:02 - 2012-05-31 14:02 - 00014703 ____A C:\Users\Louise Harrison\Ambit Training Broch_Wristband.txt
    2012-05-31 13:59 - 2012-05-31 13:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-05-29 15:44 - 2012-05-29 15:44 - 00000136 ____A C:\Users\Louise Harrison\Downloads\womr (4).pls
    2012-05-28 15:17 - 2012-05-28 15:17 - 00001021 ____A C:\Users\Louise Harrison\Desktop\Louise OMO the early days - Shortcut.lnk
    2012-05-28 14:35 - 2012-05-28 14:35 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{E00F826A-1664-4DAD-A944-E6E96F0BED96}
    2012-05-28 14:35 - 2012-05-28 14:35 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{6C23F09A-0637-4019-B066-8B233C209175}
    2012-05-28 14:35 - 2011-12-28 19:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\Windows Live
    2012-05-21 07:26 - 2012-05-21 07:26 - 00001861 ____A C:\Users\Louise Harrison\Desktop\Spotify.lnk
    2012-05-21 07:26 - 2012-02-29 07:13 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\Deployment
    2012-05-21 07:05 - 2012-05-21 07:00 - 00000000 ____D C:\Users\Louise Harrison\Desktop\Bens Graduation
    2012-05-19 17:58 - 2012-05-19 17:57 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{A26A6ECF-A0E2-4FC7-889B-3BAFA0607AC0}
    2012-05-19 17:57 - 2012-05-19 17:57 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{A347CEB3-BBBF-4797-9008-D5AF42715867}
    2012-05-17 18:47 - 2012-06-15 00:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-15 00:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-15 00:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-15 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-15 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-15 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-15 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-15 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:56 - 2012-05-17 17:56 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{FC8163A7-F86F-4F7B-94BF-2A270826DB6A}
    2012-05-17 17:56 - 2012-05-17 17:56 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{57D7F129-E3D3-4333-A1D6-E91A32C4925E}
    2012-05-17 17:55 - 2012-06-15 00:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-15 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-15 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-15 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-15 00:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-15 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 17:42 - 2012-05-17 17:41 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{860EFAA4-40A5-4648-A013-155F8FA544B9}
    2012-05-17 17:41 - 2012-05-17 17:41 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{DB52F6D3-CC25-4364-992B-AD65E46292E9}
    2012-05-17 15:11 - 2012-06-15 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-15 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-15 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-15 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-15 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-15 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-15 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-15 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-15 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-15 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-15 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-15 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-15 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-15 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 15:46 - 2012-05-15 15:46 - 00000136 ____A C:\Users\Louise Harrison\Downloads\womr (3).pls
    2012-05-15 15:46 - 2012-05-15 15:46 - 00000136 ____A C:\Users\Louise Harrison\Downloads\womr (2).pls
    2012-05-14 19:06 - 2012-05-14 19:06 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{5A8CD576-1738-40F9-9CF8-F3A1CCC35293}
    2012-05-14 19:06 - 2012-05-14 19:05 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{4E71D697-AF86-4CBF-BA54-128196D6A167}
    2012-05-14 19:02 - 2012-05-14 19:02 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{99777036-0477-4495-B6FA-937AB5EA8672}
    2012-05-14 19:02 - 2012-05-14 19:02 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{34FBD70B-4CE5-4916-A222-11682A6CC342}
    2012-05-14 17:32 - 2012-06-13 14:38 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 07:28 - 2012-05-14 07:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-14 07:28 - 2012-05-14 07:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 11:47 - 2012-05-12 11:47 - 00000018 ____A C:\Users\All Users\ready4fall2011breadcrumb
    2012-05-10 05:24 - 2012-05-10 05:23 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{970B8A57-EB0A-449C-99C8-120477C3A9CD}
    2012-05-10 05:23 - 2012-05-10 05:23 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{4B8B93CF-4358-495D-912C-DDC60B3AD4CA}
    2012-05-09 12:34 - 2012-05-10 06:22 - 73681358 ____A C:\Users\Louise Harrison\Documents\CookwaterRoom (5).MOV
    2012-05-08 15:06 - 2012-05-08 15:06 - 00000082 ____A C:\Users\Louise Harrison\Downloads\womr (4).m3u
    2012-05-08 15:05 - 2012-05-08 15:05 - 00000136 ____A C:\Users\Louise Harrison\Downloads\womr (1).pls
    2012-05-06 05:07 - 2012-05-03 17:29 - 00000000 ____D C:\Users\Louise Harrison\Documents\Business-in-a-Box Files
    2012-05-04 03:06 - 2012-06-13 14:38 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 14:38 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 14:38 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 17:29 - 2012-05-03 17:29 - 00000000 ____A C:\Users\Louise Harrison\AppData\Roaming\bibstats
    2012-05-03 17:28 - 2012-05-03 17:28 - 00001133 ____A C:\Users\Public\Desktop\Business-in-a-Box.lnk
    2012-05-03 17:28 - 2012-05-03 17:27 - 00000000 ____D C:\Program Files (x86)\Business-in-a-Box
    2012-05-02 15:33 - 2012-05-02 15:33 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{E5FE9064-0CB0-46FA-B910-F0FEBF4BC4A5}
    2012-05-02 15:33 - 2012-05-02 15:33 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{05481AAD-529F-4C8A-B773-A5287F07C509}
    2012-05-01 17:26 - 2012-05-01 17:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{E65DB9D6-91BB-4753-BCDD-E067A70AFA83}
    2012-05-01 17:26 - 2012-05-01 17:26 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{13F5431E-0177-4786-9792-618F8C0857F9}
    2012-04-30 21:40 - 2012-06-13 14:38 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 14:09 - 2011-12-28 14:37 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-04-30 14:09 - 2011-12-28 14:37 - 00000000 ____D C:\Users\All Users\Skype
    2012-04-27 19:55 - 2012-06-13 14:38 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 04:45 - 2012-04-27 04:45 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{AB9543FF-8AB0-478E-AFEF-63786691DBC2}
    2012-04-26 05:57 - 2012-04-26 05:57 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{D330BE26-0C9D-4339-8798-655F0D4F978A}
    2012-04-26 05:57 - 2012-04-26 05:57 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{48A63C5D-AFAF-42E8-B270-C67AE4093E0A}
    2012-04-25 21:41 - 2012-06-13 14:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 14:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 14:38 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 14:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 14:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 14:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 14:37 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 14:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 14:37 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-17 06:35 - 2012-04-17 06:35 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\SupportSoft
    2012-04-15 07:10 - 2012-04-15 07:10 - 00000000 ____D C:\Program Files (x86)\TelevisionFanatic
    2012-04-14 13:56 - 2012-04-14 13:56 - 00000000 ____D C:\Users\All Users\Symantec
    2012-04-10 15:44 - 2012-04-10 15:44 - 00000000 ____D C:\Users\Louise Harrison\AppData\Local\{6BC42133-473E-4A0D-BF49-9225A94BE6C4}
    2012-04-07 13:45 - 2011-12-30 06:41 - 00108032 __ASH C:\Users\Louise Harrison\Downloads\Thumbs.db
    2012-04-07 13:29 - 2012-03-24 14:04 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-04-07 13:28 - 2012-03-24 14:04 - 00000000 ____D C:\Program Files (x86)\Safari
    2012-04-07 13:27 - 2012-04-07 13:27 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-04-07 13:27 - 2012-04-07 13:26 - 00000000 ____D C:\Program Files\iTunes
    2012-04-07 13:27 - 2012-03-14 16:22 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-04-07 13:26 - 2012-04-07 13:26 - 00000000 ____D C:\Program Files\iPod
    2012-04-07 04:31 - 2012-06-13 14:38 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 14:38 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-04 11:56 - 2012-02-27 15:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    ZeroAccess:
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\@
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\L
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\n
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\U
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\U\00000001.@
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\U\80000000.@
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c}\U\800000cb.@

    ZeroAccess:
    C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c}
    C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c}\@
    C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c}\L
    C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 5282.5 MB
    Total Pagefile: 6090.01 MB
    Available Pagefile: 5268.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:571.06 GB) (Free:400.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:20.95 GB) (Free:2.26 GB) NTFS
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
    4 Drive g: () (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
    5 Drive h: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 488 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 571 GB 200 MB
    Partition 3 Primary 20 GB 571 GB
    Partition 4 Primary 4063 MB 592 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 571 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 20 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 116 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT Removable 488 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-18 15:51

    ======================= End Of Log ==========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  8. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    im not sure what you mean by that do I restart and hit f8 again ? or is it in the windows already open
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Follow very steps you did to create FRST log but this time instead of pressing "Scan" button...

    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  10. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-06-29 14:54] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    See if you can boot normally.

    If so....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  12. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    ComboFix 12-06-28.03 - Louise Harrison 06/29/2012 23:43:46.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4131 [GMT -4:00]
    Running from: G:\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\program files (x86)\Brand Affinity Technologies
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_gi20111005.crx
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_gi20111005.xpi
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
    c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
    c:\program files (x86)\TelevisionFanatic
    c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
    c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
    c:\programdata\AMMYY
    c:\programdata\AMMYY\hr
    c:\programdata\AMMYY\hr3
    c:\programdata\AMMYY\settings3.bin
    c:\programdata\Roaming
    c:\users\Louise Harrison\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
    c:\users\Louise Harrison\AppData\Roaming\Uwalu
    c:\users\Louise Harrison\AppData\Roaming\Uwalu\laecb.exe
    c:\users\Louise Harrison\Documents\ShopToWin
    c:\users\Louise Harrison\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_FTSvc
    -------\Service_FTSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-30 07:03 . 2012-06-30 07:04--------d-----w-C:\FRST
    2012-06-30 03:51 . 2012-06-30 03:5169000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59B8F454-C859-413C-9E7A-D0406B85E780}\offreg.dll
    2012-06-30 03:49 . 2012-06-30 03:49--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-30 03:37 . 2012-06-30 03:37--------d-----w-c:\programdata\CPA_VA
    2012-06-30 01:16 . 2012-06-30 01:16--------d-----w-c:\programdata\Comodo
    2012-06-30 01:16 . 2012-06-30 01:16--------d-----w-c:\program files\COMODO
    2012-06-30 01:16 . 2012-06-30 01:161700352----a-w-c:\windows\SysWow64\gdiplus.dll
    2012-06-30 01:16 . 2012-06-30 01:16--------d-----w-c:\programdata\Comodo Downloader
    2012-06-26 19:23 . 2012-06-26 19:23927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FAB8069-01DE-4080-88F3-69E53611EAD7}\gapaengine.dll
    2012-06-26 19:23 . 2012-05-31 01:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59B8F454-C859-413C-9E7A-D0406B85E780}\mpengine.dll
    2012-06-26 19:20 . 2012-06-26 19:20--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-26 19:20 . 2012-06-26 19:20--------d-----w-c:\program files\Microsoft Security Client
    2012-06-21 16:18 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 16:18 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 16:18 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 16:18 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 16:17 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 16:17 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 16:17 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 16:15 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 16:15 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-21 16:08 . 2012-06-21 16:08--------d-----w-c:\program files (x86)\Citrix
    2012-06-19 17:08 . 2012-06-26 18:41--------d-----w-C:\sh4ldr
    2012-06-19 17:08 . 2012-06-19 17:08--------d-----w-c:\program files\Enigma Software Group
    2012-06-19 17:07 . 2012-06-26 19:04--------d-----w-c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-19 17:07 . 2012-06-19 17:07--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-06-19 16:47 . 2012-06-19 16:47--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-19 16:39 . 2012-06-19 16:39--------d-----w-c:\users\Louise Harrison\AppData\Roaming\Ryxyqa
    2012-06-19 16:39 . 2012-06-19 16:39--------d-----w-c:\users\Louise Harrison\AppData\Roaming\Zeqeu
    2012-06-19 16:37 . 2012-06-26 19:06--------d-----w-c:\users\Louise Harrison\AppData\Local\ActiveMovie
    2012-06-19 16:37 . 2012-06-19 17:59--------d-----w-c:\programdata\B7E858A7523BB7F5210D5D11B4EB2367
    2012-06-15 08:03 . 2012-05-18 01:512382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-15 08:03 . 2012-05-17 22:242382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-06-13 22:38 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 22:38 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 22:38 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 22:38 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 22:38 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:38 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:38 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 22:38 . 2012-05-15 01:323146752----a-w-c:\windows\system32\win32k.sys
    2012-06-13 22:38 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 22:38 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
    2012-06-13 22:38 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 22:37 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 22:37 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 22:37 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 22:37 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 22:37 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 22:37 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-31 04:04 . 2012-06-19 16:159013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B94F6F9-7205-4442-B457-AD852437C7FB}\mpengine.dll
    2012-05-14 16:32 . 2012-02-08 15:21737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-05-14 16:31 . 2012-02-08 15:204283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-05-14 16:31 . 2012-02-08 15:2042776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-05-14 16:31 . 2012-02-08 15:20539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-04 19:56 . 2012-02-27 23:0124904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2011-08-24 23:211299248----a-r-c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-08-18 81920]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 428384]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-08-18 18432]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 61913952]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-11-07 135608]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 15:07]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 15:07]
    .
    2012-06-16 c:\windows\Tasks\HPCeeScheduleForLouise Harrison.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF18011.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh01312012
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
    ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
    "{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
    cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
    59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
    81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
    cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{D5233FCD-D258-4903-89B8-FB1568E7413D}"=hex:51,66,7a,6c,4c,1d,38,12,a3,3c,30,
    d1,6a,9c,6d,0c,f6,ae,b8,55,6d,b9,05,29
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
    ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:d0,0b,72,75,aa,8a,ca,01
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariDownload"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariExtension"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (S-1-5-21-3022193129-1531451862-1410500458-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-29 23:57:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-30 03:57
    .
    Pre-Run: 440,706,834,432 bytes free
    Post-Run: 442,944,483,328 bytes free
    .
    - - End Of File - - EA66734FF5A2A9BC6ECD8BEB5009ACCB
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You didn't follow.

    I need to see Fixlog.txt log.
     
  14. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-06-2012 02
    Ran by SYSTEM at 2012-06-29 23:31:18 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.6DD3E8065F14F9FF moved successfully.
    C:\Windows\System32\Drivers\czowewgu.sys moved successfully.
    C:\Windows\System32\services.exe.83A4FCB9C912E5B4 moved successfully.
    C:\Windows\System32\services.exe.FC78BCC9D34F8E75 moved successfully.
    C:\Windows\System32\Drivers\lebaleoz.sys moved successfully.
    C:\Windows\System32\services.exe.460B5FD422DD2E93 moved successfully.
    C:\Windows\System32\services.exe.4E0B69C3CAC845E7 moved successfully.
    C:\Windows\System32\services.exe.DAF4EB12B784A6BB moved successfully.
    C:\Windows\System32\services.exe.E8DF2961F77A4E67 moved successfully.
    C:\Windows\System32\services.exe.A6C7F1EACFFE2AF0 moved successfully.
    C:\Windows\System32\services.exe.D89B9125F929ACF8 moved successfully.
    C:\Windows\System32\services.exe.8837CEFB84D4C286 moved successfully.
    C:\Windows\System32\services.exe.0F046B250849CFBF moved successfully.
    C:\Windows\System32\services.exe.842C1A993DA927AA moved successfully.
    C:\Windows\System32\services.exe.FCD6F7D6F71D021D moved successfully.
    C:\Windows\System32\services.exe.2F36D85DCD0DCF30 moved successfully.
    C:\Windows\System32\services.exe.09F056A3BCE95691 moved successfully.
    C:\Windows\System32\services.exe.619952600546C4DE moved successfully.
    C:\Windows\System32\services.exe.A37A7EFCDE598109 moved successfully.
    C:\Windows\System32\services.exe.B853A6E58824AD57 moved successfully.
    C:\Windows\System32\services.exe.9F8A70FC44B1A6BA moved successfully.
    C:\Windows\System32\services.exe.95CF0711319428E5 moved successfully.
    C:\Windows\System32\services.exe.EA6EBEDA0921E87C moved successfully.
    C:\Windows\System32\services.exe.C1A51A29E8EFB3BA moved successfully.
    C:\Windows\System32\services.exe.D464F7BD1182DF3A moved successfully.
    C:\Windows\System32\services.exe.CAE778678F7AEFDF moved successfully.
    C:\Windows\System32\services.exe.E28C1582C033E164 moved successfully.
    C:\Windows\System32\services.exe.DFEF014D95C48CB9 moved successfully.
    C:\Windows\System32\services.exe.6BAF9FD29F7D59E0 moved successfully.
    C:\Windows\System32\services.exe.FCA226EB6FEE45F4 moved successfully.
    C:\Windows\System32\services.exe.E2ECFD87890B6ED7 moved successfully.
    C:\Windows\System32\services.exe.EA5CBC7A871FAA57 moved successfully.
    C:\Windows\System32\services.exe.B8754C745CBDB7B2 moved successfully.
    C:\Windows\System32\services.exe.1E9CC6B42AF128F6 moved successfully.
    C:\Windows\System32\services.exe.FA5C60C749A1F805 moved successfully.
    C:\Windows\System32\Drivers\bhilslua.sys moved successfully.
    C:\Windows\System32\services.exe.4F01383A4F66B8C8 moved successfully.
    C:\Windows\System32\services.exe.85E4C8FC83AD7D01 moved successfully.
    C:\Windows\System32\services.exe.54081515FB235EA7 moved successfully.
    C:\Windows\System32\services.exe.5EDC074E00FF00B2 moved successfully.
    C:\Windows\System32\Drivers\zofgdcfq.sys moved successfully.
    C:\Windows\System32\services.exe.9D94E6DBAEB46548 moved successfully.
    C:\Windows\System32\services.exe.935F83D7CF4DAEBE moved successfully.
    C:\Windows\System32\services.exe.73244C40F52A2877 moved successfully.
    C:\Windows\System32\services.exe.67BC1BDA024AA377 moved successfully.
    C:\Windows\System32\services.exe.A392777D50462EB6 moved successfully.
    C:\Windows\System32\services.exe.8A938D9F696E73D4 moved successfully.
    C:\Windows\System32\services.exe.FB4A30AC7BB57DD9 moved successfully.
    C:\Windows\System32\services.exe.3569941D3B742DF3 moved successfully.
    C:\Windows\System32\services.exe.802D87CB0E711FFD moved successfully.
    C:\Windows\System32\services.exe.9FE4BD42BBCC4467 moved successfully.
    C:\Windows\System32\services.exe.2A58968BA3532287 moved successfully.
    C:\Windows\System32\services.exe.16D834F73219BD8F moved successfully.
    C:\Windows\System32\services.exe.1689453FB55D5919 moved successfully.
    C:\Windows\System32\services.exe.153BCB913253AE6F moved successfully.
    C:\Windows\System32\services.exe.FACDF0B663AAB24B moved successfully.
    C:\Windows\System32\services.exe.A75AEA4E64BB9DF7 moved successfully.
    C:\Windows\System32\services.exe.661EA14D1813EF1F moved successfully.
    C:\Windows\System32\services.exe.A761EE4A1BC252D3 moved successfully.
    C:\Windows\System32\services.exe.254EB7B605EC6835 moved successfully.
    C:\Windows\System32\services.exe.27CB2135CB3ECE5B moved successfully.
    C:\Windows\System32\services.exe.C1837A0921F2EA41 moved successfully.
    C:\Windows\System32\services.exe.40F70CF09E36F315 moved successfully.
    C:\Windows\System32\services.exe.6508750B9D372474 moved successfully.
    C:\Windows\System32\services.exe.FD20340217DC29E5 moved successfully.
    C:\Windows\System32\services.exe.285A6DA76D74F81F moved successfully.
    C:\Windows\System32\services.exe.0A93777E127BF682 moved successfully.
    C:\Windows\System32\services.exe.A127EBB20331B78F moved successfully.
    C:\Windows\System32\services.exe.2637723A2465A9E5 moved successfully.
    C:\Windows\System32\services.exe.E2887A3A116217F2 moved successfully.
    C:\Windows\System32\services.exe.00BC16EA868AABB6 moved successfully.
    C:\Windows\System32\services.exe.AFD6C7D8AF28170F moved successfully.
    C:\Windows\System32\services.exe.A6CC65833038B093 moved successfully.
    C:\Windows\System32\services.exe.5813E6266FC5AD22 moved successfully.
    C:\Windows\System32\services.exe.D25C98D692EB75A1 moved successfully.
    C:\Windows\System32\services.exe.F0BDD9A6E47EE52D moved successfully.
    C:\Windows\System32\services.exe.1D8BCBC635C6EF36 moved successfully.
    C:\Windows\System32\services.exe.0CCB2FE47EBE3D91 moved successfully.
    C:\Windows\System32\services.exe.0FE6E8A18B92E88A moved successfully.
    C:\Windows\System32\services.exe.27BE717A67F4AF33 moved successfully.
    C:\Windows\System32\services.exe.7E41BCFDA912C631 moved successfully.
    C:\Windows\System32\services.exe.E343A57BC88A7798 moved successfully.
    C:\Windows\Installer\{2b481a6c-901c-00af-0385-a5f94298234c} moved successfully.
    C:\Users\Louise Harrison\AppData\Local\{2b481a6c-901c-00af-0385-a5f94298234c} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    How is computer doing?

    ========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    its not restarting anymore but I put the MBAM on the flash drive and onto the other comp it says illegal operation attempted on a registry key that has been marked for deletion and when I tried to use internet explorer to re download it says the same thing safari also
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's because you don't pay attention:
     
  18. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.29.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Louise Harrison :: LOUISEHARRISON [administrator]

    6/30/2012 12:30:39 AM
    mbam-log-2012-06-30 (00-30-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208617
    Time elapsed: 3 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  19. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 6/30/2012 12:39:53 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = G:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.95 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 70.14% Memory free
    11.90 Gb Paging File | 10.02 Gb Available in Paging File | 84.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 571.06 Gb Total Space | 412.32 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
    Drive D: | 20.95 Gb Total Space | 2.26 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32
    Drive F: | 166.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 488.00 Mb Total Space | 467.97 Mb Free Space | 95.90% Space Free | Partition Type: FAT

    Computer Name: LOUISEHARRISON | User Name: Louise Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/30 00:13:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
    PRC - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/08/25 06:30:52 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/08/25 06:30:34 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/08/25 06:30:08 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2011/08/18 02:10:09 | 000,018,432 | ---- | M] (Microsoft) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
    PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/05/21 19:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/04/30 04:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/04/08 15:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/12/02 22:03:02 | 000,251,832 | ---- | M] (arvato digital services llc) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/11/23 06:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2011/05/27 15:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/05/27 14:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/05/02 17:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2011/05/02 17:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/05/02 17:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/25 06:30:52 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/08/18 02:18:12 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (Sage ACT! Scheduler)
    SRV - [2011/08/18 02:10:09 | 000,018,432 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe -- (ActService)
    SRV - [2011/06/21 18:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/21 19:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/04/30 04:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/04/08 15:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
    SRV - [2010/12/02 22:03:02 | 000,251,832 | ---- | M] (arvato digital services llc) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/16 21:12:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/16 21:12:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/05/27 15:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/05/27 14:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/27 14:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/17 12:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/05/17 12:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/05/01 17:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2011/04/26 15:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/04/15 15:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/24 20:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/03/23 14:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/15 01:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
    DRV:64bit: - [2011/02/22 07:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
    DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{414DFA41-C24A-4EFB-88B2-EE2913F51CD1}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{414DFA41-C24A-4EFB-88B2-EE2913F51CD1}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/myweb...2517&st=sb&n=77eda335&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh01312012
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes,DefaultScope = {6B369A30-3DA2-44C0-B6AA-62EA8B41789A}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{414DFA41-C24A-4EFB-88B2-EE2913F51CD1}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACAW_enUS350US351
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{6B369A30-3DA2-44C0-B6AA-62EA8B41789A}: "URL" = http://search.yahoo.com/search?type=61107&fr=freecause&ei=utf-8&p={searchTerms}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/myweb...1511&st=sb&n=77ed5127&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{BD5AA9FA-B62F-48E6-BB46-21BF09D70203}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=84B2B7A1-2C33-437B-A66D-94D9439DD413
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


    [2012/01/11 16:33:47 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

    ========== Chrome ==========

    CHR - default_search_provider: facemoods (Enabled)
    CHR - default_search_provider: search_url = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Google Search = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Website Logon = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\
    CHR - Extension: Facemoods = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\
    CHR - Extension: Fantapper = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
    CHR - Extension: Gmail = C:\Users\Louise Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
     
  20. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    O1 HOSTS File: ([2012/06/29 23:52:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/event/ieatgpc1.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0273B6A-7856-49F0-A43B-88108262E387}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19CB11C-B235-4C0A-A60D-B6A5965141F5}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/18 13:43:32 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/30 03:03:22 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/29 23:57:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/29 23:52:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/29 23:40:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/29 23:40:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/29 23:40:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/29 23:39:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/29 23:39:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/29 23:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/06/29 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2012/06/29 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/06/29 21:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/06/29 21:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2012/06/29 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2012/06/26 15:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/26 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/21 12:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2012/06/19 13:55:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/06/19 13:08:41 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/06/19 13:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/06/19 13:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/06/19 12:47:36 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/19 12:39:12 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Roaming\Zeqeu
    [2012/06/19 12:39:12 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Roaming\Ryxyqa
    [2012/06/19 12:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A7523BB7F5210D5D11B4EB2367
    [2012/06/19 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\ActiveMovie
    [2012/06/17 13:18:53 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{F7845D9E-8B9C-4E15-9D95-421AEF841980}
    [2012/06/11 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\Documents\office
    [2012/06/11 12:40:40 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\Documents\Thompson
    [2012/06/11 11:51:22 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{B255A4BF-DB84-4F6D-96AC-77118A3CB4C7}
    [2012/06/11 11:50:56 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{B63F73CA-6A97-449F-AA87-7917E7F60356}
    [2012/06/08 21:12:32 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{93CFFC8A-3C10-4B22-815C-6AA0E75C0EF3}
    [2012/06/08 21:12:22 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{29397CAC-D459-418C-BDE7-B65FC27A6179}
    [2012/06/07 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{25CE8326-3345-4941-88E2-4C956FF24F55}
    [2012/06/07 22:19:33 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{9B12C4FA-1BB4-40D4-A491-AF775E488A39}
    [2012/06/03 14:39:58 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{6F13E81F-DC54-4E9D-99E1-4B3D46281E92}
    [2012/06/03 14:39:48 | 000,000,000 | ---D | C] -- C:\Users\Louise Harrison\AppData\Local\{97528349-47EA-48AA-9797-C26C1404D2FE}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/30 00:43:30 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/30 00:43:30 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/30 00:41:38 | 000,823,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/30 00:41:38 | 000,693,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/30 00:41:38 | 000,132,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/30 00:35:57 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 00:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/30 00:35:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/30 00:30:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/30 00:25:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/29 23:52:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/29 23:36:41 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2012/06/29 21:16:16 | 000,001,069 | ---- | M] () -- C:\Users\Louise Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/06/26 15:21:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/26 15:20:50 | 000,837,964 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/19 12:48:36 | 000,000,061 | ---- | M] () -- C:\Users\Louise Harrison\AppData\Roaming\mbam.context.scan
    [2012/06/16 10:12:32 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLouise Harrison.job
    [2012/06/16 10:12:27 | 000,300,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/31 17:59:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/29 23:40:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/29 23:40:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/29 23:40:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/29 23:40:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/29 23:40:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/29 21:16:16 | 000,001,069 | ---- | C] () -- C:\Users\Louise Harrison\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/06/29 21:16:16 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2012/06/26 15:21:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/06/26 15:20:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/19 12:48:16 | 000,000,061 | ---- | C] () -- C:\Users\Louise Harrison\AppData\Roaming\mbam.context.scan
    [2012/05/31 17:59:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/05/12 15:47:17 | 000,000,018 | ---- | C] () -- C:\ProgramData\ready4fall2011breadcrumb
    [2012/05/03 21:29:53 | 000,000,000 | ---- | C] () -- C:\Users\Louise Harrison\AppData\Roaming\bibstats
    [2012/02/16 10:49:33 | 000,036,500 | ---- | C] () -- C:\Users\Louise Harrison\FEB2012download-worksheet.pdf
    [2012/02/09 14:26:16 | 000,837,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/18 01:42:42 | 000,266,327 | ---- | C] () -- C:\Windows\SysWow64\ADErrorHandling.dll
    [2011/05/13 10:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/04/15 15:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/15 15:05:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/15 15:05:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/15 14:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/04/15 14:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

    ========== LOP Check ==========

    [2012/03/19 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\ACT
    [2012/03/01 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/03/19 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\IsolatedStorage
    [2012/02/29 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\OpenOffice.org
    [2012/06/19 12:39:38 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\Ryxyqa
    [2012/06/07 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\SoftGrid Client
    [2012/06/26 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\Spotify
    [2012/03/22 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\supportdotcom
    [2011/12/28 20:12:51 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\Template
    [2012/02/09 14:27:03 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\TP
    [2012/03/01 14:12:57 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\webex
    [2012/01/23 00:48:50 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\Windows Live Writer
    [2012/06/19 12:39:12 | 000,000,000 | ---D | M] -- C:\Users\Louise Harrison\AppData\Roaming\Zeqeu
    [2012/06/29 20:40:24 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2012/06/29 23:57:53 | 000,028,430 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/30 00:35:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/30 00:35:31 | 2092,810,239 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 05:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/28 19:57:34 | 000,000,221 | -HS- | M] () -- C:\Users\Louise Harrison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/30 00:35:57 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 00:25:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/16 10:12:32 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLouise Harrison.job
    [2012/06/30 00:35:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/29 20:40:24 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 10:23:29 | 000,000,402 | -HS- | M] () -- C:\Users\Louise Harrison\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/05/12 15:47:17 | 000,000,018 | ---- | M] () -- C:\ProgramData\ready4fall2011breadcrumb

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >

    < End of report >
     
  21. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 6/30/2012 12:39:54 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = G:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.95 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 70.14% Memory free
    11.90 Gb Paging File | 10.02 Gb Available in Paging File | 84.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 571.06 Gb Total Space | 412.32 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
    Drive D: | 20.95 Gb Total Space | 2.26 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.33% Space Free | Partition Type: FAT32
    Drive F: | 166.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 488.00 Mb Total Space | 467.97 Mb Free Space | 95.90% Space Free | Partition Type: FAT

    Computer Name: LOUISEHARRISON | User Name: Louise Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "ProInst" = Intel PROSet Wireless

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}" = HP CoolSense
    "{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F097A8C-3A20-46C8-B4B5-C77B5905F299}" = Sage ACT! Pro 2012
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84BD11C9-3AC8-4845-AFB3-39A551618820}" = HP Documentation
    "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
    "{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9584B2EF-99BE-41A5-8AF0-779B92E1C015}" = Fantapper Player
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
    "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CD104A82-D92A-484B-90F9-4CA044315DEC}" = UpdateMyDrivers
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Adobe AIR" = Adobe AIR
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Business-in-a-Box" = Business-in-a-Box
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{3F097A8C-3A20-46C8-B4B5-C77B5905F299}" = Sage ACT! Pro 2012
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "NortonPCCheckup" = Norton PC Checkup
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PremElem90" = Adobe Premiere Elements 9
    "ProInst" = Intel PROSet Wireless
    "UpdateMyDrivers" = UpdateMyDrivers
    "VIP Access SDK" = VIP Access SDK (1.0.1.2)
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0e8ff0c7-ca6a-4d31-8639-789445718164" = Namco All-Stars: PAC-MAN
    "WTA-10566017-cd01-4bf0-a124-337258adef02" = Penguins!
    "WTA-181ca089-98ae-4450-be6a-58e52566cf05" = Polar Bowler
    "WTA-18c75659-05d4-4e8b-994c-0562a5ffb4ec" = Slingo Supreme
    "WTA-2244a2d0-028a-4b04-8fc9-5407513bc9ff" = Blackhawk Striker 2
    "WTA-33960a03-9e6e-429e-9d17-a3fc9320c661" = Virtual Villagers 5 - New Believers
    "WTA-3cbf4972-291d-458c-bf49-337e01cab90e" = Cradle of Rome 2
    "WTA-3d670cc5-49ed-4d85-baf1-fc4557339825" = Zuma Deluxe
    "WTA-4b57c776-58a8-4124-8ac3-9f0e44f7e03f" = Mah Jong Medley
    "WTA-518a232d-7753-4097-a1bc-9aad03d82377" = FATE
    "WTA-543921b7-c25a-4138-8cb8-436f8b9b6126" = Blasterball 3
    "WTA-8620463d-999d-477a-93e8-2abfc07af81b" = Polar Golfer
    "WTA-8a166264-de52-4ffc-91fa-058e4be1456c" = Farm Frenzy
    "WTA-8a5bd42e-d373-491f-8018-98b7c07280f4" = Agatha Christie - Peril at End House
    "WTA-8d67b7b6-b186-4dd1-9c0f-b4c8f1e28b33" = Chronicles of Albian
    "WTA-b303e6d6-6fdd-4b85-ad88-aab028c9dd1b" = Bejeweled 3
    "WTA-b4cff506-bb7c-4430-873a-76083bcbae88" = Poker Superstars III
    "WTA-bd0fb968-23d9-4f68-a899-ca9a0e43f045" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-c24e9cbd-807b-4971-a278-ca50310f57ba" = Governor of Poker 2 Premium Edition
    "WTA-c85b449a-c61f-4647-990d-5910a375aa32" = Plants vs. Zombies - Game of the Year
    "WTA-d22d854b-f075-4982-983f-eca238c484d0" = Chuzzle Deluxe
    "WTA-de419e91-4fe4-4d61-8a79-4e57853135f5" = Mystery of Mortlake Mansion
    "WTA-e9770e01-29cd-4776-938a-f17a3a841876" = Vacation Quest - The Hawaiian Islands
    "WTA-ec493081-b136-4965-b3c0-0516b0497317" = Bounce Symphony
    "WTA-f19f5e34-1a56-43f1-95b9-3c15e16e2d57" = Cake Mania

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "2f8d25aeed0b3ae4" = Sage Download Manager
    "GoToMeeting" = GoToMeeting 5.2.0.952
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/28/2012 6:23:15 PM | Computer Name = LouiseHarrison | Source = Sage ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 6/28/2012 6:23:19 PM | Computer Name = LouiseHarrison | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2012 6:25:50 PM | Computer Name = LouiseHarrison | Source = Sage ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 6/28/2012 6:25:56 PM | Computer Name = LouiseHarrison | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2012 6:28:27 PM | Computer Name = LouiseHarrison | Source = Sage ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 6/28/2012 6:28:32 PM | Computer Name = LouiseHarrison | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2012 6:31:09 PM | Computer Name = LouiseHarrison | Source = Sage ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 6/28/2012 6:31:13 PM | Computer Name = LouiseHarrison | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2012 6:33:55 PM | Computer Name = LouiseHarrison | Source = Sage ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 6/28/2012 6:33:59 PM | Computer Name = LouiseHarrison | Source = WinMgmt | ID = 10
    Description =

    [ Hewlett-Packard Events ]
    Error - 2/9/2012 12:43:34 PM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    Error - 2/17/2012 10:29:39 AM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    Error - 3/1/2012 1:16:37 PM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    Error - 3/18/2012 9:13:52 AM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/19/2012 2:40:33 PM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/3/2012 5:39:37 PM | Computer Name = LouiseHarrison | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/58180eeb_112a_4410_8c55_66536e374f39/lqrwyfmlp__vyg1lgwang0sz_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 6091 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

    Error - 5/3/2012 5:40:27 PM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 6091 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 5/3/2012 5:40:47 PM | Computer Name = LouiseHarrison | Source = HPSF.exe | ID = 4000
    Description =

    [ Media Center Events ]
    Error - 5/22/2012 10:52:50 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 10:52:50 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 11:52:57 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 11:52:57 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 8:58:54 PM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 8:58:54 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/23/2012 12:18:23 PM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 12:18:21 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/26/2012 10:06:08 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 10:06:08 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/26/2012 8:47:26 PM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 8:47:26 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/27/2012 10:27:48 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 10:27:48 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 6/24/2012 10:02:29 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 10:02:29 AM - Error connecting to the internet. 10:02:29 AM - Unable
    to contact server..

    Error - 6/24/2012 10:03:05 AM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 10:02:35 AM - Error connecting to the internet. 10:02:35 AM - Unable
    to contact server..

    Error - 6/29/2012 11:47:30 PM | Computer Name = LouiseHarrison | Source = MCUpdate | ID = 0
    Description = 11:45:18 PM - Error connecting to the internet. 11:45:18 PM - Unable
    to contact server..

    [ System Events ]
    Error - 6/28/2012 6:32:06 PM | Computer Name = LouiseHarrison | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285
    Name:
    Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:572
    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM
    Process
    Name: C:\Windows\system32\services.exe Action: %%809 Action Status: No additional
    actions required Error Code: 0x800704ec Error description: This program is blocked
    by group policy. For more information, contact your system administrator. Signature
    Version: AV: 1.129.483.0, AS: 1.129.483.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0,
    NIS: 2.0.8001.0

    Error - 6/28/2012 6:33:38 PM | Computer Name = LouiseHarrison | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:31:38 PM on ?6/?28/?2012 was unexpected.

    Error - 6/28/2012 6:33:46 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 6/28/2012 6:33:50 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 6/28/2012 6:33:51 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 6/28/2012 6:34:42 PM | Computer Name = LouiseHarrison | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285
    Name:
    Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:588
    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM
    Process
    Name: C:\Windows\system32\services.exe Action: %%809 Action Status: No additional
    actions required Error Code: 0x800704ec Error description: This program is blocked
    by group policy. For more information, contact your system administrator. Signature
    Version: AV: 1.129.483.0, AS: 1.129.483.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0,
    NIS: 2.0.8001.0

    Error - 6/28/2012 6:36:12 PM | Computer Name = LouiseHarrison | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:34:29 PM on ?6/?28/?2012 was unexpected.

    Error - 6/28/2012 6:36:22 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 6/28/2012 6:36:26 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 6/28/2012 6:36:28 PM | Computer Name = LouiseHarrison | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I can see three security tools running, MSE, Norton and Comodo.
    What's the situation there?


    =============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
      IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.\
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
      O3 - HKU\S-1-5-21-3022193129-1531451862-1410500458-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  23. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    MSE I have real time shut off and I was not aware the others are running should I disable before doing otl and if so how do I ?
     
  24. W0ox22

    W0ox22 TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Service esgiguard stopped successfully!
    Service esgiguard deleted successfully!
    File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3022193129-1531451862-1410500458-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Louise Harrison
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 915710768 bytes
    ->Java cache emptied: 140550 bytes
    ->Google Chrome cache emptied: 15027607 bytes
    ->Apple Safari cache emptied: 5083136 bytes
    ->Flash cache emptied: 82492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1714053 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14744 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5169780 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69569850 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 966.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Louise Harrison
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Louise Harrison
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06302012_115044

    Files\Folders moved on Reboot...
    C:\Users\Louise Harrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Louise Harrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Make sure MSE is on.

    Run Norton Removal Tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Re-run OTL "Quick scan" (no custom script needed) and post fresh log.
    Only one log will be produced.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...